Is Email Scraping for marketing legal?


I see video after video touting this method for building lists rapidly. But my understanding that unsolicited emails are illegal.

Is it that the email addresses are publicly listed that makes this a legal strategy? or is it that those pushing the method are doing so at their own risk?


It is illegal. Easiest way to fuck you would be the act against unfair competition.

Yes they do it at their own risk and most of them do not understand the risks and where those are coming from.


Depends on what country you’re in. If they offer a contact form on their website, I believe it falls into sort of a gray area. If you’re getting their email elsewhere and contacting them without consent, it’s highly illegal. At least in the US.


interesting, have never done this but had no idea this was illegal. I wonder what constitutes consent under the law. Like if they voluntarily give you their email address but under a different pretext


I get emails from Indian companies on a daily basis. It’s super annoying. Don’t know the law there and I have a contact form on my personal website so that’s how they’re doing it. It’s weird though, they definitely don’t handpick or even filter results. My personal website is my graphic design portfolio, yet I still get emails from companies offering to do what I do better than them lmao.


It depends on where you are in the world. Parts of europe it is illegal other parts have a lot of restrictions.

North America it is legal.

The one thing to keep in mind is email is weird in the sense the laws apply not only where you send from but where you send to. Meaning with me being in Canada I can email businesses in North America at public addresses with no issue. If I email a German business I could get into a lot of trouble

Granted I’d probably have to do a lot for Germany to notice or care BUT most North american laws include a clause stating we have to comply with the receiving country as well so if it gets noticed I could get in a lot of hot water.

That’s not true at all. In the US if the email is publically posted consent is generally implied. US actually has one of the loosest SPAM laws in the world. Initial contact still needs to follow some rules like an unsubscribe link, mailing address & not being fraudulent with identity.

Contact forms are indeed the safest though no matter where you are in the world.

US regulations on cold emailing


I think the risk to get into big trouble is still quite low though - because they would have to proof every e-mail you did send. If someone doesn´t like your spam and sues you he probably only got one e-mail which won´t get you into a lot of trouble.


The only solution I found to “use” scrapped emails is to create LAL audiences with facebook.

It can be a powerful and free tool if you know how to scrape niche emails.


It works differently. Most countries have a government agency where you can report spam. If they receive 1 complaint they will do nothing. But if they receive many they will take action and bring you to court. Of course it is difficult if the company sending the emails is not a real company and is based in India.


This was the exact usage i was pondering. But wont the emails be rather off target? Like if you scrape “make money online”, you are likely to get a bunch of addresses for vendors amd would be gurus. That would make the LAL less targeted right?


Yes of course these addresses will not really be very targeted. I still find it quite difficult these days to create more targeted LALs than just facebook interests.


If you send an email manually to a prospective customer then it’s no issue, that’s called sales!

If you add the scraped email address to a mailing list and mass mail them then that’s illegal.

I can only speak for Europe though.

The email address is available in the public domain so I see no issue with using it for a database to cross reference with social media accounts. That sounds like a nice workaround. If you only have an address and no personal data then you are probably even GDPR compliant!

Disclaimer: I am not a lawyer and could be completely wrong. :blush:


Okay, I dont know exactly how it is in every country but in Germany for example if you get an E-Mail you don´t want by a german you can sue them for money - but the amount you get is really low like 140€.


That doesn’t make a lot of sense tbh. You are saying that you can send any e-mail to every adress you can find as long as you do it manual and that it becomes illegal once you start automating it.


If you want to contact people for sales reasons you have to get their permission for contacting them for sales reasons first. This has nothing to do with GDPR. (Austria) It depends on the reason why you contact them.

1 example what GDPR changed: You are not even allowed to have the persons data (adress, e-mail) if you don’t have their permission. You must inform them what you gonna use the data for and give them the option to delete and make sure data is safe and do lot of other GDPA stuff… (the same thing what you do with homepage visitors)


i get all this, but someone show me case after case for people sending out unsolicited emails? And I’m not talking about the huge ring that just got clipped for sending out hundreds of millions, I’m talking about people like us. No offense, but your small growth operation is safe doing this even though it’s illegal. I’d be more worried about getting your domains blacklisted and not paying attention to that.


Not quite, it has to be relevant and a direct targeted email to the recipient.
That’s a cold call/email and as long as you give the recipient the option to opt out then you are good.
Useful article -


Just my 2 cents from research a while back. In UK, where I live (and most Europe with the exception of Germany and other stricter countries) you’re allowed to contact non personal business emails. So info@, hello@ are all good. Not sara@ or john@.

However if its a bigger company with 3-5+ employees you can always get away saying you called and asked who to talk to. Been given @johns email. You’ll be fine. Just need to keep a record of this, for example hubspot CRM is gdpr friendly, which allows to track all of this. So you’re always safe.

Obviously automating hundreds of emails is more difficult and you won’t be able to provide those details if asked.

But generally speaking, as long as your email is conversational, there’s an ‘opt out’ button, people 99% won’t go as far as to report you. Just don’t be annoying, don’t send more than 3 emails in a span of 2 weeks.

Lastly, business require risk taking. This is one of those risks.

I’ve personally never ever heard anyone get in trouble for emailing other companies. It’s mostly a scare for others.


No man, the blog literally says that you need someone’s permission. Giving them the option to opt out doesnt make any sense if they have never opted into anything.

Be careful with this kind of stuff, people are getting massive fines for it


The blog suggests getting the permission with a mail which is not meant to sale. But in fact it’s meant to prepare to sale. Could work. Judge has to decide that.