Cold Email
An email sent to a prospect who has had no prior relationship with the sender. The second pillar of B2B outbound alongside LinkedIn, and the channel where deliverability and copy quality matter more than anywhere else.
TL;DR. A cold email is an email sent to a prospect who has had no prior relationship with the sender. It is the second pillar of B2B outbound alongside LinkedIn, and it carries a unique combination of upside (high volume capability, full message length, easy to track) and risk (deliverability is fragile, recipients are saturated, spam laws are real). This guide covers what a cold email is, the legal frame (CAN-SPAM, GDPR, CCPA), the deliverability stack that makes any of it possible, the copy patterns that work, the four-step canonical sequence, and where AI personalization fits.
What is a cold email?
A cold email is an unsolicited email sent from one business sender to a business recipient with whom the sender has had no prior relationship. The legal frame is jurisdiction-specific, but the practical definition is consistent: if the recipient hasn't opted in, signed up, met you at an event, or asked for your contact information, the email is "cold."
Cold email is one of the oldest channels in B2B sales and one of the most studied. Despite years of predictions that it would be killed by saturation, spam filters, or regulation, it remains the highest-volume scalable outbound channel for most B2B SaaS, services, and agency businesses. The reason: when the targeting and copy are right, the cost per qualified meeting via cold email is still lower than any other outbound channel, and the volume is essentially unconstrained.
The legal frame
The relevant regulations:
CAN-SPAM (United States)
US cold email is legal under CAN-SPAM if the sender:
- Does not use false or misleading header information.
- Does not use deceptive subject lines.
- Identifies the message as a commercial communication if the recipient has not previously consented (this is loosely enforced, most "personal" cold emails do not include this disclosure).
- Includes a valid physical postal address.
- Provides a clear opt-out mechanism and honors opt-out requests within 10 business days.
CAN-SPAM is an opt-out regime, you can email people without consent as long as you give them a clear way to opt out and you process opt-outs promptly.
GDPR (European Union, EEA, UK)
Different in spirit and stricter in practice. GDPR is an opt-in framework for most purposes, but B2B cold email is allowed under the "legitimate interest" basis in many EU jurisdictions, provided that:
- The email goes to a business address (not a personal one).
- The product is plausibly relevant to the recipient's professional responsibilities.
- The sender provides clear identification and a one-click opt-out.
- The sender honors data-subject rights (access, deletion).
In practice, B2B cold email is widespread within the EU, but penalties for sloppy implementations are real. Senders to EU prospects should not use personal addresses (e.g., a Gmail.com personal address), should keep a proper suppression list, and should not include personal data beyond what's necessary.
CCPA / CPRA (California)
Adds a right to know what data is held about a California resident, the right to deletion, and an opt-out of "sale" of personal information. B2B-to-B2B exemptions exist but are partial. Practical: include the same opt-out mechanism, honor delete requests promptly, and keep a contact's data minimal.
Other jurisdictions
Canada's CASL is opt-in for most purposes and stricter than CAN-SPAM. Australia's Spam Act is similar. Don't assume "CAN-SPAM compliance" is global compliance, it isn't.
The deliverability stack
Nothing else in this glossary matters if your emails don't reach inboxes. Cold email deliverability is fragile and requires several layers of setup that most teams underinvest in.
1. Domain authentication: SPF, DKIM, DMARC
SPF (Sender Policy Framework) tells receiving servers which servers are authorized to send mail from your domain. DKIM (DomainKeys Identified Mail) cryptographically signs outgoing mail. DMARC (Domain-based Message Authentication, Reporting & Conformance) ties the two together with a policy ("if SPF and DKIM both fail, what should the receiver do?").
By 2024, Gmail and Yahoo started requiring DMARC for any sender over ~5,000 emails/day. Without DMARC pass, inbox placement collapses.
Best-practice posture: SPF pass, DKIM pass on every outgoing message, and DMARC policy of p=quarantine (or p=reject for stricter setups) after a 30-day monitoring period.
2. Warmup
Brand-new sending mailboxes (or dormant ones returning to use) need to be "warmed", gradually scaled up from a handful of sends/day to the target volume over 4–6 weeks. Tools like Mailwarm, Lemwarm, and Linkziy's built-in warmup simulate engaged email exchanges (opens, replies) from a pool of warm mailboxes so the receiving servers see "real" engagement patterns.
Skip warmup and your first 500-message send from a new domain lands in spam. Even with warmup, sending from a 7-day-old domain at high volume is unwise. The math: every email reputation indicator is a moving average; new mailboxes have zero history and need time to accumulate it.
3. Sending infrastructure
Three options:
- Workspace mailboxes (Gmail Workspace, Microsoft 365). The most reputable senders, but with lower per-day caps (~500/day per mailbox) and higher cost per mailbox (~$6–18/month each).
- Shared sending platforms (SendGrid, Mailgun, AWS SES). Cheap and scalable but with shared IP reputation that can suddenly degrade.
- Dedicated IPs. Best for high volume, you own the IP reputation. Required for serious senders over 5,000/month.
Most B2B cold email programs run on workspace mailboxes for the first $5K MRR and add dedicated IPs as volume scales past 5K sends/month.
4. The unsubscribe link
Required by CAN-SPAM, GDPR, and best-practice for inbox placement. A clear, one-click unsubscribe link in every cold email is non-optional. Suppression list management, making sure unsubscribed recipients never receive another email from any sequence, is the legal and practical foundation.
What good cold email copy looks like
Across 14M cold emails analyzed, the patterns that drive top-decile reply rates are remarkably consistent.
Subject line
3–5 words. Sentence case. Reference something concrete the recipient cares about. Avoid the words "demo," "introduction," "quick question," "partnership," "synergy."
Strong examples:
- "Q4 pipeline, quick idea"
- "On your SDR ramp post"
- "Following the Stripe Sessions talk"
- "Notion's RevOps build"
Opener
One sentence. Reference a specific signal, a post they wrote, a hire they made, a podcast they were on, a quote in news. Prove you spent more than 15 seconds on their profile.
Bridge
One sentence connecting the signal to a likely problem. Not "I help X with Y" framed as a pitch. A claim grounded in their specific context.
Proof
One sentence, at most two, of lookalike credibility. "We've helped 8 RevOps teams at NYC SaaS shops ramp new SDRs to 40%+ reply rates in their first month." Specific, plausible, measurable.
Ask
One ask, and lower-stakes than a meeting. "Worth a 12-minute call?" beats "Worth a meeting next week?" The smaller the ask, the higher the reply rate.
Total length
60–110 words. Below 60 and you didn't earn the read. Above 110 and the recipient skims past.
The canonical cold email sequence
A 5-step sequence over 18 days outperforms single-send by 3× and a 2-step by 1.7×. The shape:
- Day 0: Initial cold email, opener, bridge, proof, ask.
- Day 3: Value-add, a 1-paragraph insight relevant to their role. No CTA.
- Day 7: Social-proof reframe, one customer story or stat. Soft CTA.
- Day 12: Angle change, same problem, different framing.
- Day 18: Breakup, "Closing the loop. Happy to revisit in Q3 if timing's better."
Reply rate distribution: ~45% at step 1, ~25% at step 2, ~12% at step 3, ~8% at step 4, ~10% at step 5 (the breakup punches above its weight).
What kills cold email programs
1. Sending before deliverability is set up
The #1 cause of failed cold email programs. Send 1,000 cold emails from an un-warmed mailbox with no DMARC policy and your domain reputation is destroyed in 48 hours. Months of remediation follow.
2. Buying lists
Purchased lists are universally low-quality, full of dead addresses (high bounce rate destroys reputation), and full of spam-trap addresses (a single hit gets you blacklisted). Build lists from real-time enrichment (Sales Navigator + Apollo / Cognism) instead.
3. Ignoring bounce and complaint rates
A 5% bounce rate signals reputation damage and triggers throttling. A 0.1% spam-complaint rate triggers a Gmail penalty. Most cold email tools surface these, most operators ignore them until something obvious breaks.
4. Sending the same template at high volume
Spam classifiers detect structural overlap between sends from the same domain. A program sending 1,000 copies of the same template per day will see deliverability collapse within a week.
5. No suppression list management
Re-emailing someone who unsubscribed is illegal under CAN-SPAM, GDPR, CASL, and most other regimes. It's also a fast path to spam-complaint rates that destroy reputation.
Cold email vs LinkedIn
Most modern B2B outbound runs both, the question is which leads.
- Cold email leads when the audience is operators, IT/security buyers, CFOs, anyone whose work surface is primarily email. Higher volume capability and faster cycle.
- LinkedIn leads when the audience is founders, executives, marketers, anyone who spends time on the platform daily. Slower cycle but warmer touches and higher acceptance/reply rates.
- Multichannel (LinkedIn + email) outperforms either channel alone by 2–3× in reply rate.
How AI changes cold email
Three shifts:
1. Personalization at scale
AI-personalized cold email outperforms templated cold email by 4–6× in reply rate at roughly the same cost per touch. Templated email's reply rate floor is around 4%; AI-personalized at the same volume reaches 18–24%.
2. Per-step writing
AI generates copy for every step of a sequence, calibrated to the prospect's role and history. The "step 2 follow-up" can be unique per prospect, not a template.
3. Reply triage
AI classifies inbound replies (positive, neutral, negative, OOO) and pre-drafts responses to the positive ones. Time-from-reply-to-meeting drops from hours to minutes.
How Linkziy handles cold email
The Outreach Automation module supports email (alongside LinkedIn) with built-in deliverability tooling:
- Mailbox connection (Gmail Workspace, Microsoft 365, custom SMTP).
- Built-in warmup pool, new mailboxes are warmed for 4 weeks before being added to live sequences.
- DMARC monitoring and recommendations.
- Per-mailbox send limits with adaptive throttling.
- AI-personalized message generation at every step, voice-tuned per sender.
- Suppression list management at the workspace level (unsubscribes are honored across every sequence and every sender in the account).
- Bounce-rate and complaint-rate monitoring with auto-pause if thresholds are crossed.
Bottom line
Cold email is alive and well in 2026, but only for senders who treat deliverability as a first-class concern, personalize for real, and respect the legal frame in each jurisdiction they send into. The teams winning are running multichannel sequences with AI-personalized copy on warmed mailboxes with proper DMARC policies. The teams losing are still sending templated mail-merge from an unwarmed Gmail account to a bought list of 5,000 contacts. The gap between the two patterns is roughly 6–10× in reply rate.