What Is Cold Email? (And How Is It Different From Spam)
Cold email gets lumped in with spam constantly, and it is worth being precise about why that is wrong. The two share a surface feature: the recipient did not ask to hear from you. Everything else is different. One is a targeted, 1:1 business communication. The other is a broadcast message blasted to anyone whose address could be harvested. The distinction matters legally, operationally, and ethically.
If you are trying to understand what cold email actually is before deciding whether to use it or how to run it, this is the clearest framing we know.
The actual definition
Cold email is a one-to-one, unsolicited email sent to a specific individual at a specific company because you have a reason to believe they fit a profile you are targeting. The message is written for that person or a narrow segment, not broadcast to a list of thousands of people regardless of fit.
That 1:1 character is what separates it structurally from mass email. A cold email says: I identified you specifically, I know what you do, I think what I am offering is relevant to you. A spam message says: I have your address and I want to sell you something.
Cold email is also distinct from inbound email marketing. When someone downloads a lead magnet from your site and joins your nurture sequence, they opted in. Cold email starts with zero prior relationship. That is what makes it "cold."
How it differs from spam
The word "spam" has a legal definition and a colloquial one. Colloquially, spam means any unwanted commercial email. Legally, it means something more specific: bulk commercial email sent without consent, without a legitimate business purpose, without a functioning return address, and without a working unsubscribe mechanism.
Cold email done properly has none of those problems. The message is sent to a relevant business contact, it identifies the sender, it comes from a real domain, and it includes either an opt-out mechanism or is structured as a genuine 1:1 exchange where a reply serves the same function.
Spam filters operate on signals: volume, reputation, sender authentication, link patterns, complaint rates. A properly configured cold email campaign does not trigger most of these. It comes from a warmed domain, contains no bulk sending headers, and lands as what it is: a business email.
Why it is legal when spam is not
CAN-SPAM (United States)
The US CAN-SPAM Act of 2003 sets rules for commercial email but does not require prior consent from recipients. It requires accurate headers, a non-deceptive subject line, a physical postal address, and a working opt-out mechanism. A cold email to a business contact that includes these elements is compliant. CAN-SPAM explicitly allows unsolicited commercial email to business addresses, provided the technical requirements are met.
GDPR (European Union)
GDPR is stricter, but it does not flatly prohibit cold email to business contacts. The legal basis is typically "legitimate interest," which allows processing of personal data when you have a genuine business reason and the contact's interest in not receiving the email does not outweigh yours. For B2B outreach where the email is professionally relevant, this basis is defensible. The requirements: you must identify yourself, you must make opting out easy, and the message must be relevant to the contact's professional role.
B2B exemptions in practice
Most privacy regulations treat business email addresses differently from personal ones. A work email published on a company website or listed in a professional database has a lower expectation of privacy than a personal Gmail account. That does not mean anything goes, but it does mean the legal bar for professional outreach is significantly lower than for consumer marketing.
Who uses cold email and why it works
Cold email is used heavily by B2B companies with high average contract values. At five-figure deal sizes, the math works easily: a campaign that generates three qualified meetings per month, with a 30% close rate, pays for itself many times over if the average deal is worth $20,000 or more.
The channel works because business decision-makers read their email. Unlike social media, where posts compete with entertainment and personal content, a well-written email to a professional's work inbox gets evaluated on its own terms. If it is relevant and credible, it gets a response.
It also works because it scales in ways that personal referrals do not. You cannot get a personal introduction to 500 VP of Operations contacts in a given month. You can reach them via cold email, and the ones who are a good fit will respond.
What cold email is not
A few channels get confused with cold email regularly:
- Email newsletters are sent to opted-in subscribers. Even if you rarely read a newsletter you signed up for, the consent was given. That makes it categorically different from cold outreach.
- Retargeting emails are triggered by prior behavioral data: someone visited your site, used your app, or was in your CRM. There is already a relationship, however thin.
- LinkedIn DMs are frequently called "cold outreach" but they are not email. The platform's inbox is different from a professional's primary email address, and the norms around volume, personalization, and consent differ meaningfully.
- Mass blast campaigns sent from your primary company domain to scraped lists are not cold email in any meaningful sense. They are spam. The infrastructure and intent are both different.
Cold email vs spam vs newsletter: a direct comparison
| Dimension | Cold Email | Spam | Newsletter |
|---|---|---|---|
| Targeting | Specific individuals matching a profile | Anyone whose address could be obtained | Opted-in subscriber list |
| Personalisation | High: role, company, relevant context | None or superficial merge fields | Moderate: segment-level personalisation |
| Legal basis | Legitimate interest (B2B); CAN-SPAM compliant | No valid legal basis | Explicit consent (opt-in) |
| Opt-in required | No (B2B, with conditions) | No (and non-compliant) | Yes |
| Commercial intent | Usually yes, but directed and relevant | Yes, indiscriminate | Varies: content, product, mixed |
| Volume per send | Low to moderate (per sender) | High, typically automated bulk | High (to the full list) |
The practical takeaway
Cold email is a legitimate business development tool when it is used with specificity and intent. The key variables are: Is this person a plausible fit for what you offer? Is the message written for them rather than blasted at them? Is the infrastructure configured to send as a real business rather than a bulk mailer? And does the message comply with the relevant regulations in your recipients' jurisdictions?
Get those things right and cold email is neither spam nor a grey area. It is direct sales outreach via the channel that business professionals actually monitor.
Quick answers
Yes. CAN-SPAM does not require prior consent for commercial email to business contacts. It requires accurate sender information, a non-deceptive subject line, a physical address, and a working opt-out. B2B cold email that meets these requirements is compliant.
Not categorically. GDPR allows processing under legitimate interest, which applies to professionally relevant B2B outreach. You must identify yourself, make opt-out simple, and ensure the message is relevant to the recipient's professional role. B2C cold email has a much higher bar.
Filters look at sending infrastructure (domain age, authentication records, sender reputation), message patterns (link density, spammy phrases, HTML ratio), and behavioral signals (complaint rates, bounce rates). A properly warmed domain sending relevant 1:1 messages passes most of these checks.