Cold Email for B2B: How to Do It Right and Legally

Cold Email for B2B: How to Do It Right and Legally

Most cold email fails for a boring reason: it never reaches the inbox, or it reaches the wrong person with a pitch they didn't ask for. The reply rate sits near zero, the domain reputation quietly burns, and someone concludes "cold email doesn't work."

It works. A focused B2B sequence to a tight, relevant list still books sales calls at a cost that beats most paid channels. The catch is that the channel punishes sloppiness harder than almost any other. Send to a bought list of 50,000 addresses and you can torch a domain in a week. Send 40 well-researched messages a day to people who have the problem you solve, and you build pipeline.

This guide covers the parts that decide the outcome: building a clean list, staying on the right side of the law in the US, EU, UK, and Canada, getting messages delivered, writing copy that earns a reply, and reading the metrics that actually tell you something.

Cold email is outbound, and that changes everything

When someone fills out a form on your site, they raised a hand. Cold email is the opposite: you reach out first, to someone who has never heard of you. That single difference drives every decision downstream, from how you write to what the law allows.

The strategic question is whether outbound fits your business at all. It earns its place when you have a clear, definable target (a specific role at a specific kind of company), a deal size that justifies one-to-one effort, and a problem that prospects recognize when you name it. Sell a $200/year tool to small businesses and cold email rarely pencils out. Sell a $40,000 implementation to heads of operations at logistics firms, and a researched list of 300 accounts can carry a quarter's pipeline.

If you are still weighing channels, the trade-offs between reaching out and getting found are worth a clear look. We covered them in inbound versus outbound lead generation, and cold email sits firmly on the outbound side.

The legal part, before you send a single message

Skipping this section is how companies end up with fines and blacklisted domains. The rules differ by where your recipient sits, not where you sit, so a US company emailing a prospect in Germany answers to EU law.

United States (CAN-SPAM). The friendliest regime for B2B cold outreach. You may email business prospects without prior consent, but you must: use accurate "From" and subject lines, identify the message as a solicitation where relevant, include a valid physical mailing address, and honor opt-out requests within 10 business days. Penalties run high per violation, so the unsubscribe link and the real address are not optional.

European Union and UK (GDPR plus PECR). Stricter. Under GDPR a business email tied to a named person is personal data, and you generally need a lawful basis to process it. For cold B2B email, that basis is usually "legitimate interest," which requires that your message be relevant to the person's professional role and that you weigh their rights against your interest. You must identify yourself, offer an easy opt-out, and be ready to delete data on request. Emailing a generic role address (info@, sales@) is lower risk than emailing a named individual.

Canada (CASL). The toughest. CASL generally requires consent before sending commercial electronic messages, with narrow exceptions (for example, an existing business relationship, or a recipient who published their address without a "no unsolicited email" notice and where your message relates to their role). Penalties are steep. If you target Canada, get specific legal advice rather than guessing.

Two practical takeaways. First, segment your sending by region so you apply the right standard to each list. Second, whatever the jurisdiction, the safe-by-default behaviors overlap: be honest about who you are, email people for genuine professional reasons, make opting out trivial, and stop when asked. None of that hurts response rates. It usually helps.

This is general information, not legal advice. Run your program past counsel if you operate at scale or in regulated markets.

Build the list yourself, never buy one

Bought lists are the fastest way to kill a sending domain. They are stuffed with spam traps (addresses that exist only to catch senders who didn't get consent), outdated contacts, and people who will mark you as spam on sight. A few hundred hard bounces and complaints, and mailbox providers stop trusting your domain.

Build instead. Start from your ideal customer profile: the industry, company size, and role of the person who feels the pain you solve. Then source contacts deliberately:

  • Pull target accounts from LinkedIn Sales Navigator filtered by industry, headcount, and job title.
  • Find verified email addresses with a reputable enrichment tool, then run every address through a verification service before sending.
  • Enrich with a trigger where you can: a recent funding round, a new hire in a relevant role, a job posting that signals the problem. A relevant reason to reach out lifts replies more than any subject-line trick.

Verification matters more than volume. Aim to keep your bounce rate under roughly 2% to 3% (an illustrative threshold, but a common one mailbox providers watch). Quality list work is the same discipline that separates good lead generation from spray-and-pray, a theme we keep returning to in B2B lead generation.

Deliverability: the part nobody sees until it breaks

You can write a perfect email and still land in spam. Deliverability is the technical groundwork that decides whether your message reaches the inbox, and it is where most first-time senders go wrong.

The non-negotiables:

  • Use a separate sending domain. Never run cold outreach from your primary domain. Buy a lookalike domain (yourcompany-mail.com) so that if reputation takes a hit, your main email and your marketing stay safe.
  • Authenticate. Set up SPF, DKIM, and DMARC records on the sending domain. Without them, providers treat you as suspicious by default.
  • Warm up slowly. A brand-new domain that suddenly sends 500 emails looks like a spammer. Ramp over two to four weeks, starting at a handful of sends per day and increasing gradually. Warm-up tools that simulate real conversation help.
  • Cap daily volume per inbox. Keep each mailbox to roughly 30 to 50 cold sends a day. To scale, add more inboxes and domains, not more volume per inbox.
  • Watch your signals. A spike in bounces or spam complaints means stop and fix, not push harder.

Here is how the two approaches compare in practice.

Factor Burner approach (fails) Sustainable approach (works)
List Bought, unverified, 50k addresses Self-built, verified, tightly targeted
Sending domain Primary company domain Separate lookalike domain, authenticated
Daily volume per inbox Hundreds, from day one 30 to 50, after a warm-up
Typical outcome Spam folder, blacklist, dead domain Inbox placement, replies, pipeline

Numbers above are illustrative ranges, not guarantees. Your safe limits depend on domain age, provider, and complaint history.

Write like a person, not a brochure

Cold email copy fights two enemies: the spam filter and the two seconds your reader spends deciding whether to keep reading. Win both with restraint.

Keep it short. Three to five sentences. A wall of text on a phone screen gets archived. The less you say, the more your one clear point lands.

Lead with them, not you. The first line should reference the reader's situation, not your company. "Saw you're hiring three SDRs this quarter" beats "We're a leading provider of..." Personalization that proves you did five minutes of homework is the single biggest lever on reply rate.

Make the ask small. Do not ask for an hour. Ask a question, or for a yes/no on whether the problem is even relevant. The job of a cold email is to start a conversation, not close a deal.

Skip the spam triggers. Avoid "free," "guarantee," "act now," excessive links, and image-heavy templates. Plain text from a real person outperforms a designed newsletter for cold outreach, and it dodges filters.

A workable structure: one line of relevant context, one line naming a problem you see in companies like theirs, one line on the outcome you help create, one soft question. That is the whole message.

The follow-up is where the replies are

The majority of cold-email replies come from follow-ups, not the first send. People are busy, your email arrives at a bad moment, it slips down the inbox. A short sequence, spaced out and adding value each time, is what separates a working program from a one-shot blast.

A reasonable cadence:

  1. Day 1: the initial message.
  2. Day 3 to 4: a brief nudge with a new angle or a relevant resource, not "just bumping this."
  3. Day 7 to 8: a different value point, perhaps a one-line proof or a customer outcome (real only).
  4. Day 12 to 14: a short break-up message ("Should I close the loop on this?"), which often pulls a surprising number of replies.

Three to four touches over two weeks is plenty. Every message must add something. A follow-up that only says "did you see my email" trains people to ignore you and risks complaints.

Measure replies and meetings, not opens

Open rate is increasingly unreliable, partly because privacy features auto-load tracking pixels and inflate the number. Judge cold email by what moves the business:

  • Reply rate: the real engagement signal. A healthy positive reply rate for a well-targeted B2B sequence often lands somewhere in the low single digits as a percentage (illustrative, and highly dependent on list quality and offer).
  • Positive reply rate: of those replies, how many show interest versus "not interested" or "unsubscribe."
  • Meetings booked: the metric that pays the bills.
  • Bounce and complaint rates: your safety gauges. Rising numbers mean a list or deliverability problem to fix before it spreads.

Tie it back to economics. If a sequence books meetings, you can work out cost per meeting and, downstream, cost per qualified lead. The same discipline we apply to paid channels in cost per lead and CAC applies here: a channel earns its budget on what it costs to acquire a customer, not on vanity engagement.

Common mistakes that sink cold-email programs

  • Volume over relevance. Sending more to a worse list is the most common error and the most damaging.
  • No separate domain or warm-up. Reputation damage on a primary domain is expensive and slow to repair.
  • Generic personalization. "Hi {first_name}, I came across your company" fools no one. Specificity earns replies.
  • Pitching the meeting too early. A cold email should start a conversation, not demand a calendar slot.
  • Ignoring opt-outs. Beyond the legal exposure, it generates complaints that wreck deliverability.

FAQ

Is cold email legal for B2B?

In the US, yes, under CAN-SPAM, provided you use honest headers, include a physical address, and honor opt-outs promptly. In the EU and UK it is allowed under GDPR's legitimate-interest basis with safeguards, and in Canada CASL generally requires consent. Match your rules to where the recipient is, not where you are.

How many cold emails can I send per day?

Per inbox, keep it to roughly 30 to 50 after a proper warm-up. To send more, add inboxes and domains rather than raising the per-inbox count, which protects your reputation. These are conservative, illustrative limits, not hard caps.

Should I use my main company domain?

No. Set up a separate, authenticated sending domain (often a lookalike of your primary one) so any reputation damage stays away from your real email and marketing systems.

Why are my cold emails landing in spam?

Usually one of a few causes: missing SPF/DKIM/DMARC authentication, no warm-up on a new domain, a low-quality list driving bounces, spam-trigger words, or too many links and images. Fix authentication and list quality first.

How long before cold email produces results?

Plan for weeks, not days. The first one to two weeks go to domain warm-up. After that, expect a few weeks of iterating on targeting and copy before reply rates stabilize. It is a build, similar in pace to other outbound efforts.

Is cold email better than LinkedIn outreach?

They complement each other. Many B2B teams combine a connection or message on LinkedIn with an email sequence, which lifts response over either alone. Use email for scale and LinkedIn for warmth; the right mix depends on where your buyers actually pay attention.

Wrapping up: a short pre-send checklist

Before your next campaign goes out, confirm:

  • The list is self-built, verified, and tightly matched to your ideal customer profile.
  • You are sending from a separate, authenticated domain that has been warmed up.
  • Each message is short, leads with the reader, and makes a small ask.
  • You have a two-week follow-up sequence that adds value each touch.
  • Every email has an easy opt-out and a valid physical address.
  • You are tracking replies and meetings, not just opens.

Cold email rewards patience and punishes shortcuts. Do the unglamorous work (clean lists, warm domains, relevant copy) and it becomes one of the most cost-effective ways to start B2B conversations.

If you would rather not build the deliverability stack and the list-research engine from scratch, that is exactly the kind of outbound system we set up for clients. Book a 20-minute call with Lead The Way and we will map out whether cold email fits your market and what a working program would look like for your numbers.