The short answer is no; cold emailing isn’t illegal. However, based on where you are, you’ll need to comply with anti-spam laws like the CAN-SPAM Act or the GDPR to ensure you don’t land in legal hot waters.
In this article, I’ll explain the difference between cold emailing and spam and what laws apply to unsolicited emails in various jurisdictions. Finally, I’ll provide four practical cold emailing guidelines to help you run successful, legally compliant cold email campaigns.
This Article Contains:
(Click on the links below to jump to specific sections.)
Let’s dive in.
Note: If you want a cold email masterclass, read my in-depth guide on cold emailing to learn when to use cold emails, how to write them, and more.
Is Cold Email Illegal?
No, cold emailing is not illegal.
However, it often gets confused with spam emails, which are illegal in most cases.
Governments in several countries have actually introduced legislation to regulate spam emails.
That’s why any sales professional who wants to stay on the right side of the law should know the difference between cold email vs spam email.
How Are Cold Emails Different Than Spam?
Usually, an email is considered spam if the sender sends mass unsolicited emails to a list of recipients without bothering to know who those recipients are, or if the email is even applicable for them. These email lists are purchased or scraped from thousands of websites using bad prospecting software.
These unsolicited emails often go straight into the recipient’s spam folder.
On the other hand, cold emails are intentional and personalized to the recipient’s needs.
It aims to provide value to the recipient, helping them address any unique goal or challenge they may be facing.
Cold emailers screen the recipients for context and do not send random emails to a list in general.
Now, as long as it’s done right, cold emailing is perfectly legal.
However, various countries have their own rules regarding what’s “right” for unsolicited commercial emails. It’s crucial you keep these in mind for your cold email outreach campaign.
In this article, I’ll take you through the legal aspects of cold emailing in:
Disclaimer: The information in this blog post is provided for general informational purposes only and may not reflect the current law in your jurisdiction. No information in this post constitutes legal advice, nor is it intended to be a substitute for legal counsel.
1. Cold email laws in the United States
In the U.S., the CAN-SPAM Act was enacted in 2003.
The CAN-SPAM Act established the requirements for all commercial messages that promote or advertise a product or service.
A. What the law states
The CAN-SPAM Act gives recipients the right to stop receiving unsolicited emails and specifies harsh penalties of up to $43,792 for violations. It applies to any electronic message and not just bulk emails.
B. How to comply
Here are some key guidelines to help you avoid breaching the CAN-SPAM Act when sending commercial emails to U.S.-based recipients:
- Never use misleading or false information: All the information you provide, including your “from,” “to,” “reply-to,” email address, routing information, and originating domain name must be correct.
- Don’t use deceptive subject lines: The email subject line should accurately indicate the content of the email.
- Clarify what the message is about: Always clearly state if the email message is an advertisement.
- Include your location: You must include your valid physical address in a cold email. This could be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox registered with a commercial mail receiving agency.
- Inform recipients how to opt out of receiving future emails from you: It should be unambiguous and easy to do.
- Honor recipients’ opt-out requests promptly: You must be able to process opt-out requests within 10-days of receiving them.
And if you hire a company to handle your email marketing campaigns, you still need to ensure they comply with CAN-SPAM requirements when sending emails on your behalf.
2. Cold email laws in yhe European Union
If you’re sending marketing emails to E.U. citizens, you’ll need to comply with two sets of regulations.
The E.U. initially outlined its rules against spam in the Privacy and Electronic Communications Directive 2002 (PECD). Also known as the ePrivacy Regulation, it specifies that “everyone has the right to respect for their private and family life, home and communications.”
You’ll also need to comply with the GDPR (General Data Protection Regulation), which came into effect on 28th May 2018. Any organization in non-E.U. countries that offer goods and services to or communicates with E.U. residents will also have to comply with the GDPR.
While the PECD focuses on the “respect for private and family life,” the GDPR focuses on the “protection of personal data.”
A. What the law states
The general aim of the PECD is to prohibit certain unsolicited commercial messages. As with all E.U. directives, it leaves it to the member states to translate into law.
On top of that, the GDPR dictates how organizations obtain recipient data and keep it secure.
As a result, anyone undertaking digital marketing or sending sales emails will need to comply with both the PECD and GDPR.
B. How to comply
When sending unsolicited emails, it is possible to remain PECD and GDPR compliant by ensuring that these emails are directed to people who will find the message helpful.
You also have to fulfill other requirements such as:
- The sender must identify themselves and the topic of the email, provide accurate sender details, and include a genuine physical address in the email.
- There must be a straightforward, unambiguous way for recipients to opt-out of future emails and request the deletion of their personal data.
Now it’s important to remember that each country in the E.U. has its own regulations which supplement the GDPR. You’ll need to determine the national legislations that apply to your cold emails and ensure GDPR compliance.
For more information on sending GDPR compliant marketing messages, read my article on GDPR Email Marketing.
3. Cold email laws in the United Kingdom
In the UK, anyone processing domestic personal information, including email addresses, must comply with the DPA (Data Protection Act) 2018 and the UK GDPR (General Data Protection Regulation).
Since Brexit, the E.U. GDPR does not apply unless you are in the U.K. and your recipients are E.U. citizens who live outside of the U.K.
However, the U.K.’s DPA 2018 has already enacted the E.U. GDPR’s requirements into U.K. law. The new regulation is known as the U.K. GDPR.
A. What the law states
The U.K.’s anti spam law requires companies to obtain an individual’s consent before sending marketing communications to them.
But you may be wondering:
How can I send a cold email if I have to obtain the recipient’s consent first?
After all, isn’t a cold email an electronic mail sent to someone you’ve never interacted with before?
Yes, that’s true.
Unfortunately, the U.K. doesn’t seem to allow you to send cold emails to private individuals — but you can send them to corporations.
Under the U.K.’s spam law, you can send commercial emails to people who have given you consent via a third party, such as a reseller or a company within the same group as yours.
For example, if a potential customer has expressly opted in to receive emails from your parent company, you can send them emails.
You can also add recipients to your email lists if your company or a company within your group has previously done business with them, and they provided their email addresses for future marketing purposes.
However, the product or service you’re marketing must be similar or related to those the individual was buying or negotiating to buy when their email address was initially obtained.
B. How to comply
In addition to the consent laws mentioned above, there are some general rules for cold emailing in the U.K.:
- Have a clear opt-out method: Give people a clear, easy way to unsubscribe from your mailing list.
- Provide your business address: Include your physical address and a valid email address.
- Obtain recipient email addresses honestly: Ensure the data is stored safely, especially individual’s personal information.
- Resist the urge to use clickbait and deceptive subject lines: Indicate what the email is about in the subject line.
4. Cold email laws in Canada
In Canada, you’ll need to comply with the CASL (Canada’s Anti-Spam Legislation).
Before Canada’s Anti-Spam Legislation came into effect on July 1st, 2017, cold emailing was permitted as long as you had implied consent.
For example, if the potential client did business with your company in the past, it would be reasonable to assume they would consent to receive marketing emails from you.
However, that isn’t always the case anymore.
Now, in most instances, a marketer needs a recipient’s explicit consent before sending them marketing messages.
A. What the law states
According to CASL rules, before sending a commercial electronic message, you should be able to prove that the recipient has given you consent to do so.
But still, there may be certain circumstances where implied consent is allowed.
For example, you can send a cold email to a potential client whose email address was given to you by a mutual contact who has a business relationship with the recipient.
The individual should have a legitimate interest in your offering, and the message must be relevant to their business, role, function, or duties in a company.
Note: You can’t email a recipient solely to ask for their permission to receive further communications from you.
B. How to Comply
Once you’ve obtained consent, either implied or explicit consent, there are a few rules you’ll need to follow:
- Identify yourself as the sender and include your contact details, physical address, and a valid email address.
- As is the case in most jurisdictions, you’ll need to have an unsubscribe option that’s quick and easy to use.
- You’ll also need to honor unsubscribe requests promptly.
5. Cold email laws in Australia
In Australia, the Spam Act 2003 applies to any electronic marketing material.
Your cold emails are subject to these regulations whether the mail originated within the nation’s borders or not, as long as the mail is opened in Australia.
A. What the law states
To send marketing communications, including cold emails to Australian recipients, you’ll need to obtain either express consent or inferred permission.
Express consent includes:
- Completing a form.
- Ticking a box on a website.
- Agreeing telephonically.
- Giving permission in person.
Under Australian law, inferred permission is when a person gives you their physical/email address, and it’s reasonable that they would expect to receive sales emails, cold calls, or marketing materials from you.
For example, anyone who subscribes to an account with your company is considered to have given inferred consent.
B. How to comply
Other requirements under Australia’s email and electronic marketing laws include:
- The commercial electronic message should clearly identify the sender. Your business name should be clear and identifiable, and your contact details should be accurate.
- Make it simple to unsubscribe — for example, by adding an unsubscribe link.
Now that you have an idea of the various laws regarding cold emailing, I’ll go over some practical guidelines to help you send successful cold emails that are also legally compliant.
4 Guidelines for Sending Cold Emails Legally
Although each country has differing requirements regarding electronic marketing messages, there are a few general guidelines that you can apply regardless of your location.
1. Only send emails to recipients who have an interest in your offering
All of the major jurisdictions we’ve looked at generally allow cold emailing in some form, as long as there’s an inferred consent or you’re emailing someone for a legitimate reason.
Refrain from using harvested lists with email addresses obtained illegally from third parties, including website crawling bots or trading lists with other companies. You can’t guarantee whether the recipients in such lists will actually be interested in your offerings.
A better way to build your mailing list is through social media sites like LinkedIn where you can find better cold leads.
For more information on finding and nurturing email leads properly, read my in-depth article.
2. Make it easy for people to opt-out
When sending a cold email, you’re assuming the recipient has a legitimate interest in your offering, but they may not.
That’s why you should make it simple for them to unsubscribe and stop receiving emails from you in the future. And a quick way to do this is by adding a straightforward unsubscribe link in your email.
3. Implement strict data security measures
You must keep the personal data of your recipients secure. If recipients unsubscribe, remove them from your campaign immediately and delete their details from your database.
(Note: GMass has automatic unsubscribe management, so if people unsubscribe from your campaigns, we’ll automatically suppress any future emails you try to send to them.)
4. Avoid deceptive subject lines
One of the keys to avoid breaching an anti spam law is transparency.
And that includes being completely transparent about the purpose of your email.
That’s why you should never use clickbait — the subject line should clearly state what the message is about. This also reduces your bounce rate and the likelihood of the recipient’s spam filter blocking your mail.
And keep an eye on your cold email response rates. If you can send cold emails that generate a good number of opens and replies, you’ll be a lot better off than if no one ever bites on what you’re selling.
To learn how to send successful cold emails, check out my handy cold email marketing guide.
Is Cold Email Illegal? Conclusions and Wrapping Up
Cold emailing is legal — as long as your cold outreach strategy complies with relevant national and state laws.
To avoid breaching most anti-spam laws, you have to determine your target audience, obtain their contact information in a legally compliant way, provide them with an easy opt-out, and more.
While complying with various countries’ laws may seem challenging, not all aspects of your cold emailing campaigns need to be complicated.
Once you’ve complied with legal regulations, you can use a tool like GMass to simplify your cold outreach efforts.
With this powerful tool, you can auto-personalize your cold email marketing campaigns, track open rates, streamline follow-ups, boost email deliverability, and do so much more.
Email marketing. Cold email. Mail merge. Avoid the spam folder. Easy to learn and use. All inside Gmail.
TRY GMASS FOR FREE
Download Chrome extension - 30 second install!
No credit card required
Thank you Ajay,
You have certainly clarified the position of cold email marketing. It seem straight forward and nothing to be concerned about as long as we stick to the laws governing each international authority we send those cold emails to.
It is also made clear how to obtain said cold emailing lists and this is a straight forward procedure too,
thank you Ajay.
Thank you for sharing the major aspects to consider while working on cold emailing. Recently, I came across one more tool called PursueApp. I am a bit confused between GMass and PursueApp. Please clear my doubts on how these two compare each other?
So, seems like it is illegal to send cold emails in Canada in Australia, unless there is a green light from a recipient – right?
This is a great explanatory topic,. Thank you for this, Ajay. It is a grey area and very difficult to explain and you have done a great job! I have 2 open questions, hopefully you will be able to help me:
1. All these laws – I assume they are applicable to the person sending the emails not the receiver? E.g. If I send a mail from Canada (physical address as required mandatorily is in Canada), but the recipient is in Europe, what law applies to my email to the recipient – CASL or PECB & GDPR?
2. LinkedIn – the people connected to me did so in full consciousness. I mean, if I as a person am connected to them in a professional network, would it be reasonable to think that they agreed to connect with me only because I was relevant to them? Can we send relevant cold emails to them w/o fear of these laws? Relevant to them of course in terms of subject matter, with the physical address and Unsubscribe option.
I don’t think one can ever have an explicit consent and then do marketing emails to them…that doesn’t make much sense because in such a scenario, one has already done the initial ‘marketing’ as we have their email. However, LinkedIn is a curious thing because one is connected to all these people…thoughts?
Many thanks again!
Yogi