The Fine Line Between Spamming And Direct Marketing (2026 Updated)

If you’re building a business in New Zealand, marketing is probably on your mind every day. You might be running email campaigns, sending SMS reminders, posting on social media, or following up leads you’ve worked hard to generate.

But there’s a point where “smart marketing” can start looking (and feeling) like spam - and that’s where legal, reputational and customer-trust risks show up.

This guide is updated for current expectations around digital marketing, privacy and consent. We’ll walk you through how to market confidently while staying on the right side of New Zealand’s key rules (and your customers’ patience).

What’s The Difference Between Direct Marketing And Spam?

Direct marketing is a broad term. It generally means you’re contacting someone directly (rather than advertising publicly) to promote your goods or services. Common examples include:

• email newsletters and promo emails
• SMS campaigns
• direct messages (DMs) on social platforms
• phone calls to leads or customers
• postal marketing (yes, it still exists)

Spam is more specific. In practical terms, spam is usually:

• unsolicited (the recipient didn’t ask for it and hasn’t agreed), and/or
• sent in bulk, and/or
• hard to stop (no unsubscribe, or ignoring unsubscribe requests), and/or
• misleading (unclear sender identity, trick subject lines, hidden commercial intent)

Here’s the key idea: direct marketing is about relevance and permission. Spam is what happens when you ignore consent, context and easy opt-outs.

A Quick Example

Imagine two businesses:

• Business A runs an online store. Customers can tick a box at checkout to receive promo emails. Each email includes an unsubscribe link. That’s likely direct marketing done properly.
• Business B buys a list of emails and blasts a “limited time deal” with no unsubscribe link and a fake “RE:” subject line. That’s classic spam behaviour and it can get you into trouble.

Even if you mean well, it’s easy to cross the line if you don’t have a clean system for consent, privacy and compliance.

What NZ Laws Apply To Marketing Messages?

When you’re marketing in New Zealand, a few legal areas tend to overlap. The “fine line” usually sits where these obligations intersect.

Spam Act 2007 (Unsolicited Electronic Messages)

If you send commercial electronic messages (usually email, SMS, or messaging that’s similar), New Zealand’s Spam Act 2007 is the main law to keep in mind.

In plain English, your messages should generally meet three core requirements:

• Consent: you have permission (express or inferred) to send the message
• Identification: the message clearly identifies who is sending it and how to contact them
• Unsubscribe: there’s a functional unsubscribe option that’s easy to use

If any of these are missing, your campaign starts looking less like “marketing” and more like “spam”.

Privacy Act 2020 (How You Collect And Use Personal Information)

Direct marketing often relies on personal information - like a name, email address, phone number, purchase history, or location. That means you also need to think about the Privacy Act 2020.

Privacy isn’t just about data breaches. It’s also about:

• collecting personal information fairly and transparently
• only using it for purposes you’ve explained (or that the person would reasonably expect)
• keeping it secure
• allowing people to access and correct their information

If you’re collecting emails or phone numbers through your website, it’s usually a good idea to have a clear Privacy Policy in place so customers aren’t left guessing what happens next.

Fair Trading Act 1986 (Misleading Or Deceptive Marketing)

Even if you have consent to contact someone, you still need to make sure what you say is accurate.

The Fair Trading Act 1986 can apply if your marketing is misleading - for example:

• claiming a discount that isn’t real (“was $199, now $49” when it was never $199)
• making performance claims you can’t back up
• hiding key terms in tiny print
• creating a false sense of urgency (“only 2 left!” when stock is plentiful)

Direct marketing is often faster and more informal than website copy, which is exactly why it can be riskier - people hit “send” before legal checks happen.

Contract And Website Terms (When Your Marketing Becomes A Promise)

Sometimes your marketing message can accidentally create enforceable expectations - especially if you make specific promises about price, delivery timeframes, refunds, or “guarantees”.

That’s one reason why businesses often pair marketing efforts with clear Website Terms and Conditions and consistent customer policies.

Consent: The Make-Or-Break Issue In Direct Marketing

If there’s one concept that separates direct marketing from spam, it’s consent.

In practice, consent can show up in a few different ways (and you should document it properly).

Express Consent

This is the gold standard. Express consent is where the person clearly agrees to receive marketing - for example:

• they tick an “I want to receive offers” box (that isn’t pre-ticked)
• they sign up to a newsletter via a form
• they message you first asking for deals or updates

Tip: Keep records of when and how the person subscribed. If there’s ever a complaint, you’ll want to show your process is solid.

Inferred Consent

Inferred consent is trickier. It’s where permission is implied from the relationship and the context.

For example, if someone purchases from you, it may be reasonable to contact them about:

• their order (transactional messages)
• service updates or safety notices
• similar products or a related offer (depending on the context and expectations)

The risk with inferred consent is that it’s easy to stretch it too far. A customer who bought once 18 months ago probably won’t expect weekly SMS promotions now.

Why “Purchased Lists” Are A Red Flag

Buying an email or SMS list is one of the quickest ways to fall into spam territory. Even if the seller claims the list is “opted-in,” the real question is:

Did those people consent to hearing from you specifically?

If the answer is no (or unclear), you’re taking a big compliance risk and potentially damaging your brand from day one.

How To Run Compliant Email And SMS Campaigns (Without Losing Customers)

You can absolutely do direct marketing in NZ - and do it well - if your campaigns are designed with consent and transparency built in.

Email Marketing Compliance Checklist

If you’re sending promotional emails, make sure you cover the basics:

• Clear sender identity (your business name should match your brand and domain)
• Honest subject lines (no “RE:” or “FWD:” tricks unless it’s genuinely a reply/forward)
• A real unsubscribe link that works and is easy to find
• A business contact method (email, phone, address or contact form)
• Segmentation so people receive relevant messages (less complaints, fewer unsubscribes)

If you’re collecting emails through your website, it’s also worth checking that your site terms and privacy settings align with your marketing practices - for example, your Cookie Policy may matter if you’re using tracking and remarketing tools.

SMS Marketing: Higher Conversion, Higher Expectations

SMS can be effective, but it’s also more intrusive. People usually expect:

• fewer messages
• clear opt-out instructions (e.g. “Reply STOP to unsubscribe”)
• messages to be genuinely relevant (appointment reminders, delivery updates, limited promotions)

If you’re sending SMS promotions, frequency matters. A weekly email might be fine, but weekly SMS is often a fast way to trigger complaints.

Don’t Forget Third-Party Platforms

If you use tools like Mailchimp, Klaviyo, Shopify apps, CRMs, or SMS platforms, you still own the compliance risk.

Make sure you understand:

• where customer data is stored (NZ or offshore)
• who can access it
• how unsubscribe and suppression lists are handled
• whether automated flows might message people who didn’t consent

This is where having properly drafted internal processes (and privacy documentation) can save you a lot of stress later.

Grey Areas That Often Turn Direct Marketing Into “Spammy” Behaviour

Most businesses don’t set out to spam people. The risk usually comes from habits that feel normal in the hustle of running a business - but don’t land well with customers (or regulators).

1. “One More Follow-Up” That Becomes Ten

Following up a quote is normal. But repeated follow-ups - especially if someone hasn’t responded - can become harassment in the eyes of the recipient.

A good rule of thumb is to:

• space out follow-ups
• stop after a reasonable number of attempts
• include a polite “let us know if you’d prefer we don’t contact you again” option

2. Bundling Consent Into The Fine Print

If your “consent” is hidden in dense checkout text, customers will feel tricked - and that’s often where complaints come from.

Consent should be:

• clear
• separate (not bundled into unrelated terms)
• optional (where possible)

For online businesses, clear E-Commerce Terms and Conditions help set expectations, but they shouldn’t replace proper marketing consent practices.

3. “We Found You On LinkedIn” Cold Outreach

Networking and B2B outreach are common, but the platform and approach matters.

A personalised message to one business contact can be fine. Copy-pasting the same pitch to hundreds of people, scraping email addresses, or moving immediately to email/SMS without consent is where you can start crossing the line.

If you’re doing outbound sales, consider creating internal guidelines for:

• when to keep outreach on-platform vs moving to email
• how to handle opt-outs
• how to document leads and permission

4. Ignoring Unsubscribes (Even Accidentally)

Unsubscribe compliance isn’t just about having the link - it’s also about honouring it.

Common mistakes include:

• unsubscribes processed for newsletters but not for “product update” lists
• customers unsubscribed from email but still getting SMS
• staff exporting lists manually and accidentally re-adding unsubscribed contacts

It’s worth setting up a single source of truth (usually your CRM) and training staff on how to use it properly.

Practical Steps To Build A Marketing Compliance System (That Scales With You)

When you’re starting out, it’s tempting to “just send the message” and worry about the legalities later. But if your customer list grows quickly, fixing messy data and consent processes becomes a lot harder.

Here are practical steps you can take now to stay protected from day one.

1. Map Out What Data You Collect And Why

Start simple. List what personal information you collect (e.g. email, phone, address, purchase history) and the purpose for each.

This helps you:

• write clearer privacy wording
• reduce over-collection (less risk, less admin)
• keep your marketing aligned with reasonable customer expectations

2. Set Your Consent Pathways

Decide how customers can opt in, and make it consistent across channels:

• website forms
• checkout tick boxes
• in-store sign-ups
• event or market registrations

Then decide how customers can opt out, and make it easy.

3. Create “Do Not Contact” Rules For Your Team

If you have staff, contractors, or even a virtual assistant helping with marketing, you’ll want clear internal rules so everyone handles customer contact the same way.

This is especially important if you’re hiring someone to run campaigns or do outbound sales - alongside a solid Employment Contract (or contractor agreement), internal processes help avoid risky “cowboy marketing” that damages your brand.

4. Make Sure Your Customer-Facing Documents Match Your Marketing

Marketing and legal documents should work together.

For example:

• If you advertise subscriptions, your cancellation and renewal terms should be clear in your customer terms.
• If you run giveaways, you’ll want proper Competition Terms and Conditions so promotions don’t backfire.
• If you use influencers or brand ambassadors, document who can say what, and what needs to be disclosed.

These are the kinds of details that protect you when your marketing scales up and more people are paying attention.

5. Review Your Templates Before You Hit “Send”

It’s worth creating a simple pre-send checklist your team follows, covering:

• consent confirmed (express or inferred)
• recipient list cleaned (no unsubscribed contacts)
• subject line and claims checked (accuracy, no misleading urgency)
• unsubscribe/opt-out included and functional
• business identification included

This isn’t about slowing you down - it’s about reducing the chance of a single rushed campaign creating long-term damage.

Key Takeaways

• Direct marketing becomes “spam” when you ignore consent, transparency and easy opt-outs - even if your offer is genuine.
• New Zealand’s Spam Act 2007 generally requires consent, clear sender identification, and a functional unsubscribe for commercial electronic messages.
• The Privacy Act 2020 matters because marketing relies on personal information, so you need to collect, use and store customer data responsibly and in line with what you’ve communicated.
• The Fair Trading Act 1986 applies to direct marketing too, so your promotions must not be misleading, deceptive, or create false impressions about price or availability.
• Grey areas like purchased lists, aggressive follow-ups, hidden “consent” wording, and poor unsubscribe handling are where many well-meaning businesses cross the line.
• Simple systems - documented consent pathways, clean contact lists, and aligned customer-facing terms - help you market confidently as your business grows.

If you’d like help setting up marketing-friendly legal foundations (privacy documents, customer terms, and compliance advice), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.