Australia's Spam Act 2003 requires three things for commercial email: consent (express or inferred), sender identification (who you are and how to contact you), and a functional unsubscribe mechanism. Unlike CAN-SPAM, the Australian Spam Act is an opt-in law — you need consent before sending. Penalties reach up to AUD $2.22 million per day for individuals and AUD $11.1 million per day for corporations.
Australia Spam Act 2003: Email Compliance Guide
The Three Rules of Australian Spam Act Compliance
The Spam Act 2003 is straightforward. Every commercial electronic message must satisfy three requirements:
1. Consent
You must have consent before sending. Two types qualify:
Express consent: The recipient explicitly agreed to receive your messages. A signup form, checked checkbox (not pre-checked), or verbal agreement qualifies.
Inferred consent: Derived from an existing business relationship or the recipient's published email address (with conditions). For example:
- A customer who purchased from you recently
- A business contact who gave you their card
- A publicly listed business email (only for messages relevant to their role)
Inferred consent has limits. It doesn't last forever — if the business relationship goes dormant, inferred consent expires.
Practitioner note: The inferred consent provision is narrower than most international senders realize. A website visitor who browsed your site but didn't purchase or sign up has NOT given inferred consent. You need either a purchase/inquiry or explicit opt-in.
2. Sender Identification
Every message must clearly identify:
- The individual or organization that authorized sending
- Contact details that are valid for at least 30 days after sending
This means your business name and a way to contact you (email, phone, or postal address) must appear in the message.
3. Unsubscribe Mechanism
Every commercial message must include:
- A functional unsubscribe facility
- The facility must work for at least 30 days after sending
- Unsubscribe requests must be honored within 5 business days
The unsubscribe mechanism must be free and straightforward. You can't require the recipient to log in, provide personal information beyond their email address, or jump through hoops.
Who Enforces the Spam Act
The ACMA (Australian Communications and Media Authority) enforces the Spam Act. They:
- Investigate complaints from Australian recipients
- Issue formal warnings and infringement notices
- Pursue civil penalty proceedings in court
- Can enforce against overseas senders targeting Australians
Penalties
| Violation Type | Individual | Corporation |
|---|---|---|
| Per contravention | Up to AUD $44,400 | Up to AUD $222,000 |
| Per day (continuing) | Up to AUD $2.22M | Up to AUD $11.1M |
The ACMA has enforced against both Australian and international businesses, including issuing formal warnings to major international companies.
What Counts as a Commercial Electronic Message
The Spam Act covers any electronic message with a commercial purpose:
- Email marketing a product or service
- SMS promoting a business
- Instant messages with commercial content
Exempt messages include:
- Messages from government bodies
- Messages from registered charities and political parties
- Factual messages about existing contracts or business relationships (purely transactional)
- Messages between employees of the same organization
Australian Spam Act vs Other Laws
| Requirement | Australia Spam Act | CAN-SPAM (US) | GDPR (EU) | CASL (Canada) |
|---|---|---|---|---|
| Opt-in required | Yes | No | Yes | Yes |
| Unsubscribe timeframe | 5 business days | 10 business days | Without delay | 10 business days |
| Extraterritorial | Yes | Limited | Yes | Yes |
| B2B exception | Inferred consent | N/A | Varies | Implied consent |
Practitioner note: International senders often don't realize Australia's Spam Act applies to them. See our international email compliance guide for a broader overview. If you have Australian customers in your email list and you're sending marketing email, you're subject to this law. The ACMA has pursued foreign companies.
Compliance Checklist
- Express or inferred consent obtained before sending
- Sender clearly identified in every message
- Contact information valid for 30+ days
- Functional unsubscribe mechanism included
- Unsubscribes processed within 5 business days
- Consent records maintained
- Unsubscribe mechanism works for 30+ days after sending
If you're sending to Australian recipients and need a compliance review, schedule a consultation.
Sources
- ACMA: Spam Act 2003
- ACMA: Spam Regulatory Guide
- ACMA: Enforcement Actions
- Australian Government: Do Not Call Register
v1.0 · April 2026
Frequently Asked Questions
Does the Australian Spam Act require opt-in?
Yes. Unlike US CAN-SPAM (opt-out), Australia's Spam Act requires consent before sending commercial email. Consent can be express (explicit opt-in) or inferred (from an existing business relationship), but you cannot send unsolicited commercial email to Australian recipients.
What are the penalties under Australia's Spam Act?
Up to AUD $2.22 million per day for individuals and AUD $11.1 million per day for corporations. The ACMA (Australian Communications and Media Authority) actively investigates and enforces, including against overseas senders targeting Australian recipients.
Does Australia's Spam Act apply to overseas senders?
Yes. If you send commercial email to recipients with an Australian connection (Australian email address, phone number, or the email is accessed in Australia), the Spam Act can apply regardless of where you're located.
Want this handled for you?
Free 30-minute strategy call. Walk away with a plan either way.