Is Cold Email Legal in Australia?
Cold email is not illegal in Australia, but it is regulated more strictly than in the United States. The governing law is the Spam Act 2003, and it applies to every commercial electronic message sent to or from Australia, including B2B email. There's no carve-out that makes business-to-business messages exempt. What makes careful B2B outreach workable is the Act's concept of inferred consent, plus two mechanical requirements anyone can meet: identify yourself, and honour opt-outs. Here's how it fits together.
One thing before we start: this is general information from practitioners, not legal advice. If your situation is unusual or the stakes are high, talk to a lawyer.
The three requirements of the Spam Act
The Act asks three things of every commercial electronic message:
- Consent. The recipient must have consented to receiving the message. Consent can be express (they opted in) or inferred (more below; this is where B2B outreach lives).
- Identification. The message must clearly identify who authorised it and include accurate contact details. No misleading sender names, no pretending to be someone you're not.
- Unsubscribe. The message must contain a functional, low-cost way to opt out, and opt-outs must be honoured promptly. Once someone says stop, you stop.
Inferred consent: the part that matters for B2B
The Act recognises that consent can be inferred from a business relationship or from the circumstances. Specifically, it addresses conspicuously published work email addresses. If a business email address is published openly (a company website, a professional directory), consent can be inferred for messages that are directly relevant to that person's role or business, provided the address isn't accompanied by a note saying unsolicited messages aren't wanted.
Read that carefully, because both halves carry weight. Relevance isn't decoration; it's the legal basis. An offer of bookkeeping automation sent to a firm's operations lead is a very different message, legally and practically, from the same email blasted at ten thousand random inboxes. This is the strongest argument that compliance and effectiveness point the same direction: the targeting discipline the law rewards is the same discipline that earns replies.
How Australia compares to the US and Europe
- United States (CAN-SPAM). An opt-out regime: prior consent is not required, but messages must not be deceptive, must identify the sender, and must honour unsubscribes. This is why so much aggressive cold email advice is written by Americans; their baseline is looser than Australia's.
- Europe and the UK (GDPR and ePrivacy rules). Stricter and more fragmented. B2B outreach into Europe is commonly run on a "legitimate interests" basis, which requires genuine relevance, transparency about where you got someone's data, and an easy way to object. Some member states are stricter again. Prospecting into the EU deserves specific care.
- Australia (Spam Act). Sits between the two: consent-based like Europe, but with inferred consent giving relevant, well-targeted B2B outreach a workable path that pure consumer marketing doesn't have.
What about LinkedIn?
The Spam Act's definition of commercial electronic messages extends beyond email, but in practice the binding constraint on LinkedIn is LinkedIn's own User Agreement: it prohibits unauthorised automation tools and penalises high-volume, spammy behaviour with restrictions and bans. The realistic risk model on LinkedIn isn't a regulator, it's losing the account. Human-paced volume and messages people actually want to receive are what keep an account safe, which again lands on the same answer: do it properly or don't do it.
What compliant cold outreach looks like in practice
A checklist worth holding any sender to, including yourself:
- Business contacts only, sourced from openly published information, never scraped consumer lists.
- Every prospect genuinely relevant to the offer, verifiable person by person, not "relevant" at the level of an industry blast.
- Sender identified honestly in every message: real name, real business, real contact details.
- A working opt-out in every email, with suppression applied immediately and permanently, across every channel, not just the one they replied on.
- Volume and sending patterns that look like a person, not a machine firing at a list.
This checklist is how we run outreach at Black Box Bots: every message individually researched, written in a voice you sign off before go-live with a human on anything the system's unsure of, and stopped the instant anyone opts out. Not because a lawyer made us, but because the same care that keeps outreach lawful is what makes strangers reply to it.
Common questions
Is B2B cold email legal in Australia?
Cold email in Australia is governed by the Spam Act 2003, which requires consent, sender identification, and a working unsubscribe on commercial electronic messages. There is no blanket B2B exemption, but the Act recognises inferred consent, which can cover messages to conspicuously published business addresses where the message is directly relevant to the recipient's role. Done carefully, with relevant targeting, clear identification and honoured opt-outs, B2B outreach can operate within the Act. Done lazily, it can't.
What are the three requirements of the Spam Act?
Every commercial electronic message must (1) be sent with the recipient's consent, which can be express or inferred, (2) clearly identify who authorised the sending of the message and how to contact them, and (3) contain a functional unsubscribe facility that is honoured promptly. All three must be met; identification and an unsubscribe link don't substitute for consent.
Does the Spam Act apply to LinkedIn messages?
The Spam Act covers commercial electronic messages including email, SMS and instant messaging. In practice, the bigger constraint on LinkedIn outreach is LinkedIn's own User Agreement, which prohibits unauthorised automation and aggressive messaging. The realistic risk there is account restriction rather than a regulator. Treat both as binding: platform rules and the law.
What happens if you breach the Spam Act?
The Australian Communications and Media Authority (ACMA) enforces the Act and has a track record of formal warnings, enforceable undertakings, and substantial civil penalties, including multi-million-dollar outcomes against large senders. Beyond penalties, the practical cost is reputational: blacklisted domains and a brand associated with spam.
Want the meetings without running any of this yourself?
Black Box Bots runs the entire machine, research, writing, sending, replies, with your voice signed off before we go live. Fifteen minutes, come with one dream client in mind, and you'll see the exact email we'd send them.