Yes, you can send marketing emails to companies you've never spoken with — and no, that doesn't make you a spammer. Cold B2B email outreach is 100% legal in the United States, provided you follow the rules. The problem is that most guides either oversimplify those rules or bury the details that actually matter. Meanwhile, the FTC keeps raising the stakes: as of January 2025, each individual non-compliant email is subject to a penalty of up to $53,088 — not per campaign, per email.
In this guide, you'll get a clear, current answer to what's actually legal when emailing other businesses in the US, what CAN-SPAM, GDPR, and CASL require from you in practice, and what changed in 2024 that affects every business sending email at scale. We'll also cover the compliance steps that most small businesses skip — and that the FTC has used in its two most recent enforcement actions against Experian and Verkada. By the end, you'll know exactly what to do before you hit send.
Table of Contents
- Why It's Good Marketing to Send to Companies
- What Are the Email Marketing Laws?
- Know Who You Are Marketing To
- How to Comply to Marketing Laws
- Consequences of Not Following Email Marketing Laws
- What's Next?
Why It's Good Marketing to Send to Companies
B2B email outreach has a reputation problem it doesn't deserve. Done correctly — with the right message, the right audience, and full compliance with applicable laws — it's one of the most cost-effective ways to build brand awareness and generate qualified leads. Email gives you direct access to a decision-maker's inbox without paying for ad inventory, and it gives you measurable data on exactly how your message is performing.
Beyond reach and ROI, compliance itself works in your favor. A business that visibly follows the laws regarding email marketing — CAN-SPAM, GDPR, and CASL requirements — with a clear unsubscribe option, a valid physical address, and an honest sender name — signals legitimacy. Prospects can tell the difference between a business that respects their inbox and one that doesn't. The right email platform makes this easy: compliant templates, automated unsubscribe handling, and built-in address blocks come standard, so you spend less time on legal housekeeping and more time on the message.
Is Spam Legal?
According to Statista, nearly 46.8% of all global email traffic as of December 2024 was spam — not just marketing email, all email. That volume exists largely because bulk sending is cheap and enforcement, while real, is selective. Some senders knowingly violate the rules. Others simply don't know where the line is.
Here's the clearest answer to whether cold emailing is legal: you can send marketing emails to business contacts you've never spoken with. It's 100% legal in the United States — as long as the email meets CAN-SPAM requirements. The CAN-SPAM Act, enacted in 2003 and enforced by the FTC, applies to any commercial electronic message and gives recipients the right to stop receiving emails from you at any time.
The distinction worth understanding: spam is not a legal term. An email can be technically spam — unsolicited, bulk, unwanted — and still be fully legal. Conversely, an email can be illegal without being spam in any conventional sense. What matters for your business isn't whether your email feels like spam to the recipient. It's whether it complies with the law. That distinction is what this article is built around.
What Are the Main Email Marketing Laws?
Many people seem to carry the misconception that any cold or unsolicited email is spam, and that spam is illegal.
To start with, let's clarify the distinction between spam and illegal email. Spam is not a legal or official term, and definitions vary. A spam message may not be illegal, and an illegal message may not be spam.
CAN-SPAM Act
The CAN-SPAM Act, enacted in 2003, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out penalties for violations.
The Act applies to "any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service."
To follow the CAN-SPAM law, you must follow the legal requirements below:
Easy Opt-out
The first requirement of the CAN-SPAM Act is that recipients must have a way of opting out of your messages. An opt-out can be as easy as an unsubscribe link. Or you can ask the recipient to email you back for email list removal. Whatever the opt-out method is, it must notify the recipient that there is something they can do if they don't want to receive messages from you.
Opt-outs Must Be Honored Within 10 Days
Once someone opts out of your messages, you have 10 days to get them off your email list. If you are emailing more than a handful of prospects, you will likely need a marketing or sales automation tool to track these unsubscribes. Manually processing email replies with "unsubscribe" in the subject line is not a measurable strategy.
No Misleading Subject Lines
All marketers could get great open rates if they used spam subject lines and email titles like, "URGENT: News about your mother's health" — except disgraceful tactics like this violate the CAN-SPAM Act.
You can still be clever, however. Some of the best subject lines are intentionally brief without being misleading. You might try the following tactics to make users see the cleverness of your business alongside the professionalism:
- Send a personal email: "Hi Karen, want free jeans with ANY purchase?"
- Humor: "Knock knock. Who's there? Half off doorbells! (And select home improvement items)"
Address Correctly
To be compliant with the CAN-SPAM Act, include your company's physical address at the bottom of your message. This can be a post office box you've registered with the U.S. Postal Service.
This is not an exhaustive list of requirements set forth in the CAN-SPAM Act, so do a deep dive into the CAN-SPAM Act and/or consult your attorney before launching your first cold email campaign. The key takeaway is this: you can send cold emails — you just have to make sure you're following the guidelines set out in the statute.
Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $53,088 — adjusted by the FTC in January 2025 — so non-compliance can be costly.
The CAN-SPAM Act, of course, applies only in the United States. If you are sending emails to other countries, you need to make sure you understand the laws of those countries.
Monitor What Others Do on Your Behalf
The law makes clear that even if you hire another company to handle your email marketing, you can't contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
Consent
A quick note on consent in terms of email marketing. Consent in email marketing is a freely given agreement that is reached for the specific purpose of sending emails.
Not responding to emails, or general inactivity, do not count as consent. You should put a system in place where everything will be kept up to date regarding your recipients' preferences — showing what you told them in your message requesting consent, what they agreed to, and when and how they gave their consent.
The FTC Act
The FTC enforces federal consumer protection laws that prevent fraud, deception and unfair business practices. The Commission also enforces federal antitrust laws that prohibit anti-competitive mergers and other business practices that could lead to higher prices, fewer choices, or less innovation.
Whether combating telemarketing fraud, Internet scams or price-fixing schemes, the FTC's mission is to protect consumers and promote competition.
The FTC administers a wide variety of laws and regulations, including the Federal Trade Commission Act, Telemarketing Sale Rule, Identity Theft Act, Fair Credit Reporting Act, and Clayton Act. In total, the Commission has enforcement or administrative responsibilities under more than 70 laws.
GDPR
If your outreach is US-only, CAN-SPAM is your primary obligation. If you email anyone in the EU, UK, or Canada, two additional laws apply. The General Data Protection Regulation (GDPR) took effect on May 25, 2018 in all member states to harmonize data privacy laws across Europe. Unlike CAN-SPAM, which allows cold email with an opt-out mechanism, GDPR requires explicit opt-in consent before sending marketing emails to anyone in the EU or UK. If you're emailing European businesses, this distinction is not optional — violations carry fines of up to €20 million or 4% of global annual turnover, whichever is higher.
All of these laws we covered dictate a number of conditions that email marketers need to follow to avoid significant fines.
While this may sound intimidating, if you're a legitimate business using a proper email marketing tool to send legitimate email campaigns, you are likely already complying with the rules.
CASL
Canada's Anti-Spam Legislation — commonly known as CASL — came into force in 2014 and is widely considered one of the strictest email marketing laws in the world. If you're sending marketing emails to Canadian businesses or individuals, CASL applies to you regardless of where your company is based.
The key difference from CAN-SPAM is the direction of consent. CAN-SPAM operates on an opt-out model — you can send first, and the recipient can unsubscribe later. CASL operates on an opt-in model: you must have express or implied consent before sending a commercial electronic message.
Express consent means the recipient explicitly agreed to receive emails from you — through a sign-up form, a checkbox, or a direct request. Implied consent applies in narrower circumstances: an existing business relationship within the past two years, or a purchase or contract within the past two years. Once that window expires, implied consent lapses and you must stop sending or obtain express consent.
Penalties under CASL reach up to $10 million CAD per violation (approximately $7.3 million USD) for businesses — significantly higher than CAN-SPAM's per-email structure. For US companies doing any outreach into the Canadian market, CASL compliance is not optional and not covered by CAN-SPAM compliance alone.
If you're sending emails to recipients in more than one country — or just want to understand how US law compares to international standards — this table gives you the key differences at a glance.
CAN-SPAM vs. GDPR vs. CASL: Email Marketing Law Comparison
The practical takeaway for most US businesses: CAN-SPAM gives you the most flexibility, but the moment you email anyone in Canada or Europe, the rules change fundamentally — consent must come before the send, not after.
Know Who You Are Marketing To
Segmenting all your leads and subscribers and implementing different requirements can be a bit difficult and time-consuming. The easiest option for doing international email outreach is to comply with all anti-spam laws to make your emails legal wherever you send them.
You can market to anyone, but it goes without saying that if you send to the right audience, you're more likely to see engagement from your emails. Know which companies you are marketing to. It's smart to send emails that are relevant to each individual company as well.
How to Comply to Marketing Laws
You would not want to ruin your own company's reputation, right? Businesses are hurt badly when they do not comply with email marketing laws. Sending solicited emails alone is not illegal, but when you send a non-compliant email, there are costly consequences and risk of hard bounces, unsubscribes, or reported emails, and emails going into the spam inboxes more often.
One compliance layer that changed in February 2024: Google and Yahoo now require all senders of 5,000+ emails per day to authenticate their domain with SPF, DKIM, and DMARC, provide one-click unsubscribe in the email header, and keep spam complaint rates below 0.3% as measured in Google Postmaster Tools. These aren't suggestions — senders who don't meet the requirements to see their emails rejected or routed to spam by default.
Make Sure You Have Permission to Email to Your Contacts
The definition of permission varies between each country's laws, but there are generally two types of permission: implied permission and express permission.
Implied permission describes those with whom you have an existing business relationship. This could be because they are a current customer, donate to your charity, or are an active member of your website, club, or community.
If you don't have implied permission to email a person, then you'll need to express permission. Express permission is granted when someone specifically gives you permission to send them email campaigns, potentially by entering their email address in a subscribe form on your website or entering their details into your in-store newsletter subscribe form.
Don't Use Misleading Headers
"Header information" refers to the extra information sent along with your email campaign, such as the "from" name, subject line, and reply-to address.
Email marketing laws stipulate that you must not include incorrect or misleading information in these fields to try to trick people into opening your email campaigns.
The key is not to purposely deceive your recipients. Arousing curiosity or getting creative with your subject line is perfectly acceptable, as long as you don't purposely try to deceive recipients.
Clearly State Your Email Is an Advertisement
CAN-SPAM laws stipulate that you must clearly and conspicuously disclose that your message is an advertisement.
The law gives a lot of leeway in how you do this, and you don't need to specifically state "This email is an advertisement" every time you send a campaign. It's more about not purposely deceiving your recipients into thinking this is a personal email.
Include an Opt-out Choice
Most email marketing laws stipulate that your email campaigns include a clear and conspicuous mechanism for opting out of receiving emails from you in the future, and that this mechanism is easy for an ordinary person to recognize and understand.
The CAN-SPAM Act stipulates that you must honor a recipient's opt-out request within 10 days, and that you cannot charge a fee to opt them out, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website to opt out.
Include Your Address
Most countries' email marketing laws stipulate that you must clearly include a valid postal address for your business in your email campaigns. This can be your current street address, a postbox address, or an address with a registered commercial mail-receiving company.
Also, make sure your "From:" and "Reply to:" fields accurately represent you and your company. You can't pull tricks like making up multiple generic domains to mask your identity or circumvent email filters.
Consequences of Not Following Email Marketing Laws
If you follow the above list of precautions when you send email marketing messages, you are less likely to have provider issues and violation of privacy laws.
But what if you find that you aren't following a privacy policy or any of the regulations listed above? Some of the consequences may be surprising and hurt your platform and business as a whole.
Consequences include heavy fines. According to the FTC, each separate email in violation of the law, whether there is a breach of personal data or even skipping the step of putting in your business address, is subject to penalties of up to $53,088 per email — a figure adjusted by the FTC in January 2025. In 2024, the FTC reached a $2.95 million settlement with Verkada — the largest CAN-SPAM penalty in the agency's history — over non-compliant marketing emails. The year before, Experian paid $650,000 for the same fundamental violation: no working way for recipients to unsubscribe.
And more than one person may be held responsible for violations. For example, both the company whose product is promoted in the message and the company that originated the message (including the platform) may be legally responsible.
There is no exception to these laws, even for business-to-business content.
What's Next?
Before you begin sending campaigns for your business, it's important to understand the laws around email marketing and how to comply with them. If your emails are not country-specific, make sure whichever country you send an email to follows the email regulations according to those countries.
From your contact lists, you can segment contacts into different groups and make sure each email campaign sent to each follows GDPR, CAN-SPAM laws and more. This will also result in more eyeballs on your website and fewer (hopefully no) bad reports on your screen.
Using email marketing software like TruVISIBILITY makes complying with these rules easy. You get the tools you need to build your email list in the right way with marketing email templates that already help you comply with GDPR and other laws, and the software automatically handles the unsubscribe process and backend list management to ensure you meet the requirements around users unsubscribing from campaigns.
By combining one professional email marketing tool with some basic regulation around the use of the subject line and "from" name, you can easily send campaigns that meet the legal requirements and drive results, including sales, for your business.
You will see regulations already built in the templates, such as privacy, company address, easy unsubscribe option, and more widgets. Send marketing emails for free today!
FAQ
Is it legal to send cold emails to businesses in the US?
Yes. Cold B2B email outreach is fully legal in the United States under the CAN-SPAM Act, provided your emails include a valid physical address, an honest sender name, a non-misleading subject line, and a working opt-out mechanism. You do not need prior consent to send the first email — but you must honor unsubscribe requests within 10 days. Understanding cold email laws before your first send is the difference between a compliant campaign and a $53,088-per-email liability.
Does CAN-SPAM apply to B2B emails?
Yes, without exception. The CAN-SPAM Act applies to all commercial electronic messages regardless of whether the recipient is a business or an individual consumer. There is no B2B exemption. The same requirements — opt-out mechanism, physical address, honest headers — apply to every commercial email you send.
What is the difference between CAN-SPAM, GDPR, and CASL?
The core difference is consent model. CAN-SPAM allows you to email first and give recipients the right to opt out afterward. GDPR and CASL both require consent before you send — GDPR for anyone in the EU or UK, CASL for anyone in Canada. If you're sending internationally, the strictest applicable law governs your obligations for that recipient.
Can I buy an email list and send marketing emails to it?
In the US, sending to a purchased list is not automatically illegal under CAN-SPAM — but it carries significant practical risk. Purchased lists typically have high bounce rates and spam complaint rates, which damage your sender reputation and can trigger inbox filtering by Google and Yahoo. Under GDPR and CASL, sending to purchased lists without verified prior consent is a direct violation.
What happens if someone marks my email as spam?
A single spam complaint won't trigger legal consequences, but complaint rates matter. Google and Yahoo's 2024 bulk sender requirements set a threshold of 0.3% spam complaint rate — exceeding it causes your emails to be routed to spam or rejected outright. High complaint rates also signal to the FTC and other regulators that your sending practices may warrant scrutiny.
Do I need a physical address in every marketing email?
Yes, under CAN-SPAM. Every commercial email sent to US recipients must include a valid postal address — either your current street address, a registered P.O. box, or an address with a Commercial Mail Receiving Agency. Omitting it is a standalone CAN-SPAM violation subject to the $53,088 per-email penalty, regardless of whether anything else in the email is non-compliant.
Related articles
Want to receive more articles?
Sign-up for our weekly newsletter to receive info that will help your business grow
