Cold Email Compliance: CAN-SPAM, GDPR, and More

Cold email is legal when done right. Here's how to stay compliant globally.

US: CAN-SPAM Act

Requirements: No deceptive headers, no misleading subjects, identify as advertisement if applicable, include physical address, honor opt-outs within 10 days, monitor third parties.

B2B Exemption: CAN-SPAM is less restrictive for B2B - no advertisement label required, still must honor opt-outs.

Penalties: Up to $50,120 per violation.

EU: GDPR

Key principles: Lawful basis needed, data minimization, transparency, rights to request deletion.

Legitimate Interest for B2B: Cold B2B email can qualify if relevant to recipient's job, reasonable expectation they'd receive such emails, easy opt-out provided, not excessive frequency.

Penalties: Up to 4% of global revenue.

Canada: CASL

Generally requires consent (express or implied). Implied consent for existing business relationships. Must identify sender and include unsubscribe.

Universal Rules

Identify yourself clearly. Be relevant to their role. Make opting out easy in every email. Honor opt-outs quickly. Don't be deceptive. Keep records of consent and opt-outs.

Compliance Checklist

Before sending: Clear sender identification, accurate subject line, physical address included, unsubscribe link works, suppression list checked, relevant to recipient's role, documented basis for contact.