The Spam Act sets hurdles for businesses


The Spam Act sets hurdles for businesses

Businesses should note that the Spam Act goes beyond protecting consumers against bulk offensive messages.


Get unlimited access to all of our content.

Businesses should note that the Spam Act goes beyond protecting consumers against bulk offensive messages. It will also restrict day-to-day business marketing practices because the concern of the legislation is with unsolicited 'commercial electronic messages' in general. 

A 120-day 'grace period' began in December last year to allow individuals and companies time to ensure that their practices were compliant. This period is now drawing to a close, and companies that have not reviewed their electronic marketing practices should do so as soon as possible.

The primary rationale for the Act is that spam has many economic costs for users, resulting in increased download times and internet access costs. The Federal Government also argues that unsolicited electronic messages often include fraudulent or misleading content and frequently carry computer viruses.

A 'commercial electronic message', for the purposes of the Act, is where the intention of the message is, among other things, to offer to supply goods or services, or to advertise or promote goods or services. This is not just email. The Spam Act also covers mobile phone messaging (SMS and MMS) and instant messaging sent by businesses.

One of the most important concepts introduced by the Act is that commercial electronic messages may not be sent by businesses (or other persons) without the recipient's prior implied or express consent. Even a single unsolicited email may be in breach of the Spam Act.

The Act acknowledges that certain conduct or relationships can also give rise to an 'inferred consent'. For example, if the person has an existing business relationship with the sender and has knowingly provided an electronic address, then it may be reasonable to infer that the person has consented to receiving commercial electronic messages.

Suggested actions

If a business is unsure of whether consent has been given, the government has recommended that it should seek confirmation from the addressee, rather than risk breaching the Spam Act. One suggestion is that businesses follow a 'double opt-in' process in these circumstances, in which the following steps would be taken:

1.           The business receives a message from another party with a request that an electronic address (email address or phone number) be added onto the business’s electronic mailing list;

2.           The business then sends a message to that address, requesting confirmation within 14 days that messages be sent there in the future; 

3.           After 14 days, the address is only added to the contact list if positive confirmation has been received.

The Spam Act will strictly regulate commercial electronic messages. Such messages must include information about the individual or organisation that authorised the sending of the message. The information should be clear and accurate so that the addressee knows who is contacting them and how they can contact that person.

Unsubscribe facility

Commercial electronic messages must also include a 'functional unsubscribe facility', whereby the message recipient can inform the sender that he or she does not want to receive any further commercial electronic messages. Businesses must ensure that such a facility is included in all commercial electronic messages sent. Unsubscribe requests must be dealt with promptly, and must have taken effect within five working days from the date on which the request was sent by the recipient.

Address harvesting

Address-harvesting software must not be supplied, acquired or used for the purpose of sending spam. This is software that is specifically designed or marketed for searching for and collecting electronic addresses from the internet. Such software may still be used for legitimate purposes like collecting data for research, marketing or maintaining web sites.

International reach

The Act has an international reach andcovers commercial electronic messages that either:

  • originate in Australia and are sent to any destination; or

  • originate overseas and are sent to an address accessed in Australia.

The enforcement of penalties against foreign companies, however, is likely to be difficult until international arrangements are put in place. A number of other countries (including the Unites States) have passed, or are considering passing, legislation against spam. Businesses that are planning to send commercial electronic messages to non-Australian addresses must therefore be careful to appraise themselves of the specific requirements of relevant foreign anti-spam laws.


The penalties under the Spam Actare substantial. The maximum fine for a corporation with no prior record is $110,000 for a single offence, or $220,000 where two or more contraventions have been committed on a particular day. If, after that finding, the corporation contravenes the same provision, it may be liable to pay up to $1.1 million a day. Courts are also able to award compensation for damage caused by spam to victims, and to recover any financial benefit that spammers have accrued.

Those businesses that have not undertaken audits of their privacy and marketing practices now face an important compliance task. Unlike the Privacy Act, the Spam Actapplies to all Australian companies, no matter how large or small. Every Australian organisation will therefore have to ensure that employees’ use of email is managed and monitored, which may require the implementation of updated policies and training regimes based on the new laws.


New anti-spam Act about to commence

Post details