Is Cold Emailing Illegal? Guide to Anti-Spam Laws

no prior experience & time required

Find your winning outbound formula

Is Cold Emailing Illegal

Table of contents

Editor’s Note: While we can’t give legal advice, we can certainly help you interpret what these laws mean with respect to cold emails and help you create a non-spammy sales outreach experience for your prospects and leads.

What is cold email?

A cold email is an unsolicited email sent to a receiver without prior contact to build a relationship with the potential customers and move them forward in the sales funnel.

Unsolicited emails can be defined as the text equivalent of cold calling. Along with transactional and warm emailing, cold emailing is a subset of email marketing.

Although cold emailing campaigns have nothing in common with spam, unsolicited commercial messages may be treated as spam unless cold email laws are followed.

So is it illegal to cold email? Let’s take a more detailed look.

Is cold emailing illegal?

Remember the good ol’ days when you could buy Cialis online without prescription (yay!).

What about finding out that a certain long-lost relative halfway across the world has passed away leaving gazillions of dollars and a huge estate in your name?

Nowadays it’s quite rare to find spam emails in your priority inbox. We can thank Canadian and EU email marketing laws that require opt-in and have influenced many email compliance laws in the world, plus the filters, blacklists, inbox management from your ISP, and email client.

There’s been a lot of discussion and recommendations on how to be compliant from a marketing perspective.

Unfortunately, the sales-side hasn’t been thought of nearly enough.

The question whether cold emails are considered spam or not, still remains largely unanswered, especially when we have different legal and compliance requirements among different jurisdictions/countries.

Before we talk about how different email laws apply to cold emailing, we need to discuss the differences between spam vs. cold emails.

Seek, pick, and reach

Connect with your potential customers

What are “spam” emails? Are cold emails legal?

Spam vs. Cold Email can be a tricky process to navigate, since there is no universal definition of spam accepted around the world.

However, emails are considered spam if the source and identity of the sender is anonymous and was sent en masse with malicious intent (meaning it can be sent to anyone, regardless of their industry or connection to your company with the intent of doing harm to the recipient) or — in certain jurisdictions — without opt-in.

And, of course, the email promotes “scam” activities that would require the receiver to turn over sensitive financial or personal information to the sender of the email.

You’re probably wondering, “is cold emailing illegal?” As a general rule, your cold email/outreach campaigns should be exploratory in nature.

For instance, if you are selling a lead generation software/tool, avoid jumping right into your sales pitch and asking for a meeting or trial sign-up in your first email. Instead, ask the director of sales (if that’s who you’re targeting) how is she/he keeping the sales pipeline full of qualified leads? What’s the process, what works/doesn’t work for the team?

Show them that you’re interested in learning and finding out if there is a need at all.

Once you get the conversation going and you get a positive reply, educate them about your solution. Specifically, how it can precisely help alleviate those pains and achieve their goals.

The three things that we need to keep in mind when creating your outreach campaigns are:

Now, let’s take a look at how a sales rep can ensure their cold emailing is legal.

Cold emailing in the USA: CAN-SPAM

Is cold emailing illegal in the USA? If your prospects (recipients) are in the United States, irrespective of where you are located, the CAN-SPAM Act applies.

Set in 2003, the CAN-SPAM regulations cover all commercial messages. This means any email with the goal of advertising and/or promoting a product or service.

READ How to get your sales stack in line

How to stay CAN-SPAM compliant

CAN-SPAM email laws are based on an opt-out principle and, therefore, less restrictive than their counterparts (CASL and certain EU laws).

CAN-SPAM regulations allow you to send emails to business people who you don’t know, i.e. don’t have an existing business relationship; however, you must make sure you comply with the rules outlined by the FTC (Federal Trade Commission), which are:

  • Don’t use false or misleading header information.
  • Don’t use deceptive subject lines.
  • Tell recipients where you’re located with a physical address (this information can go in your email signature).
  • Tell recipients how to opt-out of receiving future email from you.
  • Honor opt-out requests promptly.
  • Allow recipients to opt out without paying a fee.

Also, keep in mind that CAN-SPAM gives you ten days to remove individual recipients from your email list after they request.

In addition, this act prohibits asking subscribers to take other steps to opt out after the initial request.

Failure to comply with CAN-SPAM requirements might result in your company being labeled as spam, potentially leading to fines and certain email providers blocking your company from communicating with customers.

On the other hand, by following CAN-SPAM regulations, you’ll open your company to a wealth of new contacts and business leads.

Cold emailing in Canada: CASL

Is cold emailing illegal in Canada?

If you’re sending cold emails from Canada, through Canadian servers or anywhere in the world to Canadian recipients, it’s important to have full knowledge of Canada’s Anti-Spam Legislation (CASL), which presents a different approach and, in general, requires an opt-in consent unless an implied one can be applied. It includes all CAN-SPAM requirements and also adds express and implied consent requirements.

Express consent means the recipient agreed to receive electronic communication from you, whether verbally, in writing or digitally.

There is no time limit to contact the recipient; however, if they withdraw consent, you must not email them. Failure to do so can result in heavy fines for your company.

Implied consent is more difficult to navigate and only applies to select circumstances, including:

  • The sender and recipient have an existing relationship. For example, if someone contacted you about your products or purchased something in the past, it is implied that they would like to receive emails from you. What if you found an email from someone who sent you an inquiry 5 years ago? They gave you their email address, so they’ve opened themselves up to communication with your company, right? According to CASL, no. Any communications must be sent within 24 months (2 years) of the purchase or inquiry date. Anything beyond that is considered spam.
  • This type of consent is also obtained when people or organizations have made a donation or been a member or volunteer for your organization in the past. Just like existing relationships, these emails must be sent within 24 months of receiving the donation, attending their last meeting, or volunteering.

Having to ask for express or implied (under the above terms) consent defeats the whole purpose of cold emails.

If you can’t cold email anyone outside of your contact list, how are you supposed to generate new leads? Luckily, CASL’s Implied Consent clause also allows you to cold email a business contact who does not have an existing business relationship with you or your company if:

  • Their email is publically available (on their company/personal website and sites like LinkedIn, AngelList, CrunchBase, etc.)
  • Their emails are not accompanied by a statement indicating they do not want to receive commercial electronic messages at that address.
  • Your commercial emails must relate to your recipient’s business roles, functions or duties in an official or business capacity.

How should I keep records?

The CASL website has an excellent resource on keeping records that you can find here.

However, in short, you will want to keep hard and electronic copies of your company’s procedures, all unsubscribe requests and proof that you followed the request within ten days, evidence of express consent, commercial electronic scripts, staff training documents, financial records, etc.

This will allow you to prove that you’re following CASL laws, identify non-compliance sooner rather than later, respond to questions or investigations if accused of spamming and monitor how well your employees are following CASL protocols. While this may seem like a lot to save, it can potentially save you countless hours and time if an issue comes up.

Сold emailing in the UK

In the UK, anyone who processes domestic personal data, including email addresses, has to comply with the DPA (Data Protection Act) 2018 and the UK GDPR (General Data Protection Regulation) and — most of all — with the Privacy and Electronic Communications Regulations 2003 (PECR) that covers sending of marketing emails and requires and opt-in or having a customer relationship to send such.

Is cold emailing illegal in the UK? The UK’s anti-spam law requires companies to gain an individual’s consent before they send emails to them.

Consequently, the UK laws don’t permit you to send cold emails to private individuals (which also refers to situations when work email address belongs to a sole trader or unincorporated partnership), but you can still cold email corporations — such as LLCs and PLCs.

By the UK’s spam law, you can send commercial emails to individuals who have given you consent via a third party, such as a reseller or an organization within the same group as yours.

For instance, if a potential customer has opted to receive emails from your parent company, you can cold email them.

In addition, you are allowed to add recipients to your email lists if your company or a company within your group has done business with them before, and they left their email addresses for marketing purposes. In this case, the product or service you’re promoting has to be similar or related to those the person was purchasing or negotiating to purchase when their address was initially given.

How to send cold emails in the United Kingdom?

Regardless of strict regulations, cold emailing is possible in the UK if you follow these steps:

  1. Get the customer’s permission, unless the address belongs to a corporation.
  2. Provide your customers with an opportunity to easily submit opt-out requests.
  3. Give accurate sender details, including your business address.
  4. Make sure the subject line reflects the content of the email.
  5. If your cold email is an advertisement, label it appropriately. 

leave no lead unexplored

Every potential client within reach

Сold emailing in Australia

No matter its origin, any cold email opened in Australia is subject to Australia’s Spam Act 2003. According to this law, you need to gain either express consent or inferred permission if you intend to send marketing communications to recipients in Australia. 

Express consent includes:

  • filling out a form
  • ticking a box on a website
  • agreeing via phone
  • giving permission in person.

Inferred permission (or inferred consent) is when an individual provides their email/physical address.

How to send cold emails in Australia

Except form obtaining express consent or inferred permission, make sure you stick to a few rules:

  • your cold email should clearly identify the sender (i.e. clear business name and physical address)
  • simple opt out—for instance, by including an unsubscribe link.


Сold emailing in the European Union

Is cold emailing legal across the EU? Practically, yes, but you need to comply with two sets of regulations:

  • Privacy and Electronic Communications Directive 2002 (PECD), which is a basis for national laws governing this area, specifying that “everyone has the right to respect for their private and family life, home and communications.”
  • GDPR (General Data Protection Regulation) issued in 2018, focusing on personal data protection.

While PECD prohibits specific unsolicited commercial messages, GDPR stipulates the ways organizations gain recipient data and keep it secure.

How to cold email EU citizens

In accordance to staying PECD and GDPR compliant, you have to satisfy the following requirements:

  • accurate sender details (name, physical address)
  • a clear subject line
  • an easy way to opt-out.

Finally, it’s crucial to keep in mind that each EU country has its own regulations on top of the GDPR. So before you start to cold email citizens of any specific EU country, make sure you comply with the national legislation.

Is cold emailing illegal under the GDPR?

So is cold emailing illegal under the GDPR? No. Actually, this is one of the biggest myths. GDPR doesn’t ban cold emailing.

This regulation only points out that you should have a strong reason to contact your potential customers which is called a ‘legitimate interest’ and constitutes legal ground for the processing of personal data.


Digital marketing removed the need to drop marketing materials into a post office box, and instead of using postal service, sales reps can enjoy the convenience of sending an electronic message to their potential customer.

Although it has nothing to do with non-solicited pornography and most sales reps don’t send e-messages with the intent of spamming, each unrequested electronic mail message is subject to regulations.

So is cold emailing legal? Yes, but you need to stick to a few rules. Although they vary across different countries, these rules boil down to the following:

  • obtain express or inferred consent/permission from the recipient
  • use a relevant subject line reflecting the content of your actual message (you can also mark your electronic message as a commercial advertisement)
  • avoid deceptive subject lines
  • make sure your email message contains accurate sender details, including your genuine physical address
  • take care of a convenient opt-out method: provide your recipient with a clear and easy way to opt out.

Finally, always get familiar with the email marketing regulations in each specific country: CAN-SPAM Act in the US, Anti-Spam Legislation in Canada, DPA and the UK GDPR in the UK, Australia’s Spam Act in Australia, and PECD and GDPR in the EU.

Again, this is not legal advice and Growbots supplies Services in accordance with Terms of Service and Privacy Policy. We do encourage you to respect our contractual or other legal obligations, including applicable personal data protection laws and regulations related to unsolicited commercial communications that — as you see — may vary between different jurisdictions.

no prior experience & time required

Find your winning outbound formula with Concierge

no prior experience & time required

Find your winning outbound formula with Concierge

your email setup check

Be compliant with the newest Google & Yahoo regulations

This website uses cookies to improve your experience.