Is Cold Emailing Illegal? Everything You Need to Know

Post by
David Scott
July 1, 2020
Read time:
Is Cold Emailing Illegal? Everything You Need to Know

Cold email is arguably the most effective sales outreach channel that exists.

The ability to send emails at scale, and quickly find out if a prospect is interested in what you're selling (or not).

However, the ROI you see from your campaigns will quickly vanish if you're getting hit with fines and penalties for emailing people who you're legally not allowed to.

In this article, we're going to take at whether or not the cold emails you're sending are legal.

We'll cover everything you need to know to help you hit "Send" on that new email campaign with full confidence that your cold emails are going to help grow your pipeline, and won't get you in trouble.

As with any legal topic, you should consult a lawyer if you're not certain about the legality of your email campaigns. They'll be able to provide accurate and personalized advice.

Before You Hit 'Send', Read This

Cold emailing is an amazing channel to engage with new potential customers. That said, there are rules to the game, and you need to play by them.

On the one hand, you might generate new business.

On the other, you might rack up large fines and leave buyers with a poor impression.

So, Is Cold Emailing Illegal?

In most cases, cold emailing isn't illegal.

They're still used by sales reps all over the world to generate pipeline and some studies put the average ROI for email marketing it a staggering 4,300%

That said, there are various laws that apply in different countries that you have to abide by to ensure your emails stay legal.

Let's take a look at them.

What Cold Emails Laws Apply To Your Campaigns?


While the USA has relatively relaxed laws on cold emailing, there are still a few you should review your campaigns are compliant with.

The first is the CAN-SPAM Act.

This applies to any business using email in any way and establishes rules that you have to abide by.

Some of these rules include:

  • Not using deceptive subject lines
  • Telling recipients where you're located
  • Allow recipients to opt-out, and to promptly honor those requests

You need to follow the rules set out in CAN-SPAM, or risk fines for every email sent of up to $43,280 (yes, that's a $43,280 fine for every single email you send).


Canada has its own version of CAN-SPAM, called CASL (Canada's Anti-Spam Legislation).

It was announced in 2014 to help combat spam. Under CASL, you need to make sure you:

  • Don't harvest email addresses without permission
  • Don't send unsolicited emails to anyone not relevant to your business
  • Don't send false or misleading information

The rules are relatively simple, but you should still pay attention and ensure you're following them if you're based in Canada or emailing prospects in Canada.

United Kingdom

If you're emailing prospects in the United Kingdom, you'll need to abide by the Privacy and Electronic Communications Regulations 2003.

The regulations state that you can only send sales emails if:

  • Recipients opt-in to your communication
  • The email is in respect of that person's similar products or services
  • The recipient can easily opt-out of future communications

You can still email companies, but avoid sending unsolicited emails to individuals and personal email addresses.

Currently, the GDPR still applies in the UK (more on that in the section on the EU below).


Under Australian law, the Spam Act 2003 defines 'spam' as 'unsolicited commercial electronic messaging’.

That doesn't sound too encouraging, as it's a very broad definition.

However, you're not completely out of luck.

People can consent to your emails in two ways:

  1. Express consent
  2. Inferred consent

Let's be honest - most people aren't going to provide express consent to your cold email campaigns (they're cold leads, after all).

However, inferred consent is a valid reason to send an email. This means you need to have either an existing business relationship, or, their email was expressly published somewhere such as their website or on LinkedIn.

Your email also has to relate directly to that person's line of work.

European Union

When it comes to cold emailing in the European Union, you're going to have to be careful when it comes to who and how you send cold emails.

EU countries are covered by both the General Data Protection Regulation, and the Privacy and Electronic Communications Directive 2002.

The GDPR, as you already know, is strict, and the fines are huge if you're found to be in breach of the regulations (€20 million, or 4% of annual global turnover). But it doesn't mean cold emailing is banned.

Under the GDPR, you can still send cold emails as long as you can prove the person you're emailing has a legitimate interest in receiving an email from you.

If your emails are being sent to people that you do genuinely believe will be interested in your message, then you're allowed to send an email. There are also a few best practices to follow:

  • Clearly identify yourself
  • Be clear about how you found their information
  • Only hold their data for as long as you need it
  • Delete their data immediately if you're asked to and provide an easy way to opt-out
  • Include a physical address

So, to make it clear - the GDPR doesn't ban cold emails, but it does mean you need to be clear in your email about why you're emailing the person.

When emailing people based in the EU you should also be aware of individual countries' privacy laws, as they can add extra regulations on top of the GDPR.

These may affect the legality of your emails, depending on the content you're sending.

Ground Rules for Sending Cold Emails (Legally)

1. Only Email People Likely to Have a Legitimate Interest In Your Offer

All of the main jurisdictions we've looked at allow for cold email, as long as there's an inferred consent or you're emailing someone for a legitimate reason.

Put yourself in your recipients' shoes. If you receive a personalised sales email about a new product relevant to your job, you're not going to be annoyed when you receive it (even if you don't want to learn more).

If, on the other hand, you get a clearly templated email from someone pitching a product in an industry you've never worked in, you're not going to look at them in a good light.

Really, this is the minimum that should be expected of a sales rep. Building a target account list that's a great fit for your business will always lead to better results.

2. Make it Easy for People to Opt-Out

Not everyone's going to be interested in your first email.

That's why follow-ups are a natural part of the sales process.

However, not everyone is going to want to keep hearing from you, so make it easy to opt-out of future communications, and don't make someone jump through hoops to do so.

3. Have Strong Data Security Measures

This should go without saying, but keep the personal details of anyone you're contacting secure.

If someone asks you to remove them from your campaign, you should delete their details from your database as soon as possible.

Finally, if you have a data breach, you have to let anyone affected know, even if you haven't emailed them yet.

4. Collect Emails in a GDPR Compliant Way

Most sales reps don't collect emails one-by-one. You're probably using software to help you collect emails at scale.

We'd recommend doing a review of your tools to ensure they're GDPR-compliant and you're not collecting emails that people don't want you to have.

If you're using data collected in a non-GDPR compliant way, you're liable to fines, and your recipients won't be happy when your email appears in their inbox.

Wrapping Up

Cold emailing is legal in most jurisdictions, but there are rules you need to know and follow to guarantee you avoid getting in legal trouble.

The laws around cold emails are there to stop spam. That's the key. If you're certain that your email is going to be something relevant to your prospect, it's unlikely to be flagged as spam.

However, if you've just downloaded a CSV with 10,000 random contacts and are planning to email them all at once, you're going to be in breach of several laws.

We'd always recommend consulting a lawyer if you have questions or concerns about the legality of your cold email campaigns.

Take a look at our latest insights