National Library of New Zealand
Harvested by the National Library of New Zealand on: Feb 5 2011 at 6:46:17 GMT
Search boxes and external links may not function. Having trouble viewing this page? Click here
Close Minimize Help
Wayback Machine
The Department of Internal Affairs

The Department of Internal Affairs

Te Tari Taiwhenua

Building a safe, prosperous and respected nation


Services › Anti-Spam › Business Info

What the Unsolicited Electronic Messages Act 2007 means for businesses

The Unsolicited Electronic Messages Act 2007 (the Act) prohibits electronic spam with a New Zealand link (i.e. messages sent to, from, or within New Zealand). The Act refers to spam as 'unsolicited commercial electronic messages'.

Businesses must comply with the Act to ensure any electronic messages they send are not considered spam. Failure to comply could mean a fine of up to $500,000. The business could also be made to pay the victims compensation up to the amount of loss suffered or damages up to the amount of loss suffered or damages up to the amount of profit that was made as a result of sending the spam.

Electronic messages encompasses emails, instant messaging, SMS, multimedia message services and other mobile phone messaging (but does not include voice or fax).

The electronic message is considered spam only if it is commercial in nature - for instance marketing or promoting goods, services or land, or directing the recipient to a location where a commercial transaction can take place (such as a website). It is important to note that providing a hyperlink to a company web page in the signature of an otherwise non-commercial email would make it commercial.

There are a large number of commercial electronic messages that can be sent legitimately. They are only spam if they are sent without the consent of the recipient - as unsolicited messages.

Note: A single message may be spam. The message does not need to be sent or received in bulk.

Which messages are not commercial electronic messages?

The Act provides that the following common messages between organisations and clients/customers are not commercial electronic messages:
  • Responses to a request for a quote or estimate
  • Messages that facilitate, complete or confirm a commercial transaction that the recipient previously agreed to
  • Warranty information, product recalls and safety and security information about goods or services used or purchased by the recipient
  • Factual information about a subscription, membership, account, loan or similar ongoing relationship
  • Information directly related to employment or a related benefit plan in which the recipient is currently involved
  • Delivers goods and services that the recipient is entitled to receive under the terms of a previous transaction.
If messages fall into any of the above descriptions then it is not spam and doesn’t have to contain information about the sender or a functioning unsubscribe facility.

Three steps to ensure you are not 'spamming'

Follow the steps below to ensure you are not sending spam:
    Step One: Make sure you have the consent of the recipients of the commercial electronic message
    Step Two: Identify the business responsible for sending the commercial electronic message and how they can be contacted
    Step Three: Include a functional unsubscribe facility in all commercial electronic messages.
The sections below have more detail about each step.

Businesses must also not use electronic address harvesting software, or lists that have been generated using such software, for the purpose of sending unsolicited commercial electronic messages.

Note: In addition to the requirements of the Unsolicited Electronic Messages Act 2007 business must always comply with the Privacy Act 1993 and be familiar with the Privacy Principles. Passing on email addresses, without permission, to another organisation or business may breach the Privacy Act.

Step One - Consent

Commercial messages must be sent only when you have express consent, inferred consent, or deemed consent.

Express consent

Express consent is a direct indication from the person you wish to contact that it is okay to send the message(s). Express consent can be gained in a variety of ways such as:
  • Filling in a paper form
  • Ticking a box on a website
  • A phone or face-to-face conversation.
Businesses should keep a record of all instances where consent is given, including who gave the consent and how. Under the Act it is up to the sender to prove that consent exists.

It is also advisable to verify that consent has come from the actual holder of a particular electronic address. This can be done by requesting that the recipient reply confirming they would like to receive future messages.

If you are using an existing database of addresses and you are not sure if you have the express consent of the people listed you will need to obtain it (even if you have been sending electronic messages to these customers for years).

Inferred consent

Inferred consent is when the person you wish to contact has not directly instructed you to send them a message, but it is still clear that there is a reasonable expectation that messages will be sent. For example, the address-holder provided their email address when purchasing goods and services in the general expectation that there will be follow-up communication.

If someone has been on your existing address list and has not ‘unsubscribed’, it does not mean that consent can be inferred. If you are not confident that the existing relationship is strong enough to infer consent, you should obtain express consent.

Inferred consent is limited in its application. For example if people join a tennis club you can infer consent to send them a tennis newsletter, but you could not infer consent to send them an investment newsletter.

Deemed consent

Deemed consent is when someone conspicuously publishes their work-related electronic address (e.g. on a website, brochure or magazine). However if a publication includes a statement that the person does not want to receive unsolicited commercial electronic messages at that address, consent cannot be deemed.

There also must be a strong link between the message and the recipient’s business.

Step Two - Identify

Commercial messages must always clearly identify the business responsible for sending the message and how they can be contacted.

Sometimes you might use another organisation, a third party, to send commercial electronic messages on your behalf. This third party must include accurate information about your business, i.e. name and contact details. The amount of information may depend on the medium by which the message is sent. Text messages impose limitations on the amount that can be displayed.

Identification details that are provided must be reasonably likely to be accurate for a period of 30 days after the message is sent. This requirement ensures that addressees have a reasonable chance of being able to contact you.

Step Three - Unsubscribe

Commercial messages must contain a functioning unsubscribe facility, allowing people to state that commercial messages should not be sent to them in the future. It needs to be clearly presented and easy to use. It could be as simple as a line in your message saying, ‘If you do not wish to receive future messages, send a reply with UNSUBSCRIBE’ in the subject line.

However, if you have an ongoing arrangement/contract with the recipient of your message waiving this requirement you will not need to include an unsubscribe function.

You must honour a request to unsubscribe within five working days.

Similar to the identification of the message’s sender (in step 2) the unsubscribe facility must be reasonably likely to remain accurate and functional for a 30 day period. It need not be an automated process, but should be reliable.

Guide for businesses

More detailed information on the requirements the Act places on businesses that send commercial electronic messages is provided in the guide below:

The guide includes practical examples to assist you. If you have any further questions you can contact us at

Anti-Spam video

This video details the requirements businesses need to follow to comply with the Unsolicited Electronic Messages Act 2007. It features members of the Anti-Spam Compliance Unit as well as Keith Norris (NZ Marketing Association), Laura O'Gorman (Buddle Findlay), and David Farrar (Internet New Zealand).

The video is available at the links below. If you have a slow connection you may want to view the low resolution file. The duration of the video is 5.48 minutes - a written transcript is available here: Anti-Spam video transcript.

Link to high resolution Anti-Spam video
Link to low resolution Anti-Spam video

*This document is in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.

**This file is in Windows Media Video (.wmv) format. You need to have the Windows Media Player installed on your computer. You can download a free version from the Microsoft Windows Media site.