How To Ensure Your Email Marketing Is Compliant With Australia’s Spam Act


In case you missed it, CBA’s email marketing team are on the naughty step and they can’t blame this on the intern.

How can business owners ensure that their email marketing is compliant with Australia’s spam act?

There are a few basics to master in order to ensure that your emails are compliant. We’ve whittled it down to three key points that you need to understand to ensure that you’re doing the right things for your email marketing.

Before we get stuck in, a little disclaimer. This advice is for Australian-based businesses emailing Australian-based contacts. There are different laws that apply if you’re emailing international recipients, regardless of where your company HQ is based.

Transactional emails e.g. order confirmations, account set up emails are exempt from these guidelines. The following guide applies to marketing emails only. A good way to work out if something falls under these guidelines is to think about whether it’s an email you’re going to send to multiple people in one go. If that’s the case, chances are it’s a marketing email.

3 easy guidelines to ensure your email marketing is compliant:

1: Ensure you have permission to email somebody

Seems kind of obvious, right? Well, you’d be surprised.

This is a biggie. The number one thing we find when we get stuck into a new client’s email account is that there are a bunch of emails that don’t technically have permission to be emailed. These permission rules also apply to SMS marketing.

If you take one thing from this blog, please make it this.

Making a purchase on your website or in your store does not always equal consent to receive email marketing.

There are two types of email marketing consent:
1. Inferred Consent
2. Express Consent

The basics of email marketing consent:

If someone makes a purchase on your website, or in your store, and supplies their email address as a part of that purchase process, you can only email them marketing communications that are related or relevant to their purchase. Only if they agree to recieve marketing emails can you email them your regular newsletters or promotions.

In some regions of the world regulations have come into place to increase consumer clarity on marketing consent. In Australia these regulations do not yet exist.

In Australia it is currently acceptable to have a disclaimer in your Terms & Conditions, or Privacy Policy. This disclaimer should explain that by providing their email address a customer is agreeing to receive additional marketing communications from your business. This disclaimer may also extend to explain what form these communications may take.

If you do not have a policy available to your customers when they provide their email address, you do not have permission to use their details for marketing. This is why even when your business is brand new it’s sometimes valuable to have a website to publish this information.

Need a Privacy Policy or some legals? We always recommend Ffound Legal for affordable and easy-to-understand legal templates for small businesses.

How marketing consent rules may apply to your business

Market Stallholder

You’re a small business owner who doesn’t have a website or a physical store. You only sell your products at weekend markets.
✔️ You manually collect email addresses on a paper list on a clipboard every weekend. Your list explains they’re signing up to receive your marketing emails. You transfer this information manually into your email client to send a monthly newsletter.
❌ Customers have emailed you about a stock enquiry or a bespoke commission. You do not have permission to email these people your email marketing newsletter.

Online Retailer (e.g. Shopify)

You don’t have a physical shop, you do have an online store.
✔️ You have a Privacy Policy on your website that explains that when a customer provides their email address as part of their purchase they are providing consent to be contacted with marketing. Because you’ve clearly explained the permissions they’re providing as part of your policy, you have permission to add them to your email marketing database and your emails are compliant.
✔️ You have a checkbox at checkout where a customer can choose to ‘opt in’ to receive email marketing. This is my preferred way of capturing consent from your online customers. It’s explicit and, in most cases, complies with global guidelines about email marketing consent.
❌ You have a contact form on your website where customers can make an enquiry about your products or services. Your website does not have a Privacy Policy because you’ve never done any email marketing before. You do not have permission to email everyone who has contacted you directly your marketing emails.

Image showing the back-end of the Shopify platform and where you can include a sign up at checkout option

The above image shows how you can have an opt-in set up at your checkout in Shopify. Note: my recommendatino would be to uncheck the box marked with the arrow. Preselecting opt-in is not compliant in territories outside of Australia, so this will make you more compliant as your business grows.

Physical Retailer

You may have a website, but for this example we’re talking about an in-store transaction. When the customer makes a purchase you ask them to give you their email address to receive a digital receipt.
✔️ You have a website with a clear Privacy Policy that explains by providing your data for an e-receipt the customer agrees to receive email marketing comms. You can email these people marketing.
❌ You do not have a Privacy Policy that addresses your digital receipts system. You cannot send these customers email marketing as they have not provided any consent.

We often work with clients on email marketing delivery to help them clean up their email databases, remove any fraudulent or incorrect email addresses. To help make your email marketing compliant, we also ensure that you have the correct permissions to email your database and create segments to easily exclude unsubscribed contacts from your regular newsletter sends.

2: Make it easy to unsubscribe

It is a legal requirement to include an unsubscribe option in every email that you send for your email marketing to be compliant. This should be easy to see and work within 5 days to remove a customer from your email marketing database.

Here’s your unsubscribe link checklist:
1. Be easy to see. Whilst I encourage using your brand voice around an unsubscribe link, I always recommend that you keep the word ‘unsubscribe’ as the link itself as it’s easier for customers to find.
2. Removes a customer from your email marketing database within 5 days. Most email clients will automatically remove your unsubscribes from your mailing list. If for some reason you have a more manual set up this is something you must ensure is happening.
3. Does not require customers to provide personal information (like logging into an account with a password) to unsubscribe.
4. That the unsubscribe link in your still works 30-days after the email is sent.

3: Tell people who you are

To ensure your emails are compliant, every email you send should clearly identify you and your contact details. Specifically you should include your business name or if you’re a sole trader, your name and your ABN. You have to clearly share your contact details, your business address and a contact email address if the email doesn’t have a ‘reply to’ email.

Why should I listen to your advice?

I’m a digital marketer with more than 13 years experience in the business, but more importantly I’ve managed email marketing campaigns for some of the biggest names out there in the ecom world. At ASOS I was regularly emailing an active UK database of more than 8million contacts, that doesn’t account for their global database. *Mindblown*. At boohoo I worked with their email data to help create VIP segments allowing for more strategic email marketing comms and increased lifetime value from their most frequent shoppers.

Edit Feburary 2024: There are new guidelines for businesses emailing Gmail and Yahoo accounts. To find out more you should read this blog post about 2024’s email deliverability changes and what you need to know.

Info and resources: 

For email marketing strategy that will ensure your email marketing is compliant, get in touch today.

If you need legit legals for your business, Foundd Legal should be your next destination.

For more info on the email marketing laws in Australia you can read the more about sending spam on ACMA’s website here.