Statute Details
- Title: Spam Control Act 2007 (SCA2007)
- Full Title: An Act to provide for the control of spam, which is unsolicited commercial communications sent in bulk by email or by text or multimedia messaging to mobile telephone numbers, and to provide for matters connected therewith.
- Legislative Type: Act of Parliament
- Authority: “Authority” means the Info-communications Media Development Authority (IMDA) (see Info-communications Media Development Authority Act 2016)
- Current Version Status: Current version as at 27 Mar 2026 (per provided metadata)
- Key Commencement / Revisions: 2008 RevEd; amendments including Acts 22 of 2016, 40 of 2020, 25 of 2021; 2020 RevEd incorporated amendments up to 1 Dec 2021 and came into operation on 31 Dec 2021 (per provided extract)
- Parts: Part 1 (Preliminary); Part 2 (Dictionary attack and address-harvesting software); Part 3 (Unsolicited commercial electronic messages); Part 4 (Civil action); Part 5 (Miscellaneous)
- Key Sections (from extract): s 3 (Meaning of “commercial electronic message”); s 4 (Meaning of “electronic message”); s 4A (Electronic messages sent to instant messaging accounts); s 5 (Meaning of “unsolicited”); s 6 (Meaning of “sending in bulk”); s 7 (Application of Act); s 9 (Use of dictionary attack and address-harvesting software); s 11 (Sender compliance with Second Schedule)
- Schedules: First Schedule (Excluded electronic messages); Second Schedule (Requirements for unsolicited commercial electronic messages)
What Is This Legislation About?
The Spam Control Act 2007 (“SCA”) is Singapore’s core statute aimed at controlling “spam” in the form of unsolicited commercial electronic messages sent in bulk. In plain language, it targets mass marketing communications delivered electronically—such as by email and by text or multimedia messaging to mobile telephone numbers—and imposes legal restrictions on how such messages may be sent.
The Act does more than regulate the content and sending practices of bulk commercial messages. It also addresses the upstream techniques used to obtain recipient addresses at scale, such as “dictionary attacks” and “address-harvesting software”. These are methods used to generate or collect electronic addresses (including email addresses and mobile numbers) without the recipient’s consent, which then enables spamming campaigns.
Finally, the SCA provides a civil enforcement pathway. Rather than relying solely on administrative or criminal measures, it allows affected parties to bring civil actions (including seeking injunctions and damages) against persons who send or facilitate spam in breach of the Act.
What Are the Key Provisions?
1) Core definitions: “commercial electronic message”, “electronic message”, and “unsolicited”. The Act’s reach depends heavily on definitions. A “commercial electronic message” is an electronic message whose primary purpose—assessed by the content, how it is presented, and the contact information/links in the message—is to offer or advertise goods or services, promote a supplier, offer or advertise land or an interest in land, promote business or investment opportunities, or assist deception to obtain property or a financial advantage or gain. Importantly, it does not matter whether the goods/services/land/opportunity actually exist or whether it is lawful to acquire them. This is a broad anti-fraud and anti-scam orientation embedded in the definition.
An “electronic message” is broadly defined as a message sent to an “electronic address”. The definition is not limited to whether the address exists or whether the message reaches its destination. However, the Act excludes messages sent by way of a voice call made using a telephone service. This distinction matters for practitioners assessing whether a particular communication falls within the statute.
“Unsolicited” is defined as a message where the recipient did not request to receive it or did not consent to the receipt of the message. The Act also clarifies that a recipient is not treated as having requested or consented merely because the recipient’s electronic address was given or published by or on behalf of the recipient. In practice, this prevents arguments that “publication equals consent” for marketing purposes.
2) Instant messaging accounts: a specific deeming rule. Section 4A addresses a technical but important issue: where an electronic message is sent to an instant messaging account, and the name used to identify or associate that account is an email address or mobile telephone number, the message is not treated as being sent to the email address or mobile telephone number mentioned. This helps avoid double-counting or misclassification when marketers target instant messaging handles that are linked to other identifiers.
3) Bulk sending and application of the Act. The Act applies to unsolicited commercial electronic messages sent “in bulk”. While the provided extract truncates the remainder of section 5 and does not include the full text of section 6 (“sending in bulk”) and section 7 (“application of Act”), the structure indicates that the statute is designed to regulate mass campaigns rather than one-off communications. For legal analysis, practitioners should therefore examine the statutory threshold for “bulk” and how it is measured (for example, by number of recipients, frequency, or other criteria set out in section 6). The “application” provision (s 7) then ties the definitions to the operative prohibitions and requirements in later Parts.
4) Address acquisition controls: dictionary attacks and address-harvesting software. Part 2 targets the methods used to obtain electronic addresses for spamming. Section 9 (as listed in the metadata) prohibits the use of dictionary attack and address-harvesting software. The definitions in Part 1 explain that “dictionary attack” is an automated method generating possible electronic addresses by permuting names, letters, numbers, punctuation, or symbols; and “address-harvesting software” is software designed or marketed to search the Internet for electronic addresses and collect/compile/capture/harvest them. This is a significant compliance point for businesses and vendors: even if a sender later claims to have “consent” or a legitimate marketing list, the Act can capture address acquisition practices that are inherently harvesting or guesswork-based.
5) Sender obligations for unsolicited commercial electronic messages in bulk (Second Schedule). Part 3 is the heart of the spam regime. Section 11 requires the sender of unsolicited commercial electronic messages in bulk to comply with the Second Schedule. While the extract does not reproduce the Second Schedule text, the typical legal architecture in such statutes is that the Second Schedule sets out mandatory requirements such as: identification of the sender, inclusion of accurate information, provision of an unsubscribe mechanism, and possibly time-related or format-related requirements. Practitioners should treat the Second Schedule as the compliance checklist. If a sender fails to meet those requirements, the message may be actionable under the civil provisions in Part 4.
6) Civil action: aiding, injunctions, damages, and costs. Part 4 provides enforcement through civil proceedings. Section 12 addresses “aiding, abetting, etc.”, which is crucial for liability analysis where intermediaries are involved (for example, marketing agencies, list brokers, or service providers who facilitate sending). Section 13 provides for a “civil action”, and section 14 provides for “injunction and damages” for civil action. Section 15 addresses “costs and expenses”. For practitioners, this means that affected recipients or other eligible plaintiffs may seek both immediate injunctive relief (to stop further spam) and monetary compensation (damages), with costs potentially recoverable depending on the outcome and the statutory framework.
7) Code of practice and regulatory instruments. Section 16 provides for a “code of practice”. Codes of practice often guide how the Authority expects compliance to be achieved, and they can be influential in litigation even if not strictly binding like primary legislation. Section 18 allows for regulations, and section 17 allows amendment of schedules. Together, these provisions mean the compliance landscape can evolve without changing the Act’s core text.
How Is This Legislation Structured?
The SCA is organised into five Parts:
Part 1 (Preliminary) sets out short title, general interpretation, and key definitions: “commercial electronic message” (s 3), “electronic message” (s 4), “electronic messages sent to instant messaging accounts” (s 4A), “unsolicited” (s 5), “sending in bulk” (s 6), and the Act’s application (s 7). This Part is foundational for determining whether conduct falls within the statute.
Part 2 (Dictionary attack and address-harvesting software) contains provisions applying to address acquisition techniques and prohibits the use of harvesting/guessing software (s 9).
Part 3 (Unsolicited commercial electronic messages) sets the operative framework for bulk unsolicited commercial messages, including sender compliance with the Second Schedule (s 11).
Part 4 (Civil action) provides the private enforcement mechanism: aiding/abetting liability (s 12), the civil action itself (s 13), remedies including injunctions and damages (s 14), and costs (s 15).
Part 5 (Miscellaneous) includes a code of practice (s 16) and provisions for amending schedules and making regulations (ss 17–18).
The First Schedule lists excluded electronic messages (communications that fall outside the Act’s scope). The Second Schedule sets out requirements for unsolicited commercial electronic messages—effectively the compliance conditions for bulk senders.
Who Does This Legislation Apply To?
The SCA applies to “senders” of electronic messages and, through Part 4, to persons who aid, abet, or otherwise facilitate non-compliant spam sending. The definition of “sender” is broad: it includes the person who sends the message, causes it to be sent, or authorises the sending. This can capture not only the marketing operator but also those who authorise campaigns or control sending processes.
It also applies to parties involved in address acquisition. Part 2 targets the use of dictionary attack and address-harvesting software, which can affect marketers, data vendors, and technology providers. Additionally, the Act’s civil action provisions mean that recipients (and potentially other eligible plaintiffs) can bring claims against responsible parties.
Why Is This Legislation Important?
The SCA is important because it addresses both the symptoms (unsolicited bulk commercial messages) and the enablers (address harvesting and dictionary attacks). For practitioners advising marketing clients, compliance is not limited to adding an unsubscribe link; it extends to how recipient lists are sourced and how campaigns are structured.
From an enforcement perspective, the civil action framework increases practical deterrence. Injunctions can stop ongoing campaigns quickly, while damages and costs can create meaningful financial exposure. The inclusion of aiding/abetting concepts also means that liability can extend beyond the nominal sender to intermediaries who play a role in authorising or facilitating spam.
Finally, the statutory definitions are intentionally broad—particularly the definition of “commercial electronic message”, which includes not only ordinary advertising but also messages that assist deception to obtain property or financial advantage. This breadth is likely to be relevant in disputes involving scam-like marketing, investment fraud, and deceptive promotional schemes delivered electronically.
Related Legislation
- Info-communications Media Development Authority Act 2016 (definition of “Authority”)
- Spam Control Act 2007 (Legislative History / amendments)
Source Documents
This article provides an overview of the Spam Control Act 2007 for legal research and educational purposes. It does not constitute legal advice. Readers should consult the official text for authoritative provisions.