Are cold outreach 'best practices' actually illegal spam tactics? - Knowledge Base

Summary

Cold outreach is a legal activity when performed ethically and in compliance with regulations like CAN-SPAM and GDPR. Tactics such as lacking unsubscribe options, using deceptive subject lines, rotating domains to avoid spam filters, or purchasing email lists are illegal and considered spam. GDPR requires legitimate interest assessments and, in some cases, explicit consent. Successful and legal cold outreach hinges on transparent data sourcing, respecting recipient privacy, sending relevant and personalized emails, providing easy opt-out mechanisms, and consistently adhering to data protection regulations.

Key findings

Compliance is Key: Legality of cold email hinges on adherence to CAN-SPAM, GDPR, and other relevant regulations.
Intent Matters: CAN-SPAM distinguishes between commercial, transactional, and other email types, with different requirements.
Consent & Legitimate Interest: GDPR requires a lawful basis, like consent or legitimate interest, for processing personal data, with legitimate interest requiring a careful balancing act.
Bad Tactics are Illegal: Tactics like hiding unsubscribe links, rotating domains, or using purchased lists are direct violations and considered spam.
Aggressive tactics damage reputation: Overly aggressive tactics like frequent follow-ups without providing value can damage sender reputation.

Key considerations

Clear Opt-Out: Provide a clear and easily accessible unsubscribe option in every email.
Data Privacy: Prioritize data privacy by respecting recipient rights and ensuring GDPR compliance.
Transparent Data Sourcing: Be transparent about how email addresses were obtained and ensure legitimate collection methods.
Value-Driven Content: Send relevant and personalized emails that provide value to the recipient.
GDPR Assessment: For EU contacts, conduct a legitimate interest assessment or obtain explicit consent.
Maintain an Opt-Out Database: Maintain a central database of opt-outs to ensure individuals who unsubscribe are not contacted again, regardless of rep.

What email marketers say
10Marketer opinions

Cold outreach, while not inherently illegal, operates within a legal and ethical framework defined by regulations like CAN-SPAM and GDPR. 'Best practices' that prioritize quantity over quality, disregard recipient rights (like easy opt-out), or use illegally obtained data are violations. Compliance requires clear opt-in options, transparent data sourcing, relevant content, and responsible sending behavior.

Key opinions

Legality Depends on Compliance: Cold emailing's legality hinges on adhering to regulations like CAN-SPAM and GDPR. Failure to comply makes it unlawful.
Ethical Boundaries Exist: The ethical line is crossed when senders prioritize volume, disregard recipient needs, or obstruct the opt-out process.
Aggressive Tactics are Detrimental: Overly aggressive follow-ups and irrelevant content damage sender reputation and lead to spam complaints.
Data Sourcing is Critical: Ensuring data is GDPR compliant and ethically sourced is paramount to legal cold outreach.

Key considerations

Opt-Out Mechanism: A clear, easily accessible opt-out option is mandatory for CAN-SPAM compliance and ethical practice.
Data Privacy: Respecting recipient privacy, ensuring GDPR compliance, and handling data responsibly are essential.
Content Relevance: Sending relevant, personalized emails that provide value increases engagement and reduces spam complaints.
Data Sourcing Transparency: Be transparent about how email addresses were obtained and ensure legitimate collection methods.

Marketer view

Email marketer from Litmus explains that while sending unsolicited email is not illegal, it must comply with CAN-SPAM, including providing an opt-out mechanism, a physical postal address, and avoiding deceptive subject lines.

June 2021 - Litmus

Marketer view

Email marketer from Reddit states that some 'best practices', like hiding unsubscribe links or making them difficult to find, are direct violations of CAN-SPAM and will likely result in penalties and a damaged sender reputation.

May 2021 - Reddit

Marketer view

Email marketer from Reddit shares their opinion that the biggest legality issue with cold email is not ensuring the data being used is GDPR compliant, emphasizing the need to know where the email was sourced from. Not having consent can be a big issue.

September 2022 - Reddit

Marketer view

Email marketer from Hunter.io shares that cold email is legal when used responsibly, in a targeted way and in compliance with data protection regulations like CAN-SPAM, GDPR, and others.

March 2022 - Hunter.io

What the experts say
6Expert opinions

Certain cold outreach 'best practices' can indeed be illegal spam tactics. Ignoring unsubscribe requirements, rotating domains to evade filters, and failing to maintain a central opt-out database are violations of CAN-SPAM. Furthermore, misinterpreting 'legitimate interest' under GDPR to justify cold emailing without proper consent or a balancing test is unlawful. Domain reputation can be severely damaged by aggressive cold lead strategies, making them less effective over time. It's crucial to understand the intent of the email (commercial vs. transactional) under CAN-SPAM, and if emailing EU residents, companies must obtain explicit consent or have another lawful basis under GDPR.

Key opinions

Unsubscribe Violations: Lack of an unsubscribe option or failing to honor opt-out requests are clear violations of CAN-SPAM.
Evasion Tactics: Rotating domains and other tactics to bypass spam filters are considered spammer behavior.
GDPR Misinterpretation: Using 'legitimate interest' as a blanket justification for cold emailing without proper consent or a balancing test is unlawful under GDPR.
Domain Reputation Damage: Aggressive cold lead strategies can significantly damage domain reputation, reducing deliverability.
CAN-SPAM Intent: Understanding the 'commercial' intent definition under CAN-SPAM is essential for compliance.
GDPR Requirements: For EU residents, explicit consent or another lawful basis is required under GDPR for sending marketing emails.

Key considerations

CAN-SPAM Compliance: Ensure all emails comply with CAN-SPAM requirements, including a clear unsubscribe option and a physical postal address.
GDPR Compliance: If emailing EU residents, obtain explicit consent or have a legitimate basis under GDPR.
Ethical Data Handling: Handle recipient data ethically and transparently, respecting privacy rights.
Intent Clarity: Clearly define the purpose of each email (commercial, transactional, etc.) to ensure compliance with CAN-SPAM.
Balance of Interests: When relying on legitimate interest, carefully weigh the sender's interests against the recipient's rights.
Opt-out Management: Maintain a central database of opt-outs to ensure that individuals who unsubscribe are not contacted again.

Expert view

Expert from Spam Resource explains that 'legitimate interest' under GDPR is often misused to justify cold emailing. She explains that it's important to do a balancing test, carefully weighing the sender's interests against the rights and freedoms of the data subject, which is often ignored.

December 2021 - Spam Resource

Expert view

Expert from Email Geeks shares their experience of turning down a client due to wrecked domain reputation from cold leads, highlighting that such strategies often involve burning through resources and are becoming less effective as Gmail and Microsoft improve their spam detection.

March 2023 - Email Geeks

Expert view

Expert from Spam Resource shares that one needs to know the definition of commercial as it pertains to the CAN-SPAM Act. This can be broken down into 3 categories: Commercial, Transactional, and Other. So it boils down to the intent of the email to define which category it falls into.

November 2023 - Spam Resource

Expert view

Expert from Word to the Wise covers GDPR and what it means for emailers. If your company sends email to anyone in the EU, or collects information from people in the EU, this law applies to you. The GDPR specifies that a business must have an explicit lawful basis for sending email to an individual. One such basis is consent, and businesses are required to obtain explicit consent to send marketing email.

August 2023 - Word to the Wise

What the documentation says
3Technical articles

Cold outreach 'best practices' can become illegal spam tactics if they violate CAN-SPAM and GDPR regulations. CAN-SPAM requires honest subject lines, clear opt-out methods, prompt honoring of opt-out requests, and a physical postal address. GDPR allows legitimate interest for direct marketing but mandates a careful balance, considering business need against individual rights. Using purchased lists, lacking clear opt-in, and disregarding data privacy rules lead to spam classification and reputation damage.

Key findings

CAN-SPAM Requirements: CAN-SPAM mandates honest subject lines, opt-out options, honoring opt-out requests, and a postal address.
GDPR Legitimate Interest: GDPR allows 'legitimate interest' for direct marketing, requiring a balance between business needs and individual rights.
Harmful Practices: Purchased lists, lack of clear opt-in, and ignoring data privacy result in spam classification and reputational damage.

Key considerations

CAN-SPAM Compliance: Adhere to all CAN-SPAM requirements, including clear opt-out and accurate headers/subject lines.
GDPR Balancing Test: When using legitimate interest under GDPR, carefully balance business needs against individual rights and expectations.
Ethical Data Practices: Avoid purchased lists, ensure clear opt-in procedures, and prioritize data privacy to maintain a positive sender reputation.

Technical article

Documentation from Mailjet explains that some cold outreach practices such as using purchased lists, lacking clear opt-in, and failing to follow the rules around data privacy can lead to emails being classified as spam and damage sender reputation.

January 2024 - Mailjet

Technical article

Documentation from Federal Trade Commission details the main requirements of CAN-SPAM, which include not using deceptive subject lines, providing a clear opt-out method, honoring opt-out requests promptly, and including a physical postal address.

November 2021 - Federal Trade Commission

Technical article

Documentation from GDPR.eu states that under GDPR, legitimate interest can be a lawful basis for processing personal data for direct marketing, but it requires a careful balancing act, including demonstrating a real business need and considering the individual's reasonable expectations and rights.

April 2024 - GDPR.eu

Cold Email vs. Spam: 8 Ways to Know the Difference

Understand the key differences between cold emails and spam, and the laws governing email practices. Avoid the spam folder with 8 tips to improve cold emails.

ZoomInfo Blog

Is Cold Emailing Illegal? A Comprehensive Guide to Anti-Spam ...

Is cold email legal? How to send compliant campaigns that avoid spam filters and fines in the US, Canada, EU, UK, and Australia.

Mystrika - Cold Email Software

20 Best Cold Email Outreach Practices To Improve Sales

Explore our list of the top 20 email outreach tools to significantly enhance your email campaigns and boost your deal-closing capabilities

SalesBlink Blog

How to Send Cold Emails Without Getting Blocked [My Approach]

Do you want to send a cold email like a pro? Follow this guide, this will increase your email deliverability and prevent you from getting your account blocked.

SalesHandy

How can I prevent cold emails from harming my domain reputation?

How long before cold emails are blocked and what are Gmail's policies on cold email?

Are unsubscribe links in cold emails beneficial or harmful?

How does cold outreach impact domain reputation and deliverability?

Is Google clamping down on cold lead automation tools like Gmass and Woodpecker?

How can I fix spam issues after previous cold outreach and improve domain reputation?

Are email warm-up tools like Warmy.io effective and legal?

How can I report cold outreach spam to Google and what actions do they take?

How does cold email impact warm email deliverability and sender reputation?

How can I improve email deliverability to Outlook for outbound prospecting mail if my campaigns are blocked?