Are cold outreach 'best practices' actually illegal spam tactics?

Summary

Cold outreach is a legal activity when performed ethically and in compliance with regulations like CAN-SPAM and GDPR. Tactics such as lacking unsubscribe options, using deceptive subject lines, rotating domains to avoid spam filters, or purchasing email lists are illegal and considered spam. GDPR requires legitimate interest assessments and, in some cases, explicit consent. Successful and legal cold outreach hinges on transparent data sourcing, respecting recipient privacy, sending relevant and personalized emails, providing easy opt-out mechanisms, and consistently adhering to data protection regulations.

Key findings

  • Compliance is Key: Legality of cold email hinges on adherence to CAN-SPAM, GDPR, and other relevant regulations.
  • Intent Matters: CAN-SPAM distinguishes between commercial, transactional, and other email types, with different requirements.
  • Consent & Legitimate Interest: GDPR requires a lawful basis, like consent or legitimate interest, for processing personal data, with legitimate interest requiring a careful balancing act.
  • Bad Tactics are Illegal: Tactics like hiding unsubscribe links, rotating domains, or using purchased lists are direct violations and considered spam.
  • Aggressive tactics damage reputation: Overly aggressive tactics like frequent follow-ups without providing value can damage sender reputation.

Key considerations

  • Clear Opt-Out: Provide a clear and easily accessible unsubscribe option in every email.
  • Data Privacy: Prioritize data privacy by respecting recipient rights and ensuring GDPR compliance.
  • Transparent Data Sourcing: Be transparent about how email addresses were obtained and ensure legitimate collection methods.
  • Value-Driven Content: Send relevant and personalized emails that provide value to the recipient.
  • GDPR Assessment: For EU contacts, conduct a legitimate interest assessment or obtain explicit consent.
  • Maintain an Opt-Out Database: Maintain a central database of opt-outs to ensure individuals who unsubscribe are not contacted again, regardless of rep.

What email marketers say
10Marketer opinions

Cold outreach, while not inherently illegal, operates within a legal and ethical framework defined by regulations like CAN-SPAM and GDPR. 'Best practices' that prioritize quantity over quality, disregard recipient rights (like easy opt-out), or use illegally obtained data are violations. Compliance requires clear opt-in options, transparent data sourcing, relevant content, and responsible sending behavior.

Key opinions

  • Legality Depends on Compliance: Cold emailing's legality hinges on adhering to regulations like CAN-SPAM and GDPR. Failure to comply makes it unlawful.
  • Ethical Boundaries Exist: The ethical line is crossed when senders prioritize volume, disregard recipient needs, or obstruct the opt-out process.
  • Aggressive Tactics are Detrimental: Overly aggressive follow-ups and irrelevant content damage sender reputation and lead to spam complaints.
  • Data Sourcing is Critical: Ensuring data is GDPR compliant and ethically sourced is paramount to legal cold outreach.

Key considerations

  • Opt-Out Mechanism: A clear, easily accessible opt-out option is mandatory for CAN-SPAM compliance and ethical practice.
  • Data Privacy: Respecting recipient privacy, ensuring GDPR compliance, and handling data responsibly are essential.
  • Content Relevance: Sending relevant, personalized emails that provide value increases engagement and reduces spam complaints.
  • Data Sourcing Transparency: Be transparent about how email addresses were obtained and ensure legitimate collection methods.
Marketer view

Email marketer from Litmus explains that while sending unsolicited email is not illegal, it must comply with CAN-SPAM, including providing an opt-out mechanism, a physical postal address, and avoiding deceptive subject lines.

June 2021 - Litmus
Marketer view

Email marketer from Reddit states that some 'best practices', like hiding unsubscribe links or making them difficult to find, are direct violations of CAN-SPAM and will likely result in penalties and a damaged sender reputation.

May 2021 - Reddit

What the experts say
6Expert opinions

Certain cold outreach 'best practices' can indeed be illegal spam tactics. Ignoring unsubscribe requirements, rotating domains to evade filters, and failing to maintain a central opt-out database are violations of CAN-SPAM. Furthermore, misinterpreting 'legitimate interest' under GDPR to justify cold emailing without proper consent or a balancing test is unlawful. Domain reputation can be severely damaged by aggressive cold lead strategies, making them less effective over time. It's crucial to understand the intent of the email (commercial vs. transactional) under CAN-SPAM, and if emailing EU residents, companies must obtain explicit consent or have another lawful basis under GDPR.

Key opinions

  • Unsubscribe Violations: Lack of an unsubscribe option or failing to honor opt-out requests are clear violations of CAN-SPAM.
  • Evasion Tactics: Rotating domains and other tactics to bypass spam filters are considered spammer behavior.
  • GDPR Misinterpretation: Using 'legitimate interest' as a blanket justification for cold emailing without proper consent or a balancing test is unlawful under GDPR.
  • Domain Reputation Damage: Aggressive cold lead strategies can significantly damage domain reputation, reducing deliverability.
  • CAN-SPAM Intent: Understanding the 'commercial' intent definition under CAN-SPAM is essential for compliance.
  • GDPR Requirements: For EU residents, explicit consent or another lawful basis is required under GDPR for sending marketing emails.

Key considerations

  • CAN-SPAM Compliance: Ensure all emails comply with CAN-SPAM requirements, including a clear unsubscribe option and a physical postal address.
  • GDPR Compliance: If emailing EU residents, obtain explicit consent or have a legitimate basis under GDPR.
  • Ethical Data Handling: Handle recipient data ethically and transparently, respecting privacy rights.
  • Intent Clarity: Clearly define the purpose of each email (commercial, transactional, etc.) to ensure compliance with CAN-SPAM.
  • Balance of Interests: When relying on legitimate interest, carefully weigh the sender's interests against the recipient's rights.
  • Opt-out Management: Maintain a central database of opt-outs to ensure that individuals who unsubscribe are not contacted again.
Expert view

Expert from Spam Resource explains that 'legitimate interest' under GDPR is often misused to justify cold emailing. She explains that it's important to do a balancing test, carefully weighing the sender's interests against the rights and freedoms of the data subject, which is often ignored.

December 2021 - Spam Resource
Expert view

Expert from Email Geeks shares their experience of turning down a client due to wrecked domain reputation from cold leads, highlighting that such strategies often involve burning through resources and are becoming less effective as Gmail and Microsoft improve their spam detection.

March 2023 - Email Geeks

What the documentation says
3Technical articles

Cold outreach 'best practices' can become illegal spam tactics if they violate CAN-SPAM and GDPR regulations. CAN-SPAM requires honest subject lines, clear opt-out methods, prompt honoring of opt-out requests, and a physical postal address. GDPR allows legitimate interest for direct marketing but mandates a careful balance, considering business need against individual rights. Using purchased lists, lacking clear opt-in, and disregarding data privacy rules lead to spam classification and reputation damage.

Key findings

  • CAN-SPAM Requirements: CAN-SPAM mandates honest subject lines, opt-out options, honoring opt-out requests, and a postal address.
  • GDPR Legitimate Interest: GDPR allows 'legitimate interest' for direct marketing, requiring a balance between business needs and individual rights.
  • Harmful Practices: Purchased lists, lack of clear opt-in, and ignoring data privacy result in spam classification and reputational damage.

Key considerations

  • CAN-SPAM Compliance: Adhere to all CAN-SPAM requirements, including clear opt-out and accurate headers/subject lines.
  • GDPR Balancing Test: When using legitimate interest under GDPR, carefully balance business needs against individual rights and expectations.
  • Ethical Data Practices: Avoid purchased lists, ensure clear opt-in procedures, and prioritize data privacy to maintain a positive sender reputation.
Technical article

Documentation from Mailjet explains that some cold outreach practices such as using purchased lists, lacking clear opt-in, and failing to follow the rules around data privacy can lead to emails being classified as spam and damage sender reputation.

January 2024 - Mailjet
Technical article

Documentation from Federal Trade Commission details the main requirements of CAN-SPAM, which include not using deceptive subject lines, providing a clear opt-out method, honoring opt-out requests promptly, and including a physical postal address.

November 2021 - Federal Trade Commission