Is Cold Email Legal?
Yes, cold email is legal in most countries. In the US, CAN-SPAM requires a physical address, opt-out mechanism, and honest subject lines. In the EU, GDPR requires legitimate interest or prior consent.
Based on compliance analysis of cold email regulations across 50+ countries, including CAN-SPAM, GDPR, CASL, PECR, and the Australian Spam Act.
Cold email is a lawful business communication channel in the United States, European Union, United Kingdom, Canada, Australia, and most other jurisdictions. The legality hinges on compliance with local anti-spam and data protection laws. In the US, the CAN-SPAM Act of 2003 permits unsolicited commercial email as long as you include your physical mailing address, provide a clear opt-out mechanism, use non-deceptive subject lines, and honor unsubscribe requests within 10 business days.
In the EU, GDPR allows B2B cold email under the "legitimate interest" legal basis, provided you can demonstrate a genuine business reason for contacting the recipient and you respect their right to object. Canada's CASL is stricter, generally requiring express or implied consent before sending commercial electronic messages, though B2B exemptions exist for certain categories of recipients.
Platforms like Sales.co build compliance into the sending process with automated unsubscribe handling, physical address insertion, and sending controls that help you stay within legal requirements across jurisdictions.
Cold Email Laws by Country at a Glance
| Country | Law | Key Requirements | Penalties |
|---|---|---|---|
| United States | CAN-SPAM Act | Physical address, opt-out link, honest subject lines, honor unsubscribes in 10 days | Up to $50,120 per email |
| European Union | GDPR + ePrivacy | Legitimate interest basis, data processing records, right to object, DPA required | Up to 4% of annual revenue or 20M EUR |
| United Kingdom | UK GDPR + PECR | Legitimate interest, corporate subscriber exemption, opt-out mechanism | Up to 17.5M GBP or 4% of revenue |
| Canada | CASL | Express or implied consent, sender identification, unsubscribe mechanism | Up to $10M CAD per violation |
| Australia | Spam Act 2003 | Consent required, sender identification, functional unsubscribe | Up to $2.2M AUD per day |
| Singapore | Spam Control Act | Opt-out mechanism, sender identification, subject line labels | Up to $25 per message (civil) |
More Cold Email Legality Questions
Is buying email lists legal?
In the US, buying lists is not illegal under CAN-SPAM's opt-out regime — but purchased consumer lists are effectively unusable under GDPR and CASL because consent does not transfer with a sale. Properly sourced B2B contact data is the defensible route. Read the full analysis →
What are the penalties for illegal cold email?
Up to $53,088 per non-compliant email under CAN-SPAM (2025 FTC adjustment), up to $1M per violation for individuals and $10M for corporations under Canada's CASL, and up to €20M or 4% of global turnover under GDPR. Read the full analysis →
Do cold emails need an unsubscribe link?
They need a clear, working opt-out — but not necessarily a link. A plain-text reply opt-out satisfies CAN-SPAM if honored within 10 business days; CASL requires an unsubscribe mechanism and GDPR gives recipients a right to object. Read the full analysis →
Latest Research
Cold Email Laws by Country: The Complete Compliance Guide (2026)
A comprehensive breakdown of cold email regulations in 10+ countries, with requirements tables and penalty summaries.
CAN-SPAM Act Explained: What Cold Emailers Need to Know
Every CAN-SPAM requirement explained, common violations, B2B exemptions, and a compliance checklist.
GDPR and Cold Email: How to Stay Compliant in Europe
Legitimate interest, data processing requirements, right to be forgotten, and GDPR penalties for cold emailers.