The Department of Internal Affairs is warning companies marketing or promoting their services with email addresses purchased from database marketing companies that they risk breaking anti-spam law.

Anti-spam compliance manager Steve O'Brien said eight companies that had used emails to market and promote their own goods with addresses purchased from the same company were being investigated.

The Unsolicited Electronic Messages Act (UEM) prohibits commercial spam - email, instant messaging, SMS and MMS (text and image-based mobile phone messaging).

Mr O'Brien said the department had previously warned of the risks of using purchased addresses and initially was understanding that some companies may have been misled about recipients' consent to receive commercial electronic messages. But it was now dealing with a run of complaints.

"Just because an email address is on a database that can be purchased and carries a classification, doesn't mean that consent exists," Mr O'Brien said.

"Similarly, just because a company's email address can be found on the internet does not necessarily mean that it has been 'conspicuously published'.

"It is the sender of a commercial email or SMS text who must be able to prove they have the recipient's consent, not the seller of the database."

The Act provides that deemed consent exists if:

* an electronic address has been conspicuously published by a person in a business or official capacity, and

* it is not accompanied by a statement requesting that no unsolicited messages be sent to that address, and

* the message is relevant to the recipient's business, role, function or duties in a business or official capacity.

Mr O'Brien said if a sender was unable to satisfy the department that they had consent to send a commercial electronic message, then a breach of the Act had occurred. Penalties range from written warnings, through to infringement notices and pecuniary penalties.