How to stay on the right side of Australian spam laws with B2B email marketing

Email marketing continues to be a powerful tool for businesses, tied for second place as the channel that provides the highest return on investment (ROI). It’s used by one in three marketers, and 87 per cent planned to maintain or increase their investment in 2024.1 This could be because analysts expect the number of email users to grow by 2.5 per cent in both 2024 and 2025, hitting a projected 4.73 billion users.2 

However, business to business (B2B) email marketing demands careful attention to Australia’s spam laws for compliance and to maintain business reputation. Crucially, the Spam Act 2003 and related regulations set clear guidelines for commercial electronic messages, with significant penalties for non-compliance.3 

Understanding commercial electronic messages

The definition of commercial electronic messages extends beyond traditional marketing emails to include any message where one purpose is to offer, advertise, or promote goods, services, or business opportunities. This encompasses: 

• marketing newsletters and updates
• product announcements
• service promotions
• business opportunity communications
• mixed-purpose messages with both commercial and non-commercial content.

Messages that seem informational may be classified as commercial if they contain links to commercial content or promote business relationships. 

The fundamentals of Australian spam laws 

Australian spam legislation applies to all commercial electronic messages with an ‘Australian link,’ including B2B communications. This ‘Australian link’ exists when the message originates in Australia, the sender is in Australia when sending, or the recipient accesses the message in Australia. Unlike other jurisdictions, Australia’s laws don’t distinguish between B2B and business-to-consumer (B2C) marketing messages; both must comply with the same regulations. 

The legislation focuses on three key pillars of compliance: 

• Consent from recipients.
• Clear sender identification.
• Functional unsubscribe mechanism.

Each element carries equal legal weight, and failing to meet any requirement can result in substantial penalties. The Australian Communications and Media Authority (ACMA) actively monitors compliance with the Spam Act and can impose penalties of up to 500 penalty units per violation for repeat corporate offenders.4 A penalty unit (PU) is a standard amount of money used to compute penalties for many breaches of law in Australia at both the federal, and state and territory level.5 

Obtaining valid consent

Consent forms the cornerstone of Australia’s spam legislation. The law recognises both express and inferred consent; however, the burden of proof lies with the sender. This means businesses must maintain comprehensive records of how, when, and what type of consent was obtained. 

Express consent 

Express consent represents the highest compliance standard and provides the strongest legal protection. It must be freely given, clearly communicated, and specifically informed. When obtaining express consent, businesses must explain what the recipient is consenting to, including the types of messages, the sender, and the consent’s duration. 

Valid express consent can be obtained through online forms, written agreements, or verbal conversations, but documentation is key. Each consent instance should record the date, method, scope, and relevant terms. Digital systems should maintain audit trails of submissions and consent changes. 

Inferred consent 

Inferred consent requires a nuanced approach. It exists only with a provable, ongoing relationship between the sender and recipient, and the marketing content directly relates to that relationship. The ACMA emphasises that this relationship must be current and active. 

For example, a B2B software provider may infer consent to email existing clients about software updates or related products; however, cannot extend this to unrelated services.  

Email scraping tools vs consent 

Email scraping tools automatically collect email addresses from online sources like websites, social media, and public directories. They crawl web pages, using pattern matching to identify text that matches email formats (like name@domain.com), process multiple pages simultaneously, and apply regular expressions or specialised parsing rules to distinguish valid email addresses from other text.  

Many scraping tools also verifies the validity of collected emails, organises them into categories, and exports results in formats like comma-separated values (CSV) or Excel. While this may sound like a marketer’s dream, simply collecting email addresses through scraping doesn’t provide the required consent. Inferred consent only applies in specific business relationships with a reasonable expectation of receiving commercial messages, and scraped email addresses never provide express consent. 

Email scraping itself isn’t illegal; however, using scraped emails for commercial communications without consent violates Australian law. Businesses should prioritise building email lists through legitimate opt-in methods like newsletter signups, customer purchases, or explicit permission forms. 

Sender identification requirements 

The law mandates clear and accurate sender identification in every commercial message, which goes beyond including a company name. Messages must contain: 

• the accurate name of the business entity authorising the message
• valid contact information that will remain accurate for at least 30 days
• clear identification of third parties sending messages on behalf of the business.

Using appropriate business entities and Australian Business Numbers (ABNs) is crucial for B2B communications. In partner marketing arrangements, all relevant parties must be properly identified. 

Unsubscribe mechanism compliance 

Australian law has stringent unsubscribe requirements. Every commercial message must include a functional unsubscribe facility operational for at least 30 days after sending. The ACMA has specific expectations: 

• the unsubscribe option must be clear and conspicuous within the message
• the process should be completed with a single click or reply where possible
• no additional personal information is required beyond the address being unsubscribed
• the process must be free (except for standard message costs)
• requests must be honoured within five working days.6

Businesses must maintain records of unsubscribe requests and ensure these preferences are respected across all marketing channels and partner relationships. For this reason, it’s important not to purge databases of unsubscribed records for the sake of ‘cleaning up the database’. Always keep a record of unsubscribes so that you can exclude them in future campaigns, or until they opt-in of their own accord through other channels.  

Data management and security 

Proper data management is essential for compliance. Businesses must implement systems to: 

• track consent status for all marketing contacts
• record and implement unsubscribe requests
• maintain audit trails of marketing communications for data security and privacy.

These systems should be regularly audited and updated to reflect changing regulations and best practices. 

Working with third parties 

Many B2B businesses use third-party marketing services or purchase contact lists. Under Australian law, entities must be aware that they cannot outsource their obligations under the spam and telemarketing laws through commercial or other arrangements. 

A third-party agent working on your behalf has the same responsibility as the message originator to make sure email marketing practices are compliant. 

This means: 

• even if someone else is sending out your messages or making phone calls, you must still have the consent of each person contacted and be able to prove it if we ask for details
• businesses are still responsible for having consent to market to any addresses or phone numbers when they purchase lists.  A third-party agent may refuse to send out emails to a list you provide them if you can’t demonstrate how or if you secured the appropriate opt-ins.

When purchasing contact lists, businesses must also verify valid consent for their specific marketing purposes.  

B2B marketing that builds better relationships 

For B2B organisations, compliant email marketing requires balancing commercial interests and regulatory requirements. Success lies in building a compliance culture, maintaining thorough documentation, and regularly reviewing practices against current regulations. While the rules may seem restrictive, they promote better marketing practices and stronger business relationships.

Frequently asked questions 

Q: What’s the difference between marketing emails and sales emails? 

A: Under Australian law, any electronic message with a commercial purpose must comply with spam regulations. This includes marketing broadcasts and personalised sales outreach. The key factor is commercial intent, not the format or personalisation level. 

Q: Are email scraping tools legal in Australia? 

A: The Spam Act explicitly prohibits using address-harvesting software and harvested email lists. Tools like ZoomInfo, for example, must be used carefully, ensuring proper consent before sending commercial messages to gathered addresses. 

Q: How do Australian laws interact with global regulations? 

A: Businesses must comply with Australian laws and recipient countries’ regulations. For example, when marketing to European Union (EU) residents, both the Spam Act and General Data Protection Regulation (GDPR) requirements must be met. Following the strictest applicable standards leads to broader compliance. 

Q: How long does consent remain valid? 

A: The ACMA advises that consent becomes stale after three months unless the recipient has agreed to a longer period under clear terms. Regular engagement and updated consent help maintain compliance. 

Q: What are the penalties for non-compliance? 

A: Penalties can be substantial, with maximum fines varying based on previous violations and business size. First-time corporate offenders face penalties of up to 100 penalty units per violation, with repeat offenders facing up to 500 penalty units. A penalty unit (PU) is a standard amount of money used to compute penalties for many breaches of law in Australia at both the federal, and state and territory level. 

Q: Can we send one-off emails asking for consent? 

A: No. Sending an electronic message to request consent is a marketing message and requires prior consent. Consent must be obtained through other channels. 

Find out more about the Spam Act 2003 on the ACMA’s website: https://www.acma.gov.au/avoid-sending-spam

1 https://www.hubspot.com/hubfs/2024%20State%20of%20Marketing%20Report/2024-State-of-Marketing-HubSpot-CXDstudio-FINAL.pdf

2 https://www.radicati.com/wp/wp-content/uploads/2022/11/Email-Statistics-Report-2022-2026-Executive-Summary.pdf 

3 https://www.acma.gov.au/avoid-sending-spam 

4 https://www.accc.gov.au/business/compliance-and-enforcement/fines-and-penalties

5 https://www.legislation.gov.au/F2023N00196/latest/text

6 https://www.acma.gov.au/avoid-sending-spam 

The four biggest takeaways from the B2B Content Marketing Benchmarks, Budgets, and Trends Report