Is Cold Emailing Illegal? Laws by Country in 2026
Short answer: no, cold emailing is not illegal in most countries. But it's regulated. Every major market has specific rules about what you must include, who you can contact, and how recipients can opt out.
Here's exactly what you need to know to send cold outreach legally.
Cold email laws by country
| Country/Region | Law | B2B cold email | B2C cold email | Max fine |
|---|---|---|---|---|
| United States | CAN-SPAM Act | Allowed | Allowed | $51,744/email |
| European Union | GDPR + ePrivacy | Allowed (legitimate interest) | Opt-in required | 4% global revenue |
| United Kingdom | UK GDPR + PECR | Allowed (legitimate interest) | Opt-in required | £17.5M |
| Canada | CASL | Limited (implied consent) | Opt-in required | $10M/violation |
| Australia | Spam Act 2003 | Requires consent | Opt-in required | AUD $2.2M/day |
United States: CAN-SPAM Act
The US has the most permissive rules. The CAN-SPAM Act (enforced by the FTC) allows cold emails as long as you follow these rules:
- Don't use deceptive subject lines. The subject must accurately reflect the content of the email.
- Identify the message as an ad (if it's commercial in nature). This applies to all paid content, including sponsored posts — the FTC requires clear disclosure.
- Include your physical mailing address. A PO box is fine.
- Provide a clear opt-out mechanism. An unsubscribe link or reply-to opt-out both work.
- Honor opt-outs within 10 business days.
- Don't use misleading "From" or "Reply-To" headers.
- Avoid spam trigger words that get your emails filtered before they're read.
Note: CAN-SPAM does not require prior consent. You can email anyone, as long as you follow the rules above. Use our spam word checker to scan your copy before sending. For a step-by-step walkthrough of running a compliant cold email campaign, see our dedicated guide.
European Union: GDPR
GDPR is stricter, but B2B cold email is still allowed under the "legitimate interest" legal basis. The official GDPR Article 6 outlines all lawful bases for processing personal data.
For B2B cold outreach to be legal under GDPR:
- The email must be relevant to the recipient's professional role
- You must have done research showing your product/service is relevant to their business
- You must provide an easy opt-out in every email
- You must store and process their data responsibly
- You should be able to justify the "legitimate interest" if asked
B2C cold email under GDPR generally requires prior opt-in consent. There's an exception for existing customers (soft opt-in) where you can email about similar products.
Under GDPR, what legal basis is typically used for B2B cold outreach?
Correct! B2B cold email under GDPR is typically justified under the "legitimate interest" basis, as long as the email is relevant to the recipient's professional role.
"Legitimate interest" is the legal basis for B2B cold email under GDPR. It means you have a reasonable business reason to contact someone, and the email is relevant to their work.
United Kingdom: UK GDPR + PECR
Post-Brexit, the UK has its own version of GDPR plus the Privacy and Electronic Communications Regulations (PECR).
Rules are similar to the EU:
- B2B cold email is allowed under legitimate interest
- The email must be sent to a corporate address ([email protected]), not a personal one
- Include an opt-out mechanism
- Sole traders and partnerships have the same protections as individuals (opt-in required)
Canada: CASL
Canada's Anti-Spam Legislation (CASL) is one of the strictest. It requires some form of consent before sending commercial email.
However, there are exceptions for B2B:
- Implied consent exists if you have a pre-existing business relationship, the recipient's email is conspicuously published (e.g., on their website), or the email is relevant to their business role
- You must still identify yourself, include a physical address, and provide an unsubscribe option
- Implied consent based on a published email address is limited to the first message
Australia: Spam Act 2003
Australia's Spam Act requires consent before sending commercial messages. The law is stricter than CAN-SPAM:
- You need either express consent or inferred consent from an existing business relationship
- Messages must include sender identification and an unsubscribe option
- You must honor unsubscribes within 5 business days
Compliant outreach on autopilot
MentionAgent sends personalized, B2B outreach with proper identification and opt-out handling, so your outreach stays legal and effective.
Start Getting Mentioned For $99/moWhat about link building outreach?
Link building outreach emails are still commercial messages and must follow the same laws. The good news: link building emails are typically:
- B2B, you're contacting bloggers and businesses, not consumers
- Personalized, good outreach is always personalized
- Low-volume, you're not blasting thousands of identical messages
- Relevant, you're contacting people whose content is related to yours
This means link building outreach generally falls well within legal boundaries. Just include an opt-out option and honest subject lines, and you're fine. One important note: don't use email marketing platforms like GetResponse or Mailchimp for cold outreach, as their terms of service prohibit it and they'll suspend your account. Use a dedicated outreach tool instead. For examples, see our link building email templates.
Compliance checklist
Follow these rules and you're legal in every major market. Before sending, find the right email address, verify it's valid, and clean your email list regularly to protect your sender reputation.
| Requirement | US | EU | UK | CA | AU |
|---|---|---|---|---|---|
| Honest subject line | Required | Required | Required | Required | Required |
| Sender identification | Required | Required | Required | Required | Required |
| Physical address | Required | Recommended | Recommended | Required | Required |
| Opt-out mechanism | Required | Required | Required | Required | Required |
| Honor opt-outs | 10 days | Immediately | Immediately | 10 days | 5 days |
| Prior consent (B2B) | Not needed | Not needed* | Not needed* | Implied OK | Needed |
* Legitimate interest basis required. Email must be relevant to the recipient's professional role.
Which country has the most permissive cold email law?
Right! The US CAN-SPAM Act is opt-out based, meaning you can email anyone as long as you provide an opt-out mechanism. Most other countries have some form of consent requirement.
The US has the most permissive law. CAN-SPAM allows cold emails without prior consent, you just need to include an opt-out, physical address, and honest subject lines.
Frequently asked questions
Is cold emailing illegal?
No. Cold emailing is legal in most countries, but it's regulated. In the US, CAN-SPAM allows cold emails with proper disclosures. In the EU, B2B cold emails are allowed under GDPR's "legitimate interest" basis. Each country has specific requirements you must follow.
Can you send cold emails under GDPR?
Yes, for B2B. GDPR allows B2B cold emails under the "legitimate interest" legal basis if they're relevant to the recipient's professional role. B2C cold emails typically require prior opt-in consent.
What happens if you violate cold email laws?
Penalties vary. US CAN-SPAM violations can cost up to $51,744 per email. GDPR fines can reach 4% of global annual revenue. Canada's CASL fines go up to $10 million per violation. In practice, enforcement targets high-volume spammers, not personalized outreach.
Do cold email laws apply to link building outreach?
Yes. Link building outreach is commercial communication and must comply with the same laws. However, since it's typically B2B, personalized, and low-volume, it generally falls well within legal boundaries.
Can I cold email someone I found on LinkedIn?
It depends on your country's laws. In the US, yes, CAN-SPAM allows it as long as you follow the rules. In the EU, you need a legitimate business interest and the email must be relevant to their professional role. In Canada, a publicly listed email on LinkedIn may count as implied consent for the first message under CASL.
Do I need a physical address in my cold emails?
In the US (CAN-SPAM) and Canada (CASL), yes, you must include a valid physical postal address. A PO box or registered business address works. In the EU and UK it's recommended but not always strictly required for B2B emails, though including one adds credibility.