Electronic address harvesting software

Businesses must not use electronic address harvesting software, or lists that have been generated using such software, for the purpose of sending unsolicited commercial electronic messages.

Beware using purchased email addresses

The Department receives complaints regarding alleged breaches of the Unsolicited Electronic Messages Act 2007. These complaints generally relate to commercial electronic messages that have been sent to email addresses or telephone accounts (via TXT) without the consent of the recipient.

On receiving a complaint, we will initiate an investigation to determine if a breach of the Act has occurred. If a breach has occurred, we have a range of enforcement options available from a formal warning to High Court action to pursue pecuniary penalties and compensation and damages on behalf of victims.

In some cases, we have determined the sender of a commercial electronic message has purchased a database with the understanding that emails can be sent to those electronic addresses because there is 'deemed consent'. However, if we find that consent is not present when the electronic message(s) was sent, the Act may identify that the sender of the message(s) was in breach of the Act regardless of whether they believe consent existed due to the purchase of a database and any associated terms that existed during the sale of that database.

More information:

Deemed consent

The Unsolicited Electronic Messages Act provides that deemed consent exists if:

  • an electronic address has been conspicuously published by a person in a business or official capacity, and
  • it is not accompanied by a statement requesting that no unsolicited messages be sent to that address, and
  • the message is relevant to the recipient's business, role, function or duties in a business or official capacity.

The Deartment recognises that databases may contain useful information that can be used for marketing and promotional purposes. However, care should be taken to ensure that the recipient has consented to receive a commercial electronic message.

In every case, the onus of proof is on the sender of the messages, not the seller of the database, to demonstrate evidence of compliance with the Act.

If messages are sent and the sender is unable to satisfy investigators that the consent of the recipient can be deemed to have been given, then a breach of the Act has occurred.

Three steps to ensure you are not spamming