A cold emailer's guide to B2B spam compliance

An ounce of prevention is worth a pound of solution. Or, in the case of sending cold B2B emails that don't meet regulation standards, that could be $10,000+ of solution. Holy guacamole, Batman!

There's some good news and some bad news; we'll start with the bad.

Bad news = even though your solution might be the PERFECT fit for your target customer's pain points, you're still required to follow proper procedures when reaching out to them. Just like the laws that keep door-to-door salespeople from knocking down doors with a battering ram, there are regulations that need to be followed when sending cold emails.

Good news = if you comply with some easy-to-follow rules, you can cover your butt, present yourself in a more professional light, and make sure that you don't break out into an unsightly sweat when someone threatens you with legal action.

As our team at Conversations eats, sleeps, breathes, and stares with blearly eyes at emails all day every day, complying with regulations has become something of a second nature. After seeing how many people reach out to us without adhering to compliance standards, we decided it was time to share what we know and protect the bank accounts of those sending cold emails to their prospects. So, without further ado, let's dive into what email compliance looks like at the big 5 English-speaking countries you're likely reaching out to.

(Quick disclaimer: please note that none of the following should be considered legal advice. All of the information provided can be found freely at the appropriate links)


USA - Legislation: CAN-SPAM


The good ol' United States of America. A.K.A. cold email's bread-n-butter. Here's the good news: the US has the most lenient rules of all English-speaking countries for email compliance. For a country that prides itself so heavily on freedom (freedom to drive giant trucks, eat mountainous hamburgers, and stare at the majestic eagle as it soars on high), it should come as no surprise that there's a lot of freedom to be had for emailing your prospects out of the blue. The rules:

  1. Disclose advertising intent: Don't be coy and don't try to trick anyone. Be straightforward with who you are, what you do, and what you want.
  2. Include an opt-out option: Make sure that you give people a way to opt-out. Whether including a blurb that says "please let me know if you're not interested" or a simple opt-out link, respect your prospect's wishes and remove them from your outreach if they ask.
  3. Send from a real person: Each email that you send has to come from a real person at your company. If there's no "John Smith" at your company, then he better not be reaching out to anyone.
  4. Don't email personal accounts: If it's a personal email account, don't send it. The rules are much stricter when it comes to emailing people's personal emails and there's no leniency. Make sure that you are only sending to people's business accounts to ensure that you're on the right side of the law.
  5. Add your business' physical address to your signature: Not only does this establish your position as a real business (and not someone who is phishing), but it is required under CAN-SPAM.

And that's it! The US is pretty hands-off when it comes to email outreach. Unfortunately . . . 


Canada - Legislation: CASL


As of June 2017, cold email has been drawn, quartered, and all but eradicated from existence in Canada. CASL's new restrictions remove the ability to send cold outreach (and really all B2B outreach that has not previously received an "opt-in" (where somebody hands you their email address and says "feel free to email me!")).

Moral of the story: the USA's friendly neighbors may tolerate the cold, but cold email is a no-go. We HIGHLY recommend anyone currently using cold email as an outreach method stop immediately; the fines are hefty.


United Kingdom - Legislation: PECR + Data Protection Act 1998


Not to be outdone by their fellow English-speaking counterparts, the United Kingdom has not one, but two pieces of legislation that deal with cold email. Once again, we have a good news, bad news kind of thing.

Bad news: The UK's dual-act approach to cold email makes things a bit more complicated than the US.

Good news: It's actually quite easy to remain in compliance as long as you know what steps to take.

There are a lot of "recommendations" for sending B2B email in the UK. There's no mention of disclosing advertising intent, so we've just marked it on our checklist as "recommended" to keep in line with best-sending practices. The same goes for sending your emails from a real person at the company and including an address in your signature. There's no clear indicator of these being required, but we highly recommend you safeguard yourself (and your business) as much as possible.

Here's where things get a bit more complicated: in the UK, cold outreach can only be sent to incorporated businesses. Sole proprietors and partnerships are off-limits, so table any drafts you may have had queued up.

Now the question of the hour - "How do I know what businesses are incorporated?"

Luckily, we have a government-run website, Companies House, that provides a lookup tool that gives each company's incorporation status. Make sure that the business you want to reach out to has "company" under incorporation status and stay away from partnerships and sole proprietors.

The only other rule that you're required to follow is that an individual within a company has the right to opt-out at any time. If they tell you to stop emailing them, the Data Protection Act 1998 requires that you do so.

While there aren't too many actual regulations for the UK (save the company lookup and honoring opt-outs), we recommend following our internal checklist for UK companies to ensure best-sending practices:

  1. Check incorporation status: Remember to check the company status on Companies House.
  2. Honor opt-outs: Be professional and allow your prospects to end communication.
  3. Be transparent: Let your prospect know exactly what you're emailing them about.
  4. Provide an address in your signature: This not only cements your legitimacy, but also establishes your professionalism.
  5. Send from a real person: If you're not comfortable putting a real name and face to your outreach, it's probably not worth sending in the first place. Take pride in what you're presenting.
  6. Make sure you're not emailing a personal address: This goes hand-in-hand with the incorporation status. You should only be emailing people at their company email addresses (provided that the business itself is incorporated).


Australia - Legislation: SPAM Act of 2003


So far we've had a fairly easy-to-follow piece of US regulation, a no-cold-emails-here Canadian approach, a gonna-throw-you-some-curveballs set of UK legislation, and now it's time to take a trip down under.

Australia's compliance for B2B emails is challenging. It has a lot of the same requirements as the US:

  • Disclose advertising intent
  • Provide an opt-out option
  • Send from a real person
  • Don't email personal email addresses

But then, the SPAM Act of 2003 adds a major challenge: in order to reach out to someone via cold email, their email address must be published conspicuously without an attached note asking that they not be solicited. If their email is published conspicuously (for example on their company website) but has a note attached that says, "Please don't contact me with any solicitous emails," you're out of luck.

If their email isn't published conspicuously (i.e., somewhere legitimate and not on some questionable "find person" website), you're again out of luck.

For our own clients, we run the following checklist to make sure we're following the rules and best-sending practices:

  1. Ensure email is available conspicuously: If this step isn't possible, consider alternative options for reaching out to the prospect. Email is off the table. If their email is available publicly, we highly recommend retaining some proof (whether a screenshot of the page or a link).
  2. Check for a "no-solicit clause": If the email is public but accompanied by a note saying they do not want to be contacted for commercial pursuits, it's a no-go.
  3. Be transparent: This is just another way to say that you should be disclosing exactly what you want right away. Don't beat around the bush.
  4. Provide an opt-out option: It's both required and polite. Do your mother proud and be courteous.
  5. Send from a real person: Take pride in what you do or rethink how you're positioning yourself.
  6. Provide a business address in your signature: See Step #5.
  7. Don't email personal email addresses: Even if someone posts their personal email address publicly, it's not worth taking the risk. Don't email personal email addresses.


New Zealand - Legislation: Unsolicited Electronics Messaging Act 2007


See Australia. Seriously, it's pretty much all the same information.


What if an agency (or my sales team) is sending emails on my behalf?


Good news/bad news yet again!

Good news - Someone else can 100% send on your behalf. We do it for our clients everyday.

Bad news - Everyone involved in the sending is liable if there are breaches in sending compliance. If the agency (or team) sending on your behalf is half-hearted in their compliance with the regulations of the listed countries, you want to rethink things.

Please feel free to reach out with any questions you might have. While we are not attorneys and all of the information provided here does not constitute legal advice (seriously, please read the documentation yourself; this is just to give an overview and provide insights into our best-sending practices), we're happy to help where we can.

Stay compliant, my cold (emailing) friends!


Isaac Marsh