Australia’s communications regulator ACMA issued over AU$5.4 million in penalties to wagering companies during 2025–2026 for breaching email and SMS marketing rules. Tabcorp, Betfair, and PointsBet were all fined for failures including missing unsubscribe links, sending messages without consent, and contacting customers on self-exclusion registers. The enforcement wave signals that ACMA is taking a harder line on commercial messaging compliance, and that email and SMS marketers in regulated industries need to pay close attention.
The Enforcement Scorecard (2025–2026):
- Tabcorp: $4,115,950 (Spam & BetStop breaches)
- Betfair: $871,660 (VIP consent failures)
- PointsBet: $500,800 (Self-exclusion & Unsubscribe errors)
- Total Sector Impact: $5,488,410
Australia’s email and messaging compliance rules are changing fast. In 2025, ACMA issued major penalties to companies like Betfair, Tabcorp, and PointsBet, showing regulators are serious about consent, unsubscribe requirements, and cross-channel messaging.
In this article, we review the key 2025 cases, the latest 2026 self-exclusion enforcement, and what email and SMS marketers need to know to stay compliant.
Betfair Pty Ltd – VIP Spam Triggers $871k Penalty
In July 2025, Betfair paid $871,660 after an investigation found it sent over 140 marketing messages to VIP customers who had either not consented or had explicitly withdrawn it.
- The Breach: Messages offered “inducements” like free tickets and account deposits but lacked functional unsubscribe links.
- Ongoing Oversight: Betfair is currently under a two-year enforceable undertaking, requiring independent audits and quarterly reporting to the ACMA through 2027.
- Marketer Lesson: “VIP” status is not a legal substitute for consent. High-value segments require the same opt-in rigor as your general list.
Tabcorp Holdings Ltd – The $4M Warning & 2026 BetStop Breach
Tabcorp remains the “poster child” for multi-channel non-compliance, facing two major actions in the last year.
- The Spam Fine (April 2025): A record $4 million penalty for sending thousands of SMS and WhatsApp messages without functional opt-outs or proper sender ID.
- The BetStop Breach (January 2026): Just last week, Tabcorp paid an additional $112,680 for failing to check the BetStop (National Self-Exclusion Register). They allowed self-excluded individuals to open accounts and receive marketing.
- Wider Industry Heat: The ACMA also issued warnings or remedial directions to LightningBet, Betfocus, TempleBet, Picklebet, and BetChamps for similar BetStop failures.
PointsBet – Integrated Compliance Failures
In May 2025, PointsBet paid $500,800 for a dual-threat violation involving both the Spam Act and the Interactive Gambling Act.
- The Issue: They sent marketing to over 500 people on the self-exclusion register and misclassified marketing emails as “non-commercial” to bypass unsubscribe requirements.
- Current Status: PointsBet is mid-way through a court-enforceable undertaking to overhaul its internal verification systems.
Key Takeaways
- Consent is mandatory, even for VIP or loyalty segments.
- Unsubscribe links must work and be tested regularly.
- Cross-channel compliance matters, email, SMS, WhatsApp, push notifications.
- Internal compliance systems are critical, audits, training, and reporting are no longer optional.
- Monitor ongoing enforcement trends, ACMA continues to signal strict oversight in 2026, including self-exclusion and messaging compliance across wagering providers.
These enforcement cases demonstrate that compliance is not just legal, it’s strategic. Following these lessons protects your brand and ensures your messages reach customers safely and effectively.
Official ACMA source: For all 2025–2026 enforceable undertakings, see ACMA’s public register.
Our earlier coverage on emailexpert:
