You’re at a networking function. Someone hands you their business card with their email address on it. Do you have permission to send an email marketing message to that person? It will depend on the situation. Stick with me, it will become as clear as mud.

The intention behind the Spam Act 2003 (Cth) is to stop businesses sending marketing spam that may intrude on an individual’s privacy. It regulates the sending of commercial electronic messages (emails, instant messaging, SMS and MMS).

What is Email Marketing?

Email marketing is an easy convenient way to advertise your goods or services, and if done well, will draw people into thinking they need some of what you’ve got.

However, you are required to have the permission of individuals if you want to send them emails promoting your business.

And you cannot send an email asking for permission to send marketing messages because that is a marketing message. 

How Do You Get Permission to Send Email Marketing?

An individual can give you express permission face to face, over the phone, completing a form or ticking a box on a website.

A person may also give inferred permission if they have an ongoing relationship with your business and would expect to receive your marketing emails.

For example, if a person has a subscription, membership or an account, you will have inferred permission because marketing is relevant to the relationship.

However, if a person simply buys something from your business, you do not have inferred permission to send that person marketing emails.

DON’T buy a bulk customer list or use address harvesting software to create a mailing list and send emails to unsuspecting individuals and business owners offering your products and services.

You must get permission from the person on that list to send them marketing emails and it cannot be an email asking for permission because again, that is a marketing message.

Exceptions for Conspicuous Publication

Under the Spam Act, you will have inferred consent to send marketing emails to an email address:

  • that is conspicuously published;
  • it’s reasonable to assume this occurred with the agreement of the relevant employee, director, partner, officeholder or self-employed individual;
  • there is no statement the individual doesn’t want to receive unsolicited email marketing messages;
  • the message is related to that individual’s business, role, functions or duties.

If an employee, director, officeholder, partner or self-employed individual has published their address on their website or social media accounts, it’s conscipuously published, they have arguably given implied consent assuming they don’t include a statement saying they don’t want to receive unsolicited email marketing messages.

However, that is not the end of the matter. If you want to send that individual an email marketing message, it must be related to their business, role, functions or duties.

Let’s say you run a physiotherapy business. You don’t have inferred consent to send marketing emails to an individual running a plumbing business. 

What About Swapping Business Cards?

You’re at a networking event mingling with the crowd and you exchange business cards. You’ve never met these people before.

If the email address on their business card cannot be found online, in my view, you don’t have inferred consent to send them email marketing messages.

Even if the email address on their business card is published for all the world to see, you still need to make sure your email marketing message is related to their business, role, functions or duties.

It’s best to play it safe and ask that person if they’re happy to be added to your mailing list.

If they say yes, record that permission. The Spam Act puts the onus on you to prove you have their permission. 

Other Exceptions

If your email is no more than factual information you will not fall foul of the Spam Act. If the message is authorised by a government body or registered political party or charity and that body supplies goods or services they are permitted to send marketing messages. 

Opt-Out or Unsubscribe 

When you send an email marketing your goods or services, you must identify your name or business name and ABN and include your contact details so the person receiving the email can opt out if they want to. You must make it easy for a person to opt out or unsubscribe from your emails and there are rules around that (see s17 of the Spam Act and the Spam Regulations 2021). If an employee or other person send emails on your behalf, their messages must identify your business as giving authorisation. 

If a person unsubscribes from your emails or sends you a message they don’t wish to receive any further emails, you must remove them from your mailing list within 5 business days of the request being sent.

How about Telemarketing Calls?

The Spam Act does not apply to voice calls. However, under the Do Not Call Register Act 2006 (Cth), businesses are prohibited from making unsolicited telemarketing calls or sending unsolicited marketing faxes to numbers on the Do Not Call Register.

Registered charities, market research organisations conducting research for non-commercial purposes, political parties and educational institutions are allowed to make telemarketing calls.

Penalties for Non-Compliance

If you breach the telemarketing and spam laws, you face severe penalties. In June 2021, financial services research companies, Kalkine Pty Ltd and Kalkine Media Pty Ltd paid infringement notices of $251,400 and $100,800 respectively for breaches of telemarketing and spam laws. 

The Australian Communications and Media Authority found that from January to September 2020, Kalkine made over 7,200 calls to more than 5,400 phone numbers on the Do Not Call Register. During the same period, Kalkine Media sent 2,774 spam emails to more than 2,700 recipients without their consent.

If you have concerns that your activities may breach the Spam Act, you should seek legal advice.


DISCLAIMER. The information provided is for educational purposes only. It is not legal advice. Please seek independent legal advice for your particular circumstances.


Connect with Trudi:

LinkedIn: Trudi Case

Website: www.trudicase.com.au

Trudi Case, Legal Consultant & Copywriter


Trudi Case, LLB (Hons), BA

Legal Consultant & Copywriter

Trudi is a lawyer with a career spanning 20 years, initially in private practice at Finlaysons and Sparke Helmore and later with the South Australian Crown Solicitor’s Office assisting the South Australian Government.

In her early years, she worked in a range of practice areas; personal injury, workers’ compensation, child protection, health practitioner regulation and energy law. From 2012, she was outposted to the South Australian Department of State Development, TAFE SA and later the Department for Education specialising in commercial law and advising.

Trudi advised the South Australian Government on a range of governance and operational issues including the repeal of legislation, the South Australian apprenticeship and traineeship scheme, financial authorisations and copyright, to name just a few. She also negotiated and drafted hundred of contracts for grants, goods and services, IT services, leases and licences.

Trudi is now in business as a legal consultant assisting business in planning, governance and risk, contract drafting and business disputes. She also offers copywriting services; website and social media content, reports, brochures, any type of writing. 

Trudi also has a passion for storytelling on a range of issues including parenting/relationships and health and wellbeing. She has had articles published in Mindfood.