The Australian Communications and Media Authority (ACMA) just dropped its April-June 2025 enforcement report, and the numbers should make every email marketer sit up and pay attention. Two major penalties totaling over $4.5 million aren’t just headline-grabbing fines, they’re a blueprint of exactly how your email program could land in hot water.
ACMA’s latest quarterly report delivers a stark message to email marketers: the days of lenient compliance are over. Here’s what the record penalties mean for your campaigns.
How These Penalties Compare: The Escalating Cost of Non-Compliance
Commonwealth Bank leads the penalty leaderboard with a staggering $11 million total: $7.5 million in October 2024 for 170+ million non-compliant emails, following a then-record $3.55 million penalty in May 2023 for 65+ million messages. Sportsbet paid $2.5 million earlier in 2024, while Binance Australia faced over $2 million for sending 5.7 million emails with faulty unsubscribe processes.
The trend is unmistakable: penalties have jumped from Kogan’s $310,800 fine in 2021 to multi-million dollar enforcement actions that now routinely exceed $2 million for major brands. In 2022-23 alone, ACMA completed nine investigations resulting in over $8 million in fines.
What makes this quarter’s penalties particularly significant isn’t just their size but that they demonstrate ACMA’s enforcement has become systematic and predictable. The regulator is no longer issuing occasional warnings; it’s conducting regular sweeps with penalties that can devastate marketing budgets.
The Million-Dollar Mistakes That Changed Everything
Tabcorp’s $4 Million Lesson
TAB’s penalty of $4,003,270 wasn’t just about volume, it was about fundamental failures that plague many email programs today. Out of 5,757 VIP marketing messages:
- 2,598 had non-functional unsubscribe links
- 3,148 lacked proper sender identification
- 11 were sent without consent
The icing on the cake? This happened within their VIP program. ACMA’s message is crystal clear: premium segments were not get premium treatment when it comes to compliance and Tabcorp is paying for it.
PointsBet’s $500K Reality Check
PointsBet’s $500,800 penalty stemmed from 800+ non-compliant messages over just three months. Their critical error? Classifying promotional emails as “service” messages to dodge compliance requirements (YUK!). ACMA wasn’t buying it, if your message promotes anything or links to promotional content, it’s commercial. Period.
The New Enforcement Landscape: What’s Actually Changed
“Persistent Unwanted Marketing” Is Now a Named Target
For the first time, ACMA has explicitly called out businesses that ignore compliance alerts and keep generating complaints. This isn’t about one-off mistakes anymore, it’s about systematic non-compliance. The regulator issued 795 compliance alerts this quarter and made it clear: ignore these at your peril.
The Five-Day Rule Is Non-Negotiable
ACMA’s PointsBet investigation reinforced a critical timeline: any commercial message sent more than five business days after an unsubscribe request violates the Spam Act. Your suppression processes need to work end-to-end, across all platforms, within this window.
Cross-Channel Risk Is Escalating
The report’s focus on SMS sender ID registers and identity verification shows email compliance can’t exist in isolation. Weaknesses in SMS, WhatsApp, or number-porting controls now create regulatory risk for your entire program.
The Actions That Matter Right Now
1. Audit Every Single Template
Stop assuming your “service” emails are exempt. If any message contains offers, upsells, banner ads, or links to promotional pages, treat it as commercial. Document your classification logic, you’ll need it when ACMA comes calling.
2. Test Your Unsubscribe Process Like Your Revenue Depends On It
Because it does. Verify links work on all devices, require no login, and route to functioning endpoints. Log every event and show confirmation screens. Tabcorp’s penalty included thousands of messages with broken unsubscribe links.
3. Build Regulator-Grade VIP Protocols
If you segment high-value customers, add extra controls: pre-send consent checks, quarterly audits, staff training, and named compliance owners. VIP status creates more scrutiny, not less.
4. Prepare for the SMS Sender ID Shake-Up
ACMA is consulting on mandatory SMS sender ID registers. Inventory all your SMS sender IDs now, verify access controls, and monitor policy developments. This will impact how you coordinate cross-channel campaigns.
5. Treat Compliance Alerts as Pre-Enforcement Warnings
If ACMA sends your business a compliance alert, drop everything. Run root-cause analysis, implement fixes, and document your remediation. The regulator plans faster escalation for businesses that don’t respond appropriately.
The Bigger Picture: Why This Matters Beyond Penalties
These enforcement actions signal a fundamental shift in how ACMA approaches email compliance. The regulator received over 5,300 complaints this quarter, with retail and real estate joining solar as the most-complained-about sectors.
More importantly, ACMA is now actively monitoring 21 court-enforceable undertakings, formal agreements that require ongoing compliance reporting and audits. This isn’t just about paying fines and moving on any longer; it’s about real sustained regulatory oversight. Costly oversigh and compliance for years in many cases.
What’s Coming in 2025-26
ACMA’s stated priorities for the next year focus on mobile number fraud and “sustained focus on combating spam and persistent unwanted marketing.” Translation: expect more investigations, faster escalation, and higher penalties for repeat offenders.
The regulator is also expanding cross-border cooperation, signing agreements with international counterparts like Ireland’s ComReg. Your compliance challenges are becoming global.
The Bottom Line
These penalties aren’t outliers, they’re previews. ACMA has demonstrated it will investigate major brands, impose multi-million dollar fines, and require years-long compliance undertakings. The cost of getting email compliance wrong has never been higher.
The businesses thriving in this environment aren’t just following minimum requirements—they’re building compliance into their program architecture. They’re treating every template as potentially commercial, every unsubscribe as mission-critical, and every compliance alert as a final warning.
The choice is yours: invest in proper compliance now, or risk becoming the next million-dollar case study in ACMA’s quarterly report.
Ready to audit your email compliance? Start with our comprehensive template classification checklist and unsubscribe testing toolkit – because the next ACMA investigation could target your industry.
