🔧 More free tools: MX Checker·SPF/DKIM/DMARC·Bounce Rate·Disposable Detector

Cold Email Legal Compliance

Cold email isn't dead — if you respect the rules. Here's what US, EU, and German law actually require.

Mailchimp email marketing platform

Different jurisdictions have different rules. In the US, CAN-SPAM allows cold commercial email if you meet a few requirements. In the EU, GDPR requires a legal basis — but "legitimate interest" makes B2B cold email possible, while B2C almost always requires prior consent (opt-in). In Germany, the UWG is even stricter: unsolicited B2C email without consent is prohibited with almost no exceptions.

CAN-SPAM (United States)

CAN-SPAM allows unsolicited commercial email if you comply with seven requirements:

  1. Don't use false or misleading headers (From, To, Reply-To)
  2. Don't use deceptive subject lines
  3. Identify the message as an advertisement (only if it is one)
  4. Include your valid physical postal address
  5. Explain how to opt out
  6. Honor opt-outs within 10 business days
  7. Monitor third parties sending on your behalf

Penalties: up to $53,088 per email. But practically, CAN-SPAM rarely leads to lawsuits; the bigger risk is spam filter penalties ruining your future deliverability.

Email marketing automation

GDPR (EU) — the legitimate interest path

GDPR requires a legal basis for every data processing. For cold B2B email, the usual basis is Art. 6(1)(f) — legitimate interest. This requires:

  • A legitimate interest (growing your B2B business)
  • Necessity (email is a reasonable method)
  • Balancing test (the recipient's rights don't outweigh your interest)

The balancing test is where you need to be careful:

  • B2B contacts (role-based: sales@, or personal business emails of decision-makers): usually OK if you're genuinely relevant to their role
  • B2C: almost never. Personal emails require opt-in
  • Unrelated products: weak case. A CRM tool emailing HR managers is fine; the same tool emailing random consumers is not

You must also document your interest assessment and offer one-click unsubscribe in every message.

Germany: UWG §7 — stricter than GDPR

Germany's Unfair Competition Act (UWG) has its own rules on top of GDPR:

  • B2C unsolicited email: forbidden without prior express consent. No exceptions for "this is clearly relevant" arguments
  • B2B cold email: allowed only if there's a "presumed interest" — typically true when you contact a decision-maker about a product directly relevant to their role
  • Every email must include a functional unsubscribe link
  • Your impressum (legal imprint) must be reachable

Penalties: up to €300,000 per incident, plus cease-and-desist letters (Abmahnungen) that routinely cost €800-2,500.

Email campaign builder

Compliance checklist (use before every cold email)

  • ✓ Recipient is a business contact relevant to your offering
  • ✓ Subject line is truthful and descriptive
  • ✓ Your real name or company is in the From field
  • ✓ Physical postal address in footer
  • ✓ Unsubscribe link is visible and works
  • ✓ Short impressum reference in German emails
  • ✓ You've documented your legitimate interest (for EU)
  • ✓ Domain is authenticated (SPF/DKIM/DMARC — see our setup guide)
  • ✓ Data source documented (where did you get this email?)
  • ✓ You honor opt-outs within 10 days (US) / immediately (EU/DE)

What never works

  • Bought lists — you have no legal basis and spam traps destroy your reputation
  • Scraped lists without consent — both GDPR and ToS violation
  • "You can unsubscribe here" as the only compliance — unsubscribe is a minimum, not a cure-all for missing consent
  • Re-using a list someone gave you — you need documentation of their legal basis too
DD
About the Author

Daniel Dorfer worked for nearly four years in technical support at GMX, one of Germany’s largest email providers, and for almost two years at united domains, a leading domain hoster and registrar. He is a founding member of the KIBC (KI Business Club). This website was built entirely with the help of Claude Code (Opus 4.6) by Anthropic.

Email marketing suite