Spamming and Spam Act – Consumer Protection

To print this article, all you need to do is be registered or log in to

Many of us have, from time to time, received unsolicited emails or other messages from unknown sources, or companies wishing to advertise an event or product through the content marketing. This appears to have become even more prevalent during the COVID-19 period as companies have sought to expand their offerings and customer base under difficult circumstances.

It is important to note, however, that in Australia the legislation known as Anti-Spam Act 2003 (Cth) (“the Act”) sets out the rules relating to spam messages, including information about the senders as well as the recipients of such messages.

The law provides that, subject to certain exceptions, an unsolicited commercial electronic message (“CEM”) (which is broadly defined and may include email and SMS messages), shall not be sent without the consent of the relevant electronic account holder of the email. address, instant messaging service, telephone number or other account holder (section 16 of the Act).1

Consent under the Act is considered to constitute both express consent or consent that can reasonably be inferred from the conduct and business and other dealings of the persons or organizations concerned, and cannot be inferred from the mere fact that a relevant email address has been published.2

There are, however, two relevant exceptions to section 16 of the Act, namely “conspicuous publication” and “designated message”.

(a) Conspicuous Publication3

Generally speaking, if the particular email address has been:

  • ostensibly published, and

  • it would be reasonable to assume that this happened with the consent of the employee/director/partner/office holder/individual/organization concerned, and

  • it is not accompanied by a statement that the account holder concerned does not wish to receive unsolicited commercial electronic messages,

  • then the relevant account holder shall be deemed to consent to the sending of such commercial electronic messages to such address if the messages are relevant to the employee’s, director’s or the partner or position or role concerned.

(b) Designated Commercial Message4

One of the designated types of advertising messages is a message that consists only of factual information and other additional information specified in the Act, and meets other specified conditions.

There are also other designated commercial messages defined in the Act, such as messages authorized by government agencies, political parties, charities and educational institutions.

The law also requires CEMs to include specific information about the sender and a way for the recipient of the message to unsubscribe.5

It is important to note that the Act also prohibits the acquisition or supply of address harvesting software and address lists harvested for the purpose of sending commercial electronic messages.6

Failure to comply with the requirements of the law may result in the imposition of sanctions, such as monetary penalties, compensation, recovery of financial benefits or an injunction.7

These monetary penalties can be severe, with the Australian Communications and Media Authority (“ACMA”) website stating that repeat corporate offenders can face penalties of up to $2.1 million per day.

Recent cases published on the ACMA website illustrate some of the sanctions that have been imposed as follows:

  • In November 2019, following an investigation by ACMA, a Sydney-based online marketplace, Oneflare Pty Ltd was ordered to pay a $75,600 breach and entered into a court-enforceable recognizance to secure future compliance. Oneflare has been investigated by the ACMA after complaints were received about SMS messages being sent without consent.8

  • In January 2020, Singtel Optus Pty Ltd also entered into a court-enforceable recognizance to secure future compliance and had to pay an infringement notice of $504,000 after an ACMA investigation found Optus was continuing to send SMS and email marketing messages to consumers after they unsubscribe. . Optus was also found to have broken the law for sending commercial emails in the form of billing notices that did not include an unsubscribe feature.9


1 Anti-Spam Act 2003 (Cth), section 16.

2 Anti-Spam Act 2003 (Cth), appendix 2.

3 Anti-Spam Act 2003 (Cth), appendix 2, cl 4.

4 Anti-Spam Act 2003 (Cth), appendix 1.

5 Anti-Spam Act 2003 (Cth), section 17.

6 Anti-Spam Act 2003 (Cth), Part 3.

7 Anti-Spam Act 2003 (Cth), parts 4, 5, 6 and 7.



The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

About Sandra A. Powell

Check Also

Data Security – The Growing Danger of Vishing Attacks – Data Protection

If you own a phone, you’ve probably received a suspicious call from an unknown number …