Skip to content

E-Commerce Obligations Under the Spam Act 2003

In Short

  • The Spam Act 2003 regulates unsolicited commercial electronic messages, including emails, SMS, MMS, and instant messages.

  • Businesses must obtain consent and provide clear identification and an unsubscribe option in commercial messages.

  • Penalties for non-compliance include fines, warnings, and legal action.

Tips for Businesses

Ensure you have express or inferred consent before sending commercial messages. Identify your business clearly in the message and provide a functional unsubscribe option. Avoid using address-harvesting software and be mindful of penalties for non-compliance. For assistance, consult a legal expert.


Table of Contents

Email marketing is a great tool to reach your clients or new leads. However, businesses that send unsolicited commercial electronic messages risk legal repercussions for breaching the Spam Act 2003 (Cth) (the Spam Act). This article details your business’s obligations regarding sending commercial electronic messages under the Act.

Spam Act 2003 (Cth)

The Spam Act prohibits businesses from sending unsolicited commercial electronic messages and provides them with rules for sending legitimate electronic communication to consumers.

Under the Spam Act, an electronic message includes messages sent using an internet ‘carriage service’. Examples include:

  • email;
  • short message service (SMS);
  • multimedia message service (MMS); and
  • instant messaging, such as chat.

The Spam Act covers those messages with a link to Australia. A message has a connection to Australia if it:

  • originates in Australia and is sent to any destination; or
  • originates overseas and is sent to an address accessed in Australia.

An electronic message is commercial when it is possible to conclude that its purpose, or one of its purposes, is to offer a commercial or business transaction or direct a person to a location where a commercial transaction can occur. Determining whether a message is commercial is a holistic process. The Act considers the following:

  • the content of the message; 
  • how the message is presented; and
  • any links, telephone numbers or contact information provided in the message.

Accordingly, an electronic message is commercial if it offers to: 

  • supply goods or services;
  • provide a business or investment opportunity; or 
  • advertises or promotes a business or investment opportunity. 

The Spam Act does not cover all kinds of commercial messages. It imposes no restrictions on other types of commercial messages, such as non-electronic messages and voice-to-voice telemarketing. It also does not prevent pop-up windows on a website because these form an intrinsic part of the site itself. 

Designated Commercial Electronic Messages 

An exception to the Spam Act’s prohibition on sending unsolicited commercial electronic messages is sending ‘designated’ commercial electronic messages. A designated commercial electronic message (DCEM) is a message that clearly and accurately identifies the sender and only consists of factual information. A DCEM can also include:

  • the name, logo and contact details of the individual or organisation who authorised the sending of the DCEM; and
  • the name and contact details of the author or the author’s employer, partnership, organisation or sponsor.

Therefore, the Act does not apply to designated commercial electronic messages. These types of messages do not require the recipient’s consent or a functional unsubscribe button. However, designated commercial messages must still include the sender’s details and contact information.

Under the Spam Act, Government bodies, Registered Political Parties and Registered Charities are considered to be sending a DCEM if the message sent from that body relates to goods and services and the body sending the message is the supplier or prospective supplier of such goods and services. 

Additionally, educational institutions are considered to send a DCEM when sending messages to current and former students about their goods and services. 

Front page of publication
2023 Key Data and Privacy Developments

This fact sheet outlines the changes to data and privacy protection in 2023.

Download Now

Most businesses consider designated commercial electronic messages to include transactional emails, messages or service messages. For example, this may include a shipping confirmation email or a password reset message.

Businesses should be careful when determining whether their messages are considered designated commercial electronic messages. The content of these messages will determine whether the Act may still apply. Suppose these messages contain hyperlinks to the further supply of goods or services or have images or wording suggesting further advertisement, promotion or supply of goods or services. In that case, the message may be considered a commercial electronic message and thus be required to comply with the Act. 

Continue reading this article below the form
Loading form

The Spam Act prohibits sending unsolicited commercial electronic messages with a link. The Act provides a framework for sending commercial electronic messages. In order to send a commercial electronic message, you must first have express or inferred consent from the recipient. Inferred consent derives from the conduct, business, and other relationships of the organisation or individual concerned.

Additionally, all commercial electronic messages sent under the Act must clearly and accurately identify the sender, the organisation responsible, rather than the individual who hit send. Further, the message must provide contact details that will remain valid for at least 30 days afterwards.

Further, these messages must include a functional unsubscribe facility allowing recipients to indicate they no longer wish to receive the emails. This facility must be accurate and remain operational for at least 30 days. Once a business receives notification of an individual’s wish to unsubscribe, they have five working days to action the request.

Email Address Harvesting

The Spam Act also strictly prohibits businesses from:

  • supplying, acquiring or using address harvesting software; and
  • supplying, acquiring or using an electronic address list produced using such software.

The Act prohibits this kind of software and its accompanying lists because they enable a business to send spam on a large scale.

Penalties

The Spam Act prescribes various penalties for businesses that breach its provisions. These penalties include:

  • warnings;
  • infringement notices;
  • legal action; and
  • pecuniary penalties.

Privacy Principles

All businesses need to be aware that observing their obligations under the Spam Act does not derogate from their responsibilities under the Privacy Act 1988 (Cth) (the Australian Privacy Principles).

Key Takeaways 

Email and electronic marketing messages are a legitimate way for e-commerce businesses to generate interest, increase their market presence and stay in touch with potential and existing customers. However, the Spam Act prohibits businesses from sending unsolicited commercial electronic messages and provides rules for sending electronic messages to consumers. 

If your e-commerce business needs help navigating these obligations, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Frequently Asked Questions

What types of electronic messages are covered by the Spam Act?

The Spam Act covers messages sent via email, SMS, MMS, and instant messaging services that originate in or are accessed in Australia, with a focus on messages that offer goods, services, or business opportunities.

What is a designated commercial electronic message (DCEM)?

A DCEM is a message that contains only factual information and clearly identifies the sender. Examples include transactional or service-related messages like order confirmations or password resets. These messages do not require consent or an unsubscribe function, but they must identify the sender.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
Jordan Bramis

Jordan Bramis

Lawyer | View profile

Jordan is a Lawyer at LegalVision. He graduated in 2021 with a double degree in Law and Communication.

Qualifications: Bachelor of Laws, Bachelor of Communication, University of Technology Sydney.

Read all articles by Jordan

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards