Suped

Are cold outreach 'best practices' actually illegal spam tactics?

10 Marketer opinions6 Expert opinions3 Technical articles4 Resources

Summary

Cold outreach is a legal activity when performed ethically and in compliance with regulations like CAN-SPAM and GDPR. Tactics such as lacking unsubscribe options, using deceptive subject lines, rotating domains to avoid spam filters, or purchasing email lists are illegal and considered spam. GDPR requires legitimate interest assessments and, in some cases, explicit consent. Successful and legal cold outreach hinges on transparent data sourcing, respecting recipient privacy, sending relevant and personalized emails, providing easy opt-out mechanisms, and consistently adhering to data protection regulations.

Key findings

  • Compliance is Key: Legality of cold email hinges on adherence to CAN-SPAM, GDPR, and other relevant regulations.
  • Intent Matters: CAN-SPAM distinguishes between commercial, transactional, and other email types, with different requirements.
  • Consent & Legitimate Interest: GDPR requires a lawful basis, like consent or legitimate interest, for processing personal data, with legitimate interest requiring a careful balancing act.
  • Bad Tactics are Illegal: Tactics like hiding unsubscribe links, rotating domains, or using purchased lists are direct violations and considered spam.
  • Aggressive tactics damage reputation: Overly aggressive tactics like frequent follow-ups without providing value can damage sender reputation.

Key considerations

  • Clear Opt-Out: Provide a clear and easily accessible unsubscribe option in every email.
  • Data Privacy: Prioritize data privacy by respecting recipient rights and ensuring GDPR compliance.
  • Transparent Data Sourcing: Be transparent about how email addresses were obtained and ensure legitimate collection methods.
  • Value-Driven Content: Send relevant and personalized emails that provide value to the recipient.
  • GDPR Assessment: For EU contacts, conduct a legitimate interest assessment or obtain explicit consent.
  • Maintain an Opt-Out Database: Maintain a central database of opt-outs to ensure individuals who unsubscribe are not contacted again, regardless of rep.

What email marketers say
10Marketer opinions

Cold outreach, while not inherently illegal, operates within a legal and ethical framework defined by regulations like CAN-SPAM and GDPR. 'Best practices' that prioritize quantity over quality, disregard recipient rights (like easy opt-out), or use illegally obtained data are violations. Compliance requires clear opt-in options, transparent data sourcing, relevant content, and responsible sending behavior.

Key opinions

  • Legality Depends on Compliance: Cold emailing's legality hinges on adhering to regulations like CAN-SPAM and GDPR. Failure to comply makes it unlawful.
  • Ethical Boundaries Exist: The ethical line is crossed when senders prioritize volume, disregard recipient needs, or obstruct the opt-out process.
  • Aggressive Tactics are Detrimental: Overly aggressive follow-ups and irrelevant content damage sender reputation and lead to spam complaints.
  • Data Sourcing is Critical: Ensuring data is GDPR compliant and ethically sourced is paramount to legal cold outreach.

Key considerations

  • Opt-Out Mechanism: A clear, easily accessible opt-out option is mandatory for CAN-SPAM compliance and ethical practice.
  • Data Privacy: Respecting recipient privacy, ensuring GDPR compliance, and handling data responsibly are essential.
  • Content Relevance: Sending relevant, personalized emails that provide value increases engagement and reduces spam complaints.
  • Data Sourcing Transparency: Be transparent about how email addresses were obtained and ensure legitimate collection methods.
Marketer view

Email marketer from Litmus explains that while sending unsolicited email is not illegal, it must comply with CAN-SPAM, including providing an opt-out mechanism, a physical postal address, and avoiding deceptive subject lines.

June 2021 - Litmus
Marketer view

Email marketer from Reddit states that some 'best practices', like hiding unsubscribe links or making them difficult to find, are direct violations of CAN-SPAM and will likely result in penalties and a damaged sender reputation.

May 2021 - Reddit
Marketer view

Email marketer from Reddit shares their opinion that the biggest legality issue with cold email is not ensuring the data being used is GDPR compliant, emphasizing the need to know where the email was sourced from. Not having consent can be a big issue.

September 2022 - Reddit
Marketer view

Email marketer from Hunter.io shares that cold email is legal when used responsibly, in a targeted way and in compliance with data protection regulations like CAN-SPAM, GDPR, and others.

March 2022 - Hunter.io
Marketer view

Email marketer from Klenty explains that cold email is illegal if you do not provide an option to unsubscribe, the email consists of misleading content, or the contact information was attained illegally.

January 2025 - Klenty
Marketer view

Email marketer from Woodpecker explains that the line between ethical and unethical cold email is crossed when the sender prioritizes quantity over quality, disregards the recipient's needs, or fails to provide an easy way to opt-out.

September 2022 - Woodpecker.co
Marketer view

Email marketer from Gmass shares that cold email is legal if you follow CAN-SPAM Act and GDPR guidelines and you follow best practices to improve email deliverability.

May 2022 - Gmass
Marketer view

Email marketer from Warrior Forum cautions against overly aggressive tactics such as frequent follow-ups without providing value. He explains that this can lead to recipients marking the emails as spam and damaging the sender's reputation, thus not being a good 'best practice'.

September 2021 - Warrior Forum
Marketer view

Email marketer from SalesHandy shares that while cold emailing itself isn't illegal, failing to adhere to laws like GDPR and CAN-SPAM makes it unlawful. They emphasize respecting recipient privacy, providing clear opt-out options, and sending relevant, personalized emails.

December 2022 - SalesHandy
Marketer view

Email marketer from Reply.io explains that cold email is not illegal and you can reach out to prospects who haven’t subscribed to your list. However, you must follow legal regulations like GDPR and CAN-SPAM and collect email addresses in a legitimate manner.

December 2022 - Reply.io

What the experts say
6Expert opinions

Certain cold outreach 'best practices' can indeed be illegal spam tactics. Ignoring unsubscribe requirements, rotating domains to evade filters, and failing to maintain a central opt-out database are violations of CAN-SPAM. Furthermore, misinterpreting 'legitimate interest' under GDPR to justify cold emailing without proper consent or a balancing test is unlawful. Domain reputation can be severely damaged by aggressive cold lead strategies, making them less effective over time. It's crucial to understand the intent of the email (commercial vs. transactional) under CAN-SPAM, and if emailing EU residents, companies must obtain explicit consent or have another lawful basis under GDPR.

Key opinions

  • Unsubscribe Violations: Lack of an unsubscribe option or failing to honor opt-out requests are clear violations of CAN-SPAM.
  • Evasion Tactics: Rotating domains and other tactics to bypass spam filters are considered spammer behavior.
  • GDPR Misinterpretation: Using 'legitimate interest' as a blanket justification for cold emailing without proper consent or a balancing test is unlawful under GDPR.
  • Domain Reputation Damage: Aggressive cold lead strategies can significantly damage domain reputation, reducing deliverability.
  • CAN-SPAM Intent: Understanding the 'commercial' intent definition under CAN-SPAM is essential for compliance.
  • GDPR Requirements: For EU residents, explicit consent or another lawful basis is required under GDPR for sending marketing emails.

Key considerations

  • CAN-SPAM Compliance: Ensure all emails comply with CAN-SPAM requirements, including a clear unsubscribe option and a physical postal address.
  • GDPR Compliance: If emailing EU residents, obtain explicit consent or have a legitimate basis under GDPR.
  • Ethical Data Handling: Handle recipient data ethically and transparently, respecting privacy rights.
  • Intent Clarity: Clearly define the purpose of each email (commercial, transactional, etc.) to ensure compliance with CAN-SPAM.
  • Balance of Interests: When relying on legitimate interest, carefully weigh the sender's interests against the recipient's rights.
  • Opt-out Management: Maintain a central database of opt-outs to ensure that individuals who unsubscribe are not contacted again.
Expert view

Expert from Spam Resource explains that 'legitimate interest' under GDPR is often misused to justify cold emailing. She explains that it's important to do a balancing test, carefully weighing the sender's interests against the rights and freedoms of the data subject, which is often ignored.

December 2021 - Spam Resource
Expert view

Expert from Email Geeks shares their experience of turning down a client due to wrecked domain reputation from cold leads, highlighting that such strategies often involve burning through resources and are becoming less effective as Gmail and Microsoft improve their spam detection.

March 2023 - Email Geeks
Expert view

Expert from Spam Resource shares that one needs to know the definition of commercial as it pertains to the CAN-SPAM Act. This can be broken down into 3 categories: Commercial, Transactional, and Other. So it boils down to the intent of the email to define which category it falls into.

November 2023 - Spam Resource
Expert view

Expert from Word to the Wise covers GDPR and what it means for emailers. If your company sends email to anyone in the EU, or collects information from people in the EU, this law applies to you. The GDPR specifies that a business must have an explicit lawful basis for sending email to an individual. One such basis is consent, and businesses are required to obtain explicit consent to send marketing email.

August 2023 - Word to the Wise
Expert view

Expert from Email Geeks explains that the lack of an unsubscribe is blatantly violating CAN SPAM, and rotating domains or content to avoid filters are spammer tactics.

June 2022 - Email Geeks
Expert view

Expert from Email Geeks clarifies that while reply-to-opt-out is compliant with US law, many companies don't maintain a central opt-out database, meaning opting out from one rep doesn't stop all spam from the company. Many also don't include a postal address, which is a violation.

August 2023 - Email Geeks

What the documentation says
3Technical articles

Cold outreach 'best practices' can become illegal spam tactics if they violate CAN-SPAM and GDPR regulations. CAN-SPAM requires honest subject lines, clear opt-out methods, prompt honoring of opt-out requests, and a physical postal address. GDPR allows legitimate interest for direct marketing but mandates a careful balance, considering business need against individual rights. Using purchased lists, lacking clear opt-in, and disregarding data privacy rules lead to spam classification and reputation damage.

Key findings

  • CAN-SPAM Requirements: CAN-SPAM mandates honest subject lines, opt-out options, honoring opt-out requests, and a postal address.
  • GDPR Legitimate Interest: GDPR allows 'legitimate interest' for direct marketing, requiring a balance between business needs and individual rights.
  • Harmful Practices: Purchased lists, lack of clear opt-in, and ignoring data privacy result in spam classification and reputational damage.

Key considerations

  • CAN-SPAM Compliance: Adhere to all CAN-SPAM requirements, including clear opt-out and accurate headers/subject lines.
  • GDPR Balancing Test: When using legitimate interest under GDPR, carefully balance business needs against individual rights and expectations.
  • Ethical Data Practices: Avoid purchased lists, ensure clear opt-in procedures, and prioritize data privacy to maintain a positive sender reputation.
Technical article

Documentation from Mailjet explains that some cold outreach practices such as using purchased lists, lacking clear opt-in, and failing to follow the rules around data privacy can lead to emails being classified as spam and damage sender reputation.

January 2024 - Mailjet
Technical article

Documentation from Federal Trade Commission details the main requirements of CAN-SPAM, which include not using deceptive subject lines, providing a clear opt-out method, honoring opt-out requests promptly, and including a physical postal address.

November 2021 - Federal Trade Commission
Technical article

Documentation from GDPR.eu states that under GDPR, legitimate interest can be a lawful basis for processing personal data for direct marketing, but it requires a careful balancing act, including demonstrating a real business need and considering the individual's reasonable expectations and rights.

April 2024 - GDPR.eu

Related resources
4Resources

Cold Email vs. Spam: 8 Ways to Know the Difference
Cold Email vs. Spam: 8 Ways to Know the Difference

Understand the key differences between cold emails and spam, and the laws governing email practices. Avoid the spam folder with 8 tips to improve cold emails.

ZoomInfo Blog
Is Cold Emailing Illegal? A Comprehensive Guide to Anti-Spam ...
Is Cold Emailing Illegal? A Comprehensive Guide to Anti-Spam ...

Is cold email legal? How to send compliant campaigns that avoid spam filters and fines in the US, Canada, EU, UK, and Australia.

Mystrika - Cold Email Software
20 Best Cold Email Outreach Practices To Improve Sales
20 Best Cold Email Outreach Practices To Improve Sales

Explore our list of the top 20 email outreach tools to significantly enhance your email campaigns and boost your deal-closing capabilities

SalesBlink Blog
How to Send Cold Emails Without Getting Blocked [My Approach]
How to Send Cold Emails Without Getting Blocked [My Approach]

Do you want to send a cold email like a pro? Follow this guide, this will increase your email deliverability and prevent you from getting your account blocked.

SalesHandy

Related questions