FintechPrivacy & Data Security

Spam Email: Spamalot – now for something completely different

spam email

In this article I will explore the history of spam email, recent breaches of the Spam Act which resulted in the offenders being fined up to $160,000 for sending spam email and how your business can send marketing emails that are legal by remembering ‘The Rule of 3’.

Question about spam email

Let me ask you a question about spam email. When Nigerian scam artists send us junk emails or spam emails promising romance or riches, why in the email do they alert us to the fact that they are from Nigeria? Wouldn’t it be smarter for them to pretend that they are from a country that isn’t well known as a place where a lot of email scams and fraud originate? The scammers are potentially really stupid, right?

Scammers are one step ahead

What if I told you that online scammers may actually be one step ahead of us. Cormac Herley from Microsoft believes that identifying themselves as Nigerian in their spam emails may be an ingenious way for the scammers to assess the gullibility of the recipient. The theory goes that the scammers may deliberately let the recipient know that they are from Nigeria to weed out the cynical and cautious amongst us from the naive – the viable targets from the non-viable. In other words, if the scammer can find an individual who replies to a spam email from a sender in Nigeria promising the recipient millions of dollars, even though the majority of people are aware that Nigeria is home to a lot of online scams, the scammer knows the chances of that recipient trusting the scammer and sending them money are high.

The Australian Spam Act

These junk spam emails from Nigeria contributed to the wave of popular opinion that urged the Australian federal government to intervene to protect its citizens. The Spam Act 2003 (Cth) aims to try to limit the deluge of unsolicited bulk electronic spam email messages that are sent and received every day. Luckily, for the West African scammers at least, the Spam Act only applies to commercial electronic messages with an Australian link. It does not apply to spam emails originating from outside Australia.

Why your business needs to comply

Even though the Spam Act was enacted in Australia over 10 years ago this is not old news. As a lawyer, I still come across businesses who are not fully compliant and who continue to run the risk of receiving infringement notices and being ordered to pay penalties of hundreds of thousands of dollars for sending spam emails to customers. Some recent examples of offenders include Tiger Airways and Grays Online.

What is spam email?

We all know generally what types of electronic messages are spam email – it’s a marketing message that is commercial in nature that may offer goods or services for sale, or direct the recipient to the seller’s website. For the purposes of the Spam Act, spam email can be thought of as a commercial electronic message sent:

  • by an individual or organisation
  • without the consent of the addressee
  • by email, SMS, MMS, or instant message

Why is it called spam email?

We have this Monty Python comedy routine from the 1970s to thank for calling junk email ‘spam’:

In this famous sketch, Graham Chapman (in drag) and Michael Palin play two customers in a greasy spoon café who wish to order breakfast from the waitress, Terry Jones (also in drag). To the customers’ increasing bemusement every dish on the menu comes with a ubiquitous serving of the tinned lunch meat Spam. The repetitive and unwanted presence of Spam in the sketch was adopted by early internet users as being synonymous with the bulk sending of junk email, which soon became known as ‘spam’.

How you avoid getting fined for sending spam email – Rule of Three

The Australian Communications and Media Authority (ACMA) is responsible for enforcing the Spam Act. To avoid being investigated or fined by the ACMA your business should remember the ‘rule of three’ when sending any marketing emails. Under the Spam Act every commercial electronic email, SMS, MMS and instant message you send must:

  • have the addressee’s prior consent
  • identify you as the sender
  • contain a working unsubscribe function

1. Consent

To avoid be classed as spam email the message must be sent with the recipient’s consent. Consent can either be ‘express’ or ‘implied’. The evidentiary burden of proving consent lies with the sender.

Express Consent

Express consent is where the recipient actively and deliberately notifies you that they consent to receiving a commercial electronic message from you. The recipient could, for example, sign up to a mailing list by ticking a box on your website or by writing down their details on a sheet of paper in a shopping centre. It is important to note that unsolicited commercial electronic messages ‘testing the water’ cannot be used to gain consent to send further messages – express or inferred consent must already exist. In a similar manner, silence does not constitute consent. Accordingly, if a recipient doesn’t object or actively unsubscribe from a mailing list this doesn’t mean that you have obtained their consent to send them commercial electronic communications.

You should not use pre-ticked boxes to try to prove that an individual has ‘opted in’ – the individual hasn’t actively and deliberately given their consent. A better approach is to require the individual to ‘opt in’ to your mailing list by checking the box themselves or, even better, use a double ‘opt in’ process where the recipient has to reply to a confirmation email which verifies that they definitely want to sign up to receive commercial messages from your business.

Inferred Consent

Inferred consent can be inferred either through an existing business relationship or other relationship, for example where someone conspicuously publishes their work e-mail address and your message to that address relates directly to the person’s line of work. This can be tricky to prove so you should always try to get the recipient’s express consent where possible.

2. Identification

Broadly, the marketing message must contain accurate information about the person or organisation that authorised the sending of the message and how to contact them. The Spam Act states that a commercial electronic message must:

  • clearly and accurately identifies the individual or organisation who authorised the sending of the message
  • include accurate information on how the recipient can contact the sender
  • contain identification information that is reasonably likely to be valid for at least 30 days after the message is sent

3. Mandatory unsubscribe function

All commercial electronic message must contain a functional unsubscribe mechanism, which makes it easy for the recipient to indicate that they no longer wish to be on your mailing list. Once you receive a request to unsubscribe your business must honour the request promptly. The unsubscribe function is usually found as a hyperlink at the bottom of marketing emails. Keep your database of ‘opt ins’ and ‘opt outs’ up to date. The Spam Act states that the unsubscribe feature must:

  • present unsubscribe instructions to the recipient in a clear and conspicuous way
  • allow the unsubscribe message to be sent to whoever authorised the sending of the message
  • remain operational for a period of at least 30 days after the original message is sent


Photo credit: Pixabay

Leave a Reply