Digital marketing

Before you hit send: Are your marketing messages unintentionally illegal?

- March 1, 2018 3 MIN READ

Are your emails breaking the law? Here’s the essential guide for how to include business cards and email addresses from websites in your marketing.

When you are marketing your solo business, in your fervour to tell people how amazing you are and why they should throw their money at you, you may be unintentionally breaking the law.

The Spam Act lurks in the shadows of other more well-known business legislation. It doesn’t get a mention in any of the training materials for start-ups, and yet if you break it, you could be up for fines likely to turn the strongest person to jelly. Currently, the maximum fine is $2.1 million.

What is the Spam Act?

The Spam Act is the piece of legislation that covers email marketing legal requirements in Australia, and bans sending unsolicited commercial electronic messages.

It covers any messages that have a marketing or commercial element and includes:

  • Emails and newsletters
  • SMS messages
  • MMS messages
  • Instant messages
  • Other electronic messaging (e.g., LinkedIn, Facebook messages etc.)

If you communicate with your clients, people you meet at networking events, via LinkedIn/Facebook messages or any other potential clients using any of these means, no matter how teeny tiny or how new your business, you need to comply with the Spam Act.

The Rule of 3

Compliance with the Spam Act means that you must have three things in place for each electronic communication you send out.

  1. Consent
  2. Identification
  3. Unsubscribe facilities


Let’s talk about consent for a moment. In the dating world, whether someone actively consented to horizontal folk-dancing is the subject of scores of court cases, backroom gossip and fills tabloid magazines.

We all know that “No means No”, and that if you get tangled up trying to make excuses or justifications then you are skating on thin moral and ethical ground, and deserve a hashtag campaign against you.

Consent as it applies to marketing

You need to have consent before you can market to someone. If you didn’t get an explicit “Yes”, then you are probably kidding yourself and having a roll in an ethical mud puddle.

Here are a few examples of consent:

  • Someone ticking a box on your online form saying that they want to join your newsletter or download an ebook (with a note on the form saying they will also join your mailing list if they download the ebook).
  • Exchanging business cards with someone and you verbally asking them if they would like to join your mailing list. You can’t grab a fistful of cards at a networking event and then add the details to your list unless you verbally ask each person for their consent (… and no you can’t send them an email after the event to get their consent).
  • Offering a lucky door prize, where your terms of entry clearly and obviously state that the person’s details will be added to your mailing list.

Some ways you CAN’T get consent:

  • Sending an unsolicited email to someone asking them to give consent to receive commercial messages from you.
  • Pre-ticking boxes for people to join your mailing list (either on paper or websites).
  • Adding someone to your email list and if as they didn’t object that you are safe.
  • Connecting with someone on LinkedIn and then immediately bombarding them with your latest hot offer.

But what about inferred consent?

The Spam Act does give a few “outs” where they believe you can infer consent to receive marketing.

  • Via existing business or other relationships where there is a reasonable expectation that you will send them ongoing commercial messages.
  • Via conspicuous publication of a work-related, publicly accessible, email address that is not accompanied by a statement that no commercial messages are wanted, and the subject of the message is directly related to the role or function of the recipient.

In other words, scraping info@ and admin@ email addresses off a website and then adding them to your email list is not inferred consent!


Every commercial message you send is required to have clear identification of who sent it or authorised it to be sent.

Clear identification includes the correct business or legal trading name of the business or individual, and how the business can be contacted which means the address or phone number or email.

Unsubscribe facilities

If you send out a commercial message, you also need to include a functional and legitimate unsubscribe facility.

There are a few rules around the unsubscribe facility:

  • Your unsubscribe email address must remain functional for 30 days after the original message.
  • It must give clear instructions on how to unsubscribe.
  • It must be easy to use.
  • All requests to unsubscribe must be honoured within five working days.
  • All requests must be at no or low cost to the user.

In a nutshell

Marketing is simply dating in a different form. If you are going to market to people, follow all the normal rules of dating and consent, and you will be OK.

If you have to tie yourself in knots trying to justify consent, then expect problems down the track.