Free tool
Email, SMS & telemarketing compliance check
Direct marketing in Australia is governed by the Spam Act 2003 (email, SMS, MMS and instant messages) and the Do Not Call Register Act 2006 (telemarketing calls and marketing faxes), both enforced by ACMA. This checklist scores your consent, identification, unsubscribe and list-washing controls, then prioritises gaps by severity.
Reference tool — not legal advice. The Spam Act and Do Not Call Register Act contain exemptions and definitions that turn on your specific facts (for example, what counts as consent or an existing business relationship). Confirm material decisions with ACMA guidance or a communications-law adviser.
Related tools
Frequently asked questions
- What is a commercial electronic message under the Spam Act?
- Any email, SMS, MMS or instant message with a commercial purpose — offering, advertising or promoting goods, services, land or a business — sent to an Australian electronic address. All three Spam Act rules (consent, identification, unsubscribe) apply to each one.
- What are the three Spam Act rules?
- First, consent: you need express consent, or consent inferred from an existing business relationship plus conspicuous publication of the address without a no-spam statement. Second, identification: accurately identify the sender and include contact details that stay accurate for at least 30 days. Third, unsubscribe: include a functional, low-cost unsubscribe facility and action opt-outs within 5 business days.
- When do I need to wash lists against the Do Not Call Register?
- Before making telemarketing calls or sending marketing faxes to Australian numbers. DNCR registration lasts indefinitely, so you must wash your lists regularly — a submitted list result is valid only for a limited period. Exemptions can apply, such as an existing customer relationship with consent or certain designated organisations, but you must still observe permitted calling hours and provide caller ID.
- What are the penalties for breaching these rules?
- ACMA enforces both regimes and has issued multi-million-dollar infringement notices against major brands for consent and unsubscribe breaches. Breaches can attract substantial civil penalties, and each non-compliant message or call can be treated as a separate contravention.
Not sure which obligations apply to you?
Run the Compliance Fingerprint — a 2-minute structured assessment that maps your business to every obligation, deadline and regulator that triggers.
Build my Compliance Fingerprint →