If you've just bought a contact list of Australian restaurants and cafes, you have a window of opportunity — and a regulator that takes its job seriously. The Spam Act 2003, administered by the Australian Communications and Media Authority (ACMA), governs what you can and can't send. Penalties top out at hundreds of thousands of dollars per day for repeat offenders, and ACMA publishes its enforcement actions.
This guide is the practical short version: what to do, what not to do, and what every email needs to contain.
The three rules
Every commercial email or SMS sent to an Australian recipient must satisfy three rules:
- Consent. The recipient must have given consent — either express (they opted in) or inferred (there's a relevant business relationship).
- Identification. Every message must clearly identify the sender — your business name, ABN if applicable, and a way to contact you.
- Unsubscribe. Every message must include a functional unsubscribe mechanism that works for at least 30 days after the message is sent, costs the recipient nothing, and is honoured within five business days.
What "inferred consent" means in practice
Inferred consent is the rule cold outreach to businesses leans on. It applies when the recipient has conspicuously published their email address — for example, on their restaurant's website or business listing — and the address is clearly intended for receiving messages of the kind you're sending.
Two practical implications:
- A
bookings@orinfo@address publicly listed on a restaurant's contact page will usually support inferred consent for legitimate B2B outreach. - A personal address scraped from a venue owner's LinkedIn profile will not.
If you've bought our database, the email column contains addresses sourced from publicly listed business pages — which is the right starting point. Your job from there is making sure the content of your message is something a restaurant owner would reasonably expect to receive in that inbox.
What every message needs
A compliant email contains, at minimum:
- A clear sender identification line — your business name and ABN.
- A physical address or other contact channel.
- A working unsubscribe link.
The unsubscribe link must work for at least 30 days. We've seen audits where the only finding was that an old campaign's unsubscribe link had broken — which is enough.
What to avoid
- Don't email the same address twice in the same campaign without a gap. ACMA treats it as a separate breach.
- Don't put your unsubscribe in an image. Plain text only.
- Don't email contacts you haven't been able to verify in the last 90 days. Restaurant turnover is high; a
chef@old-venue.com.authat no longer exists will inflate your bounce rate and damage your sender reputation.
A quick pre-flight checklist
Before you press send on an outreach campaign:
- [ ] Sender identification block at the top or bottom of the email
- [ ] Unsubscribe link tested in three browsers
- [ ] List filtered to addresses verified within the last quarter
- [ ] Subject line that doesn't promise something the email doesn't deliver
- [ ] Send-rate throttled (don't send to 5,000 venues in 60 seconds)
Where to learn more
This article is general information, not legal advice. Have an Australian solicitor review your campaign if it's high-volume or high-stakes.
