In short
Malaysia at the moment lacks a devoted authorized framework to successfully handle the rising scale and class of spam-related actions, which have seen a virtually 200% surge in reported complaints between 2021 and 2025. In response, the Malaysian Communications and Multimedia Fee (MCMC) is proposing a regulatory framework for Unsolicited Business Digital Messages (UCEM), generally known as spam (“Proposed Framework“). On 13 August 2025, MCMC issued a public session paper (PCP) inviting suggestions on the Proposed Framework.
- Will ultimately be developed into subsidiary laws to enrich Part 233A of the Communications and Multimedia Act 1998 (i.e., no individual shall ship, trigger to be despatched or authorise the sending of UCEM)
- Goals to offer a transparent, enforceable algorithm to boost shopper safety, whereas supporting accountable digital advertising in Malaysia’s rising digital financial system
Set out beneath is a excessive degree overview of the important thing proposals outlined within the PCP:
| Ideas | Abstract of Proposed Framework | Key necessities and situations |
| Definitions | Introduces UCEM | UCEM: any business piece of email despatched via any communication mode (the place there isn’t a prior relationship between sender and recipient and no prior consent from the recipient).Electronic mail: any message despatched utilizing a community service or functions service to an digital handle, endpoint or related communication mode (no matter whether or not the handle exists or whether or not the message reaches the meant recipient).Business Digital Message (CEM): any piece of email despatched by digital means for the needs of selling, providing, advertising or supplying (amongst others) merchandise, providers or an individual who supplies the aforementioned. Consists of messages which include oblique promotional consent or request to ship future business content material. |
| Malaysian hyperlink | The CEM will need to have a “Malaysian hyperlink”. | A CEM is taken into account to have a Malaysian hyperlink if it meets any of the next situations:Sender-based connection: The sender is bodily current in Malaysia, a Malaysian citizen or everlasting resident (no matter bodily location), or a corporation fashioned, integrated, or carrying on enterprise in Malaysia (no matter the place the message is shipped or the infrastructure used).Recipient-based connection: The message is shipped to a person bodily current in Malaysia, a Malaysian citizen or everlasting resident, or a corporation fashioned, integrated, or working in Malaysia.Infrastructure-based connection: The message is accessed through a pc, server, or community infrastructure positioned in Malaysia.Intent-based connection: An undeliverable message nonetheless has a Malaysian hyperlink if there’s proof of intent to focus on Malaysian customers, reminiscent of utilizing a “.my” area or content material with native language and geographic references. |
| Consent Mannequin | The Proposed Framework is predicated on a consent-based mannequin, requiring voluntary, particular, knowledgeable, and unambiguous consent from the recipient earlier than sending a CEM. This consent may be specific or implied. | Specific Consent: Requires a transparent, affirmative act from the recipient, reminiscent of checking an unchecked field or submitting a type.It have to be voluntary, particular to the aim of receiving CEMs, and the sender’s identification, message function, and message varieties have to be transparently disclosed.Recipients will need to have a free and accessible solution to withdraw consent, with requests processed inside 10 working days.Senders should additionally hold verifiable data of how and when consent was obtained.Implied Consent: Will be moderately inferred from an present or prior relationship, reminiscent of a business transaction, membership, or subscription.The content material of the message have to be immediately associated to that relationship.Implied consent is topic to time limitations: as much as 24 months from the final transaction or six months from a final inquiry if no transaction occurred.Recipients should nonetheless have the ability to decide out.Senders should keep data of the connection from which consent was derived. |
| Necessary Message Necessities | All CEM should embrace particular data to make sure transparency and accountable communication. | Clear Sender Identification: The message should clearly show the sender’s identify or legally registered enterprise identification and supply purposeful, responsive and accessible (e.g., no obscure navigation) contact particulars that may be simply used. This contact data have to be correct and purposeful for at the least 30 calendar days.Purposeful Choose-Out Facility: Each message should include a free, clear, and purposeful mechanism for recipients to unsubscribe. This mechanism have to be user-friendly, simply accessible, and stay operational for at the least 30 calendar days. All opt-out requests have to be processed inside 5 enterprise days.Correct Message Labelling: The topic line should precisely mirror the message’s content material and never be false, deceptive or misleading.The letters  adopted by an area should seem at the start of the topic line (or the primary line of the message physique if there’s no topic line) to establish the message as an commercial.Header data (reminiscent of sender identify, reply to deal with and routing knowledge) should even be correct, not deceptive or misleading. |
| Prohibition of Handle Harvesting and Dictionary Assaults | The Proposed Framework features a clear prohibition on the acquisition, distribution, or use of instruments and practices associated to deal with harvesting and dictionary assaults for the aim of sending UCEM. | The Proposed Framework prevents any individual from buying, distributing, making obtainable, or utilizing:Automated instruments or software program designed to extract digital addresses from on-line sourcesSoftware that generates addresses via automated or pattern-based guessing, generally known as dictionary attacksAny databases or lists of digital addresses obtained via these methodsThe rights to entry, promote, or use such software program or harvested lists, together with these obtained indirectlyAdditionally, senders are explicitly prohibited from sending UCEM to any digital handle that was obtained utilizing address-harvesting software program or compiled via a harvested record, or generated through dictionary assaults or related automated methods. |
The MCMC is looking for suggestions on the Proposed Framework by 5 pm on 27 August 2025. As soon as applied, the Proposed Framework is anticipated to considerably reshape how organizations conduct digital advertising actions. Specifically, companies might want to decide whether or not their CEMs have a Malaysian hyperlink. If that’s the case, they have to revise their knowledge assortment and acquisition methods, in addition to replace their advertising supplies to adjust to the particular necessities of the Proposed Framework.
* * * * *
© 2025 Wong & Companions. All rights reserved. Wong & Companions, member of Baker & McKenzie Worldwide. This will qualify as “Lawyer Promoting” requiring discover in some jurisdictions. Prior outcomes don’t assure the same final result.
In short
Malaysia at the moment lacks a devoted authorized framework to successfully handle the rising scale and class of spam-related actions, which have seen a virtually 200% surge in reported complaints between 2021 and 2025. In response, the Malaysian Communications and Multimedia Fee (MCMC) is proposing a regulatory framework for Unsolicited Business Digital Messages (UCEM), generally known as spam (“Proposed Framework“). On 13 August 2025, MCMC issued a public session paper (PCP) inviting suggestions on the Proposed Framework.
- Will ultimately be developed into subsidiary laws to enrich Part 233A of the Communications and Multimedia Act 1998 (i.e., no individual shall ship, trigger to be despatched or authorise the sending of UCEM)
- Goals to offer a transparent, enforceable algorithm to boost shopper safety, whereas supporting accountable digital advertising in Malaysia’s rising digital financial system
Set out beneath is a excessive degree overview of the important thing proposals outlined within the PCP:
| Ideas | Abstract of Proposed Framework | Key necessities and situations |
| Definitions | Introduces UCEM | UCEM: any business piece of email despatched via any communication mode (the place there isn’t a prior relationship between sender and recipient and no prior consent from the recipient).Electronic mail: any message despatched utilizing a community service or functions service to an digital handle, endpoint or related communication mode (no matter whether or not the handle exists or whether or not the message reaches the meant recipient).Business Digital Message (CEM): any piece of email despatched by digital means for the needs of selling, providing, advertising or supplying (amongst others) merchandise, providers or an individual who supplies the aforementioned. Consists of messages which include oblique promotional consent or request to ship future business content material. |
| Malaysian hyperlink | The CEM will need to have a “Malaysian hyperlink”. | A CEM is taken into account to have a Malaysian hyperlink if it meets any of the next situations:Sender-based connection: The sender is bodily current in Malaysia, a Malaysian citizen or everlasting resident (no matter bodily location), or a corporation fashioned, integrated, or carrying on enterprise in Malaysia (no matter the place the message is shipped or the infrastructure used).Recipient-based connection: The message is shipped to a person bodily current in Malaysia, a Malaysian citizen or everlasting resident, or a corporation fashioned, integrated, or working in Malaysia.Infrastructure-based connection: The message is accessed through a pc, server, or community infrastructure positioned in Malaysia.Intent-based connection: An undeliverable message nonetheless has a Malaysian hyperlink if there’s proof of intent to focus on Malaysian customers, reminiscent of utilizing a “.my” area or content material with native language and geographic references. |
| Consent Mannequin | The Proposed Framework is predicated on a consent-based mannequin, requiring voluntary, particular, knowledgeable, and unambiguous consent from the recipient earlier than sending a CEM. This consent may be specific or implied. | Specific Consent: Requires a transparent, affirmative act from the recipient, reminiscent of checking an unchecked field or submitting a type.It have to be voluntary, particular to the aim of receiving CEMs, and the sender’s identification, message function, and message varieties have to be transparently disclosed.Recipients will need to have a free and accessible solution to withdraw consent, with requests processed inside 10 working days.Senders should additionally hold verifiable data of how and when consent was obtained.Implied Consent: Will be moderately inferred from an present or prior relationship, reminiscent of a business transaction, membership, or subscription.The content material of the message have to be immediately associated to that relationship.Implied consent is topic to time limitations: as much as 24 months from the final transaction or six months from a final inquiry if no transaction occurred.Recipients should nonetheless have the ability to decide out.Senders should keep data of the connection from which consent was derived. |
| Necessary Message Necessities | All CEM should embrace particular data to make sure transparency and accountable communication. | Clear Sender Identification: The message should clearly show the sender’s identify or legally registered enterprise identification and supply purposeful, responsive and accessible (e.g., no obscure navigation) contact particulars that may be simply used. This contact data have to be correct and purposeful for at the least 30 calendar days.Purposeful Choose-Out Facility: Each message should include a free, clear, and purposeful mechanism for recipients to unsubscribe. This mechanism have to be user-friendly, simply accessible, and stay operational for at the least 30 calendar days. All opt-out requests have to be processed inside 5 enterprise days.Correct Message Labelling: The topic line should precisely mirror the message’s content material and never be false, deceptive or misleading.The letters adopted by an area should seem at the start of the topic line (or the primary line of the message physique if there’s no topic line) to establish the message as an commercial.Header data (reminiscent of sender identify, reply to deal with and routing knowledge) should even be correct, not deceptive or misleading. |
| Prohibition of Handle Harvesting and Dictionary Assaults | The Proposed Framework features a clear prohibition on the acquisition, distribution, or use of instruments and practices associated to deal with harvesting and dictionary assaults for the aim of sending UCEM. | The Proposed Framework prevents any individual from buying, distributing, making obtainable, or utilizing:Automated instruments or software program designed to extract digital addresses from on-line sourcesSoftware that generates addresses via automated or pattern-based guessing, generally known as dictionary attacksAny databases or lists of digital addresses obtained via these methodsThe rights to entry, promote, or use such software program or harvested lists, together with these obtained indirectlyAdditionally, senders are explicitly prohibited from sending UCEM to any digital handle that was obtained utilizing address-harvesting software program or compiled via a harvested record, or generated through dictionary assaults or related automated methods. |
The MCMC is looking for suggestions on the Proposed Framework by 5 pm on 27 August 2025. As soon as applied, the Proposed Framework is anticipated to considerably reshape how organizations conduct digital advertising actions. Specifically, companies might want to decide whether or not their CEMs have a Malaysian hyperlink. If that’s the case, they have to revise their knowledge assortment and acquisition methods, in addition to replace their advertising supplies to adjust to the particular necessities of the Proposed Framework.
* * * * *
© 2025 Wong & Companions. All rights reserved. Wong & Companions, member of Baker & McKenzie Worldwide. This will qualify as “Lawyer Promoting” requiring discover in some jurisdictions. Prior outcomes don’t assure the same final result.
