Cold Email Infrastructure for Australia

Australia's Spam Act 2003 is a consent-based anti-spam regime: closer to CASL than to CAN-SPAM, but with a more forgiving inferred-consent path. It applies to any commercial electronic message (CEM) sent to an Australian address or from an Australian computer. Enforcement sits with the Australian Communications and Media Authority (ACMA).

The Spam Act defines three ways a CEM can legally be sent: 1. Express consent: the recipient knowingly opted in. 2. Inferred consent: the recipient has conspicuously published a work email address and the message is relevant to their role. This is the B2B cold email path. 3. Specific exemptions: government, educational institution, charity, political party, religious organization messages carry narrow exemptions. Not useful for commercial outreach.

• Identify the sender: the message must clearly state the individual or organization that authorized it, with accurate contact information.
• Include a functional unsubscribe facility: low-cost, easy to use, and functional for at least 30 days after the message was sent.
• Not use misleading header information: from, subject, and routing headers must not deceive.

ACMA enforcement is active. Published infringement notices routinely run into AUD $1-3 million for senders that ignored unsubscribes or used harvested lists. The largest settlements have crossed AUD $4 million. First-time, low-volume violations usually result in infringement notices rather than prosecution, but ACMA does prosecute repeat offenders.

InboxKit tier pricing in USD. Australian senders typically pay slightly more per message due to longer APAC round-trip times for warmup traffic.

The Spam Act's inferred consent test has two conditions. Both must be true before a cold email is legal:

• Contact page of a business website with a work email
• LinkedIn profile with a visible work email
• Professional association directory where members expect business contact
• Conference attendee listing or speaker bio
• Australian Business Register (ABR) / Australian Business Number (ABN) registration data

• Personal email harvested from a forum
• Work address published on a page that carries a 'no unsolicited email' notice
• Work address published by a third party without the recipient's involvement

Condition 2: The message is relevant to the recipient's business, functions, or duties. This is the second half of the test and it matters. A marketing tool pitch to a marketing director is relevant. The same pitch to a warehouse supervisor is not. The Spam Act language is 'relevant to the business, functions or duties of the person in a business or official capacity': pitch relevance is assessed by ACMA on complaint.

Importantly: inferred consent is not 'forever'. The Spam Act does not set an explicit expiry, but ACMA has indicated that stale inferred consent (address first captured years ago, no intervening engagement) is a weaker defense. The conservative read is to rebuild lists from source every 12-24 months.

The 'no unsolicited email' defeater. A single public statement on the recipient's own contact page saying 'we do not accept unsolicited marketing email' defeats inferred consent for that address. ACMA treats this as a clear opt-out signal. Australian cold email programs must check contact pages before scraping and maintain a 'poisoned sources' list of domains whose contact pages carry such notices.

Australia's inbox mix is Google-dominated for B2B but has a meaningful long tail of ISP-branded webmail from Telstra, Bigpond, and Optus.

The APAC latency problem. Australia is far from everything. Messages sent from US or European IPs to Australian MTAs incur 150-300ms round-trip times, which amplifies SMTP timeout issues, causes soft bounces on retry, and gives geography-weighted filters (especially Microsoft 365) a reason to add a small reputation penalty. Australian senders who reach Australian recipients from US IPs generally see 3-8% lower Primary-tab placement compared to Australian-hosted senders. This is measurable but not catastrophic: an Australian B2B program with a proper warmup and clean domain reputation will still hit 80%+ inbox placement on Gmail from US IPs.

Data residency is almost never a cold-email issue. Australia's Privacy Act 1988 and the Australian Privacy Principles (APPs) govern how Australian personal information is handled, but they do not require Australian recipient data to stay in Australia. Cold email to a @company.com.au work address from a US-hosted Google Workspace mailbox is fully Spam Act and APP compliant as long as the sender meets APP 8 disclosure obligations for overseas data transfers, which for a cold sender means a line in the privacy notice, not a technical constraint.

• 2-3 .com.au domains for Australia-native outreach (Australian recipients open .com.au addresses at noticeably higher rates)
• 3-5 .com or .io domains for pan-APAC or international-feel outreach
• Register .com.au domains through an auDA accredited registrar and meet the Australian presence requirement
• Spread across at least two registrars
• 301 redirect every secondary domain to the primary brand site

• Google Workspace default, Australian B2B is Gmail-heavy
• Microsoft 365 at 35-40% to reach enterprise and government recipients
• Per-mailbox volumes ramp: 20/day week 1 → 40/day week 2 → 60/day week 3 → 80+/day after week 4
• Isolated warmup for 14-28 days before first cold touch
• Consider a small Microsoft 365 tenant in Australian data centres if Microsoft 365 placement is critical. InboxKit's Azure tier ($30/tenant for up to 100 mailboxes) is a low-cost way to experiment

• SPF: v=spf1 include:_spf.google.com ~all
• DKIM: two selectors published
• DMARC: p=none to start, quarantine after 30 days of clean reports
• MX: matches Google Workspace or Microsoft 365

• Sender name and authorized legal entity
• Australian physical address or accurate overseas address
• Phone or URL as second contact method
• Unsubscribe link that works for at least 30 days after send
• Unsubscribe must be free, low-cost, and not require the recipient to provide information beyond their email address

Australian cold email shares the same Gmail+Microsoft 365 volume constraints as every other English-speaking market. Two ACMA-specific considerations stack on top.

Constraint 1: Complaint rate must stay under 0.1%. ACMA accepts consumer complaints via its report spam page and its Spam SMS short code. Complaints feed directly into ACMA's enforcement pipeline. A pattern of repeat complaints against a single sending domain almost always triggers an investigation.

Constraint 2: Unsubscribe requests must be processed within 5 working days. This is shorter than CAN-SPAM's 10 business days and shorter than PECR's 'prompt' standard. Australian senders should build suppression workflows that process opt-outs the same day, not the 5-day statutory maximum.

• Week 1: 10-20/day per mailbox, warmup only
• Week 2: 20-40/day per mailbox, 5-10 real cold touches
• Week 3: 40-60/day per mailbox, 70/30 warmup-to-cold
• Week 4+: 60-100/day per mailbox, 30/70 warmup-to-cold

• ~35 active mailboxes at 60/day each
• ~10 domains at ~3-4 mailboxes each
• InboxKit Agency ($99/mo, 30 slots) + 5 extras at $3.25 = $115/mo
• Warmup: 35 × $3 = $105/mo
• InfraGuard: ~$10/mo for 10 domains
• Total: ~$230/month for 2,000 Australian cold emails/day: about AUD $0.005 per sent message.

ACMA investigations typically start from consumer complaints. The sender is expected to demonstrate, on request, that each message had a legitimate basis under the Spam Act. A documented Australian cold email program has:

• Email address
• Source URL (the conspicuously-published page)
• Capture date
• Role-relevance justification
• Confirmation that the source page did not carry a no-solicitation notice
• Send history
• Unsubscribe date if applicable

• Authorizing legal entity
• Physical address used in the footer
• Sending domain(s)
• Copy of the message content
• Unsubscribe mechanism tested

• Spam Act compliance policy
• Training log for staff
• Suppression list audit

Records should be retained for at least 2 years under ACMA's guidance, and longer if the sender is also subject to APP 11 retention requirements for personal information.

• [ ] Register 5-10 domains (mix of .com.au, .com, .co)
• [ ] Meet auDA Australian presence requirement for .com.au
• [ ] Provision Google Workspace (60%) + Microsoft 365 (40%)
• [ ] Automated DNS via InboxKit + Cloudflare
• [ ] Enable isolated warmup on every mailbox
• [ ] Enable InfraGuard on every domain

• [ ] Document Spam Act compliance policy and inferred consent methodology
• [ ] Build list from conspicuously-published sources only, log source URL
• [ ] Test unsubscribe flow (must work for 30 days)
• [ ] Confirm footer has authorizing entity, address, alternate contact, unsubscribe

• [ ] Start sequences at 40-60/day per mailbox
• [ ] First-touch plain text, relevant pitch, same-day unsubscribe processing
• [ ] Weekly deliverability review across Gmail, Microsoft 365, Telstra/Bigpond
• [ ] Quarterly suppression list audit

• Any ACMA correspondence
• Google Postmaster domain reputation drops to Medium
• Complaint rate above 0.1%
• Unsubscribe rate per campaign above 2.5%