A Marketer's Guide to Email Compliance in Australia

Email marketing laws in Australia exist to protect consumers from unwanted or misleading contact across phone calls, texts, and emails. They ensure that businesses communicate responsibly, respect personal data, and give people control over the messages they receive. For marketers, this means following clear rules around how you collect information and how you let customers opt out.

If your marketing involves collecting or using personal information (such as names, email addresses, behavioural data, IP addresses, or device IDs) the Privacy Act 1988 and the Australian Privacy Principles (APPs) apply. These laws set the standard for how personal data must be handled, stored, and disclosed.

Three core principles guide email compliance in Australia:

• Consent: You must have expressed or inferred consent before sending commercial emails.
• Identification: Every message must clearly identify who you are and how to contact you.
• Unsubscribe: All emails must include a working unsubscribe option that is easy to find and use.

Whether you’re sending a newsletter or promoting your latest sale, it’s important to be aware of Australian email compliance regulations. Following these rules for your email and SMS marketing campaigns will help your business avoid penalties while building trust with your audience. Here, we’ll unpack these regulations and provide tips for compliance.

Spam Act 2003

The Spam Act 2003 is Australia’s primary law governing commercial electronic messages (including emails, SMS, and instant messaging). Its purpose is to protect consumers from unsolicited or deceptive messages and ensure businesses follow ethical marketing practices.

For email marketers, the Spam Act sets the standard for when you can contact someone, what information your messages must include, and how easily recipients can opt out.

Key requirements include:

• You must have valid consent before sending any commercial email.
• Every message must clearly identify your business and provide accurate contact details.
• All emails must include a functional unsubscribe mechanism that’s easy to find and use.
• Unsubscribe requests must be processed within five business days.
• Purchased lists without proper consent are not allowed under the Act.

Privacy Act 1988

The Privacy Act 1988 sets the rules for how Australian businesses collect, use, store, and disclose personal information. It includes the Australian Privacy Principles (APPs), which outline clear standards for managing data responsibly.

This law is crucial for email marketers because sending campaigns often involves handling personal details such as names, email addresses, purchase history, and behavioural data. Complying with the Privacy Act helps protect individuals’ rights and reduces the risk of serious penalties.

Key requirements of the Privacy Act include:

• Collect personal information lawfully and only when necessary.
• Clearly explain how you will use and store customer data.
• Obtain valid consent before using personal information for marketing.
• Keep personal data secure and protected from unauthorised access.
• Allow individuals to access and update their personal information.
• Follow the APPs when handling data, including transparency, security, and purpose limitation.

Competition and Consumer Act 2010

The Competition and Consumer Act 2010 focuses on fair trading and protects consumers from misleading or deceptive conduct (including within email marketing). This law ensures that businesses communicate truthfully about their products, prices, and offers.

For businesses, it means every claim, promotion, and call to action must be accurate and not designed to confuse or mislead customers. Staying compliant supports transparency and helps you avoid significant penalties for false or deceptive messaging.

These are the key requirements of the Competition and Consumer Act:

• Ensure all promotional emails contain accurate information.
• Avoid misleading claims about pricing, discounts, availability, or product performance.
• Make sure terms and conditions are clear and not hidden or vague.
• Ensure advertising content is honest and reflects the true nature of your offer.
• Avoid subject lines or messaging that could mislead or confuse the recipient.

Australian Consumer Law (ACL)

Australian Consumer Law (ACL), which forms part of the Competition and Consumer Act, provides broad protections to ensure that consumers are treated fairly across all types of marketing. In email marketing, ACL plays a key role in preventing misleading claims, hidden conditions, or tactics that could deceive recipients. It requires businesses to communicate honestly, ensuring customers can rely on the information they receive.

Key requirements include:

• Ensure all email content is clear, truthful, and not misleading.
• Present pricing, discounts, and offers accurately, including any conditions.
• Avoid exaggerating product benefits or using deceptive subject lines.
• Ensure testimonials or claims used in emails are genuine and verifiable.
• Provide transparent information so customers can make informed decisions.

Legal requirements in email marketing

From gaining proper consent to providing clear unsubscribe options, email marketing regulations ensure your messages are sent responsibly. This section will provide more detail about specific legal requirements for email marketing within Australia.

Obtaining user consent

Obtaining user consent is the first and most important step in email compliance. It means you must have permission before sending any commercial message, whether that consent is express (a direct sign-up or ticked box) or inferred through an existing customer relationship.

Consent must be freely given and able to be withdrawn at any time. For users, this ensures they only receive emails they actually want and have control over how their personal information is used.

More information can be found here: Expectations for businesses conducting telemarketing and e-marketing.

Inclusion of accurate sender information

Including accurate sender information means every email must clearly show who it’s from and how to contact that business. This usually includes your trading name, physical address, and up-to-date contact details so recipients know exactly who is communicating with them. For users, it offers transparency and reassurance, helping them recognise legitimate messages and report any concerns if needed.

Visit our email sender name best practices guide for more information.

Presenting clear unsubscribe pathways

Including accurate sender information means every email must clearly show who it’s from and how to contact that business. This usually includes your trading name, physical address, and up-to-date contact details so recipients know exactly who is communicating with them. For users, it offers transparency and reassurance, helping them recognise legitimate messages and report any concerns if needed.

Learn more about promoting your business by email or text messages.

Maintaining accurate records

In order to maintain accurate records, your business will need to clearly document how and when consent was given, along with any unsubscribe or data-related requests. This includes storing timestamps, sign-up sources, and records of changes to user preferences.

For your customers, it ensures their choices are respected, reduces unwanted emails, and provides confidence that their personal information is handled responsibly and transparently. Using a platform such as Mailchimp can make the process of maintaining accurate records much easier.

Calling out tracking technology

It’s important for your business to be transparent about any tools used to monitor how recipients interact with your emails. These can include things such as cookies, email tracking links, and pixels. Technologies such as these can collect data like opens, clicks, and browsing behaviour. For your customers, clear disclosure ensures they understand what information is being gathered, why it’s collected, and how it supports a more relevant and respectful marketing experience.

Things to include in every marketing email

This list of email guidelines covers everything that Australian businesses need to include in order to stay compliant:

• Identification of sender: Clearly display your registered business name and contact details so recipients know who the message is from and can verify its legitimacy.
• Unsubscribe option: Include a visible, functional unsubscribe link that syncs across all systems to ensure recipients are properly removed when they opt out.
• Clear opt-outs: Make it easy for users to stop certain types of emails without confusion; avoid list washing and honour preferences promptly.
• Store consent logs: Keep detailed records of when, where, and how consent was given, including the date, source, and method, to support compliance and audits.
• Accurate subject lines and pre-headers: Use honest, transparent wording that reflects the content of your email to avoid misleading recipients.

In addition to this, it’s important to have an organised approach to list management. This means keeping your database clean, removing invalid or inactive contacts, and updating subscriber details regularly. Effective subscriber data management helps improve deliverability and ensures you only email people who actively want to hear from you.

Legal documents required for email marketing

These are the legal documents your business needs if it’s engaging in email marketing campaigns:

• Privacy policy: Explains how your business collects, uses, and stores personal information.
• Privacy collection notice: Tells users why their data is being collected at the point of sign-up and how it will be used.
• Cookie policy: Outlines how cookies, pixels, and tracking tools are used on your website or in your emails.
• Website terms and conditions: Sets expectations for how customers can use your site, including limitations, disclaimers, and rights.
• Data Processing Agreement (DPA): Defines responsibilities when sharing personal data with service providers.

Mailchimp has templates and resources that can help you meet these legal requirements. Our guide to writing a privacy policy can help you get started.

Email compliance mistakes to avoid

Here, we’ll outline some of the most common mistakes businesses make with email compliance:

• Complicated unsubscribe process: Making users hunt for an unsubscribe link or complete multiple steps is not compliant and can lead to complaints. The process must be simple, quick, and easy to find.
• Looping in users after unsubscribing: Sending emails to someone who has opted out is a direct breach of the Spam Act. All systems must update automatically so users are removed from every list as soon as they unsubscribe.
• Using soft opt-ins for consent: Assuming consent without a clear, active sign-up (such as pre-ticked boxes or passive consent) puts your business at risk. Consent must be freely given, informed, and obvious.
• Misleading email subject lines: Subject lines must accurately reflect the content of the email. Over-promising or disguising promotional content can breach both the Spam Act and Australian Consumer Law.
• Lack of legal visibility on website pages: Missing or hard-to-find legal documents like your privacy policy, cookie policy, or terms and conditions makes it harder for users to understand their rights. These pages must be easy to access and clearly linked.

How Mailchimp supports compliance laws

Mailchimp is built to make compliance simpler. Our sign-up forms, pop-ups, and custom fields help you capture explicit consent, while built-in tools ensure your emails include accurate sender information and easy unsubscribe options by default. Mailchimp also supports transparent data practices by allowing you to manage customer information securely.

Discover Mailchimp marketing templates and smart reporting tools to boost your email marketing campaigns and keep your business compliant with Australian regulations.

Frequently asked questions

Do emails need to be disclosed if they are promotional?

Yes, promotional emails must be clearly disclosed as advertising in Australia. Your message should not mislead recipients into thinking it is a personal or non-commercial email. As long as the content, sender details, and subject line make the promotional nature clear, you will meet compliance requirements and maintain transparency with your audience.

Learn more in our guide to email marketing best practices.

Are there consequences if email compliance laws aren’t followed?

Yes, there are significant consequences for not following email compliance laws in Australia. Breaches can result in large fines from regulators such as ACMA, the OAIC, or the ACCC, depending on the type of offence. Beyond financial penalties, non-compliance can damage your brand’s reputation and reduce customer trust.

Is permission required to send email marketing emails in Australia?

Yes, permission is required to send marketing emails in Australia. Under the Spam Act 2003, you must have valid consent before sending any commercial electronic message. This can be express consent, such as a sign-up form, or inferred consent through an existing relationship. Without proper permission, your emails are considered unsolicited and may lead to complaints and penalties.