Cold email is an incredible channel to grow your network, acquire new clients, and start conversations with anyone in the world.

However, it often comes under scrutiny, and people are unsure of the spam laws and regulations that apply to cold emailing.

In this guide, I’ll walk you through everything you need to know about the legality of cold email, the laws that apply depending on your location, and how to ensure you stay compliant.

  1. Definitions: Cold Email vs. Spam Email

  2. Can You Cold Email Someone Without Consent?

  3. Cold Emailing Businesses vs. Individuals

  4. Cold Email Laws in the United States

  5. Cold Email Laws in Canada

  6. Cold Email Laws in the European Union

  7. Cold Email Laws in the United Kingdom

  8. Cold Email Laws in Australia

  9. Cold Email Laws in South Africa

  10. 5 Best Practices for Compliant Cold Emailing

Let’s dive straight in.

Definitions: Cold Email vs. Spam Email

Cold email’s reputation has been tarnished in the past because of people buying vast lists of email addresses and sending irrelevant emails to every person on that list.

There’s no question about it – an unsolicited email that’s irrelevant to your business is spam.

But, Autumn Sterrett – COO at lead generation agency Avadel – uses cold email on a daily basis and told us:

Not only is cold email legal, it's the most effective tool we have to generate new meetings for our clients. When done within the boundaries and guidelines of GDPR, CAN-SPAM, and other regulations—cold email is an irreplaceable tool in any company's marketing tool chest.


Clearly, the cold emails that an agency like Avadel sends aren’t spam if they’re booking meetings with it. People wouldn’t agree to a meeting in the first place if they thought the emails were spam.

When differentiating between cold email and spam emails, it’s all about context.

For example, suppose a well-known podcaster in your industry reached out to you with a cold email inviting you to join them on an interesting podcast – would that be spam?

Clearly, there’s a difference between a cold email and a spam email, even if there can be an overlap.

The laws and regulations that apply to email are there to stop people from abusing the channel and trying to scam unsuspecting email users. 

Can You Cold Email Someone Without Their Consent?

The answer to this has a few key variables that we need to look at before giving an answer. To know if you can cold email someone without their consent, you need to consider:

  • Whether they’re a B2B contact or an individual

  • If they will have a legitimate interest in what you’re reaching out about

  • Where they’re based

Depending on these, you may be able to send a cold email, even if someone hasn’t directly told you to reach out to them.

In the next sections, we’ll dive into each of these considerations to help you understand who you can, and can’t reach out to with cold email.

Cold Emailing Businesses vs. Individuals 

The first major consideration when sending cold emails is who your recipients are.

If you’re reaching out to B2B CEOs on their work email addresses, most regulations will allow this, as long as your email is relevant to them.

However, if you’re sending mass emails to an email list of people’s personal Gmail or iCloud addresses to promote your products or services, that’s not allowed (unless they have specifically opted-in).

In short, only ever send emails to B2B addresses, and make sure you have a good reason to do it.

Next, let's look at the specific laws and regulations you need to consider depending on your location and your recipients' locations.

Cold Email Laws in the United States

The CAN-SPAM Act is the primary law affecting cold emailers in the United States. It was enacted in 2003 and still applies today.

This act sets out the rules for any type of commercial email message.

Let’s take a look at what it includes:

How to Be Compliant with the CAN-SPAM Act

Every email you send that violates the CAN-SPAM Act can generate a fine of up to $46,517. If you’re sending emails to a large list, this means a small mistake can have significant consequences.

Here are the key rules to follow to stay compliant:

  • Use your real name or company name in the “From” section

  • Use a subject line that represents what the contents of the email include

  • Disclose in some way that your email is promotional in nature

  • Have your company address and location in the email

  • Make it simple for recipients to opt out of hearing from you again

  • Remove opted-out subscribers within 10-days of receiving it

  • Ensure any partner you work with that sends emails for you complies with the CAN-SPAM Act

These rules mainly affect businesses using email for commercial benefit.

If you’re only reaching out to small email lists of prospects with the goal of learning more about their business, rather than pitching your product/service, you won’t need to spend much time worrying about CAN-SPAM.

Cold Email Laws in Canada

If you’re cold-emailing people located in Canada, or, if you’re based in Canada, you’ll need to abide by CASL: Canada’s Anti-Spam Legislation.

So, what does CASL mean for your cold email campaigns?

Let’s take a look.

Canada's Anti-Spam Legislation (CASL)

CASL is an initiative created in 2014 to reduce the impact of spam on the public in Canada, and improve the way that businesses approach email marketing.

It lays out the definition of what spam is, and then sets rules to eliminate it.

This sounds like it would prohibit cold emailing, however, there are some caveats to this once you get deeper into the legislation.

There are two types of consent under CASL: explicit and implied.

Explicit consent is when someone tells you to reach out to them. In the case of cold email, you won’t have explicit consent, so we need to look at what ‘implied consent’ means.

Implied consent refers to anyone with whom you have an existing relationship, but also extends to people who have made their email address public on a website, such as their company contact page, their LinkedIn profile, or on their local Chamber of Commerce.

According to CASL, you can use this implied consent to reach out to business contacts as long as your outreach satisfies these two criteria:

  • There is no statement saying that they don’t want to receive Commercial Electronic Mails (CEMs).

  • The content of your email is relevant to their business and work responsibilities.

If you can prove that you have implied consent and your email meets the criteria above, you can legally send cold emails in Canada.

If you don’t know whether your email collection process is legal or if you have implied consent, we’d recommend you speak to a legal advisor. You don’t want to breach CASL, as the fines to businesses can cost you up to $10 million per violation. 

Cold Email Laws in the European Union

The European Union has strict rules on data protection, which may affect how you use email for sales and marketing in your business.

Let’s take a look at how they affect your cold email strategy:

Is Cold Email Illegal in the EU?

Cold email isn’t illegal in the EU, however, it is regulated.

The regulations are in place to:

  • Avoid EU-based consumers being subject to email-based spam

  • Protect the personal data of individuals

Let’s look at the regulations that apply in more detail:

Is Cold Email Against the GDPR?

The EU’s cold email laws are set out in the General Data Protection Regulation (GDPR).

The GDPR applies to any business based in, or with an audience in the EU.

If you’re reaching out to any EU-based prospect, these rules will apply to your cold email campaign.

Violations of the GDPR can lead to fines of up to €20 million, or up to 4% of your global turnover, so it’s not worth risking it.

Here are some key rules to follow:

  • You can only email people who have a “legitimate interest” in what you’re reaching out about. This means cold email is allowed, but only for a good reason.

  • You need to use clear language that makes it clear why you’re reaching out

  • You need a manual opt-in for marketing emails

  • Recipients need to be able to unsubscribe at any moment

  • If recipients ask, you need to delete all personal data you have on them

  • Your company needs to appoint a Data Protection Officer

The GDPR sounds intimidating, but most cold emailers have nothing to worry about.

As long as you’re using cold email to reach out to people who will have a legitimate interest in what you’re contacting them about and maintain high standards for how you control data, you won’t need to worry about breaking the law.

Cold Email Laws in the United Kingdom

There are three main laws to be aware of when sending cold emails in the UK.

Let’s look at what each one entails.

Data Protection Act 2018

The Data Protection Act 2018 applies to anyone sending cold emails to or from the UK.

It means that you need consent and legitimate interest to send an individual a cold email.

However, it’s acceptable to send cold emails to businesses.

Privacy and Electronic Communications Regulations (PECR)

PECR is the UK’s regulation that outlines the rights people have to privacy when it comes to electronic communications. Any communication type, such as email, calls, texts, or even website cookies, falls under the umbrella of this regulation.

PECR prohibits cold outreach to individuals. That is anyone who isn’t representing a business. However, the rule is less strict regarding B2B communication.

You can send cold emails to business email addresses in the UK, as long as you can show that they will have a legitimate interest, just like you would with the GDPR and the Data Protection Act 2018. 

You’ll also need to ensure you have data protection practices in place if you’re emailing individuals at a business.


The UK GDPR is an adapted version of the EU’s GDPR.

It outlines the key rules and regulations that anyone running sales and marketing outreach needs to follow.

Like with the GDPR in the EU, you need to ensure you’re only emailing people who genuinely want to hear from you.

As well as that, you’ll need to:

  • Make it easy to opt out of future emails

  • Add your business address

  • Only reach out to B2B email addresses

  • Have a transparent process for deleting personal data

In summary, the UK laws won’t stop you from sending good cold emails. They exist to stop people from sending large-scale spam campaigns.

Cold Email Laws in Australia

Cold email is allowed in Australia but is regulated through the Spam Act 2003.

The main focus of this act is to reduce unsolicited emails, phone calls, and improve how companies handle personal information for their subscribers.

Spam Act 2003

To send legal cold emails to recipients in Australia, you need to do the following:

  • Don’t use any email harvesting software to scrape websites for personal details

  • It must be simple for someone to unsubscribe

  • You must make it clear who is sending the email

  • You must have a good reason to reach out to a business

  • Business-to-consumer emails are prohibited without an explicit opt-in

If you’re in breach of the Spam Act 2003, you can face fines and penalties depending on the level of the violation.

Cold Email Laws in South Africa

Cold email in South Africa is covered under the Protection of Personal Information Act(POPI Act).

The act covers key areas for cold emailers, such as consent, how to handle opt-outs, and more. Let’s take a look at the details.


The POPI Act in South Africa applies to any form of electronic communication with your existing audience or cold prospects.

The first rule to be aware of is how consent is given. 

In Section 69 of the POPI Act, the law outlines that you’re allowed to contact someone once if they haven’t previously opted out. If they don’t respond or choose to opt out, you can’t contact them again.

Under POPI, you also need to make it easy for anyone on your list to unsubscribe, ideally, through a single click. 

These laws are relatively strict and may affect your follow-up strategy. Make sure to add value in the first email of your sequence to encourage a response and get consent to continue the conversation.

5 Best Practices for Compliant Cold Emailing

1. Always Vet Your Prospect List

The first rule for keeping your cold emails legal is only reaching out to B2B prospects.

On top of that, you need to ensure that each person you contact will have a good reason to be interested in hearing from you.

This way, you can always prove legitimate interest which is one of the requirements for sending cold emails in multiple.

When adding a prospect to your list, consider factors like:

  • Do they have a job title matching your ideal customer?

  • Is their company at a size where they’ll get ROI on your product/service?

  • Can you find a way to personalize your email?

  • Can you verify their email address?

Another benefit to being strict about who you reach out to is that it’ll reduce the volume of your outreach.

A lower sending volume combined with high-quality emails will improve your email deliverability and reduce the chance of your inbox being flagged for spam by email service providers like Gmail or Outlook.

2. Use Simple Subject Lines

Your subject line is a contract between you and your recipient.

When they open your email, they expect it to match the promise you made in your subject line.

Some examples of subject lines we’ve found effective include:

  • Helping {{}} with [pain point]?

  • [YOUR NAME] on {{prospect.custom.podcast_name}}?

  • 15-mins to talk about your paid ads strategy?

All of these have several things in common:

  • They’re concise and don’t waste time

  • It’s clear why you’re reaching out as you reference a pain point, podcast, or the main topic of your email

  • They include a question mark which shows you’re looking for a response

  • They don’t include capitalization in every word to show it’s a human-written email

When it comes to subject lines, don’t overthink things. Instead, keep it simple, and be transparent about why you’re reaching out. 

Leave out the emojis or wild promises and focus on authenticity.

3. Make It Clear Why You’re Reaching Out

Most of the cold email laws we’ve looked at above state that the intention of your email needs to be clear.

It’s imperative that as soon as someone reads your email, they understand why you’re reaching out.

Do this with three things:

  • A clear subject line

  • A value proposition that makes it compelling to reply

  • A simple call-to-action

For example, take this email template from AppSumo:

From the subject line, it’s already clear what the sender is reaching out about.

Then, the value proposition is clear: get in front of 850,000+ potential customers.

There’s no way that the recipient can get confused about what they’re being asked of, which is why it’s so effective.

4. Personalize Your Emails Beyond Someone’s Name

Personalization is the key ingredient to every high-performing cold email campaign.

It’s also the key to standing out in your prospect’s busy inbox.

There are several steps to effective personalization:

  • Only contact people who will have a real interest in the reason you’re reaching out

  • Use their real first name when you address them

  • Mention their company name where relevant

  • Use a unique introductory line or sentence in your email that couldn’t be sent to anyone else

The final part takes time.

You’ll need to add your custom opening line to your prospect list spreadsheet. You can use it to mention something you have in common, highlight a recent win they had or compliment on a piece of content they created recently.

For example:

  • Listened to your podcast with [guest] and loved your points on [topic].

  • Just finished reading your guide to cold email, thanks for compiling all of that knowledge into one place.

  • Saw you opened a nice office in {{prospect.custom.City}}, looks like a great spot.

If you include an introductory line like these, it’s instantly apparent that you’re specifically reaching out to an individual, and you haven’t scraped their address and sent them a generic templated email to everyone.

As well as this, deep personalization makes sure no one ever thinks your email is spam, even if they’re not currently interested in what you’re reaching out about. 

5. Make Your Offer So Good Your Prospect Wants to Reply

This is the number one rule of all cold emails.

It’s critical that what you’re reaching out about is highly relevant to your recipient.

No one ever reported an email for spam or to an authority if it was something they were truly interested in.

Whether it’s to invite them on a podcast, ask if they need help with their marketing, or pitch your web design services, the recipient must have a clear interest in what you’re reaching out about.

Fundamentally, this all goes back to your initial prospect research. If you choose the right people for your pitch, it’ll be easy to consistently generate a high response rate.

In Summary: Is Cold Email Legal?

Cold email is legal in all major regulatory areas.

However, it’s vital that you adhere to the rules that each regulation and law sets out.

For example, under the GDPR you need to make sure that the people you’re reaching out to have a legitimate interest in hearing from you.

Under the CAN-SPAM Act, you need to give recipients a simple way to unsubscribe.

Whenever you send cold emails, it’s important that you put your recipients first. Consider: will they want to hear from you? Are they a perfect fit for your product or service? How can you personalize your template to make your email stand out?

If you tailor your emails and ensure the topic is relevant to each recipient, you’ll see excellent results from your campaigns.