Is Email Scraping for marketing legal?


Well the topic is about scraping mass emails and not handpicking emails, so this is a really fundamental question and for the core issue if it’s illegal or not, there is no grey area. So I see a lot of value to get a clear answer - even tho my personal opinion is that it is illegal - because there is no law that says it is illegal if beyond 1.000.000 emails. It is either 1 or 0.


Thanks Henry, I appreciate your help to the community and advice on this matter!

What about scraping emails in order to send a personalized message?

“Hey saw you have an Instagram, how are you doing?”

No solicitation?..Ethical?..Legal?


The intend is marketing, so not matter what follow up strategy you drive, it should be illegal. Risk of being caught is a different question. Maybe someone with real knowledge (probably someone that already went to court about that) will be able to contribute.


Great Point. I’m not trying to play devil’s advocate here just trying to clarify if there would be a right way…I am a law abiding citizen for life!

Hypothetical situation:

Scraping users with software for sources to follow that are public not on private with intent to build your network potentially if they decide to followback (i.e. communicate) then DMing them an offer isn’t the same as scraping their email they purposely chose to provide publicly on Instagram when they had the option again to keep it private then we can’t “poke” them with a nice friendly email with the intent of growing our network/community/friends and if they respond then we give them an offer?

Just seeing if its possible to paint a clear picture that would be ethical, etc. …


Adding to what I said above. @HenryCooper is right. This is illegal. Let’s not try to steer away from that to make us feel better. My point is that even though it’s illegal, I don’t see companies like ours getting sued. Until someone shows me otherwise, it’s not happening. The people who get sued are really spamming, sending nasty stuff. And even those people are hard to catch:

"For the most part, those lawsuits don’t win; in the past half-decade, repeat anti-spam plaintiffs have rarely won in court. A recent ruling in a case brought by Spam Arrest demonstrates just how hard it’s gotten to win anti-spam lawsuits–and why we’re not likely to see many successful anti-spam lawsuits in the future."

If you keep your emails simple, up front about what you are offering, and a clear opt out you should be able to keep going and going and going!

"Checking in to see if you would like to get on a call about my agency marketing your Instagram account? If you would like to never receive this email again, no worries. Click here!"


wait, “using false information to register for multiple email accounts or domain names”…

does that extend to creating accounts used for registering on IG and FB?!


What you can take from it is that it’s maybe smarter buying e-mails than creating them.

In general - law ist the one thing - the other thing is how it’s applyed in reality (legal practice). In other words. It does not mean everybody creating mail with wrong information is gonna be punished. Also if the law is like that.

Did not want to scare you but I think it’s nice to know.


BTW, I have been wondering on this for a while, do you think that this “ban” on cold calling/sms campaign is extended to service like what’s app too?
There may be a law gap there? it’s a social media, is not illegal to spam user on social media, is against is TOS but not illegal right?
Since whats up use phone numbers as contact details, this may be a different case from other social media but not sure.


This is not a question of legal or illegal. Its a question on whether you are a big enough target to recoup the enormous amount of capital it will require to bring a case like this against you. If you google the actual cases against spammers. They are significant retail giants who were taken to court, for one reason. Money. Either by government or a collective group of annoyed recipients.

Imagine you are called into court: you sit down in front of the judge and against your opposition. A team of legal powerhouse’s and billable rates of thousands of dollars a day (each). You are self-representing, a small business owner with no solicitor.

You hear the charges of malpractice and how you broke GDPR law. The fines will likely result in millions of dollars plus legal expenses. But your turnover is a merger 100K a year. You are asked why you did these things, and your reply is: “I am sorry… I didn’t know how to comply with the law as its so complex and I am a startup, just trying to make my way in a world dominated by retail giants…Doing whatever I can to feed my family.

You can see how this is going and lawyers/legal teams are not stupid…

They go for retail giants or conglomerates because in court the story is completely different. How Google abused their strength to only show their products to certain searches; or how the big banks used their inside knowledge of markets to manipulate it (they still do).

Are these retail giants shaking in their boots at the thought of “malpractice or GDPR” - no. They do what they have to do to win, get caught, pay the fine. Carry on.

Industry after industry - you can find examples of malpractice in all of them. But you don’t hear any stories of all the competition they put out of business, from “out business’ing everyone”.

So in conclusion: How big of a target are you? and do the potential rewards outweigh the risks?


As far as I am concerned, if the email information is public on the internet, it’s legal to scrape them.


In EU it’s not.


A lot of guesswork here. Why not hire a lawyer? He will be accountable for the information he is giving you. And law things are not like math.

You may think you know the rules but there are so many exceptions, opinions (from judges former cases) and other things like (guessing what your intention is) that do count. And in terms of law in general… I guess in Europe it is much easier to understand (we have hard coded law / roman style --> btw UK is not Europe in this regard) than the case based US system.

When you play with fire it is good to have daddy behind watching you or at least telling you how far you can go. Or be like Ikarus… enjoy the flight and hope for a steep and speedy fall that instantly breaks your neck (so you won’t have any pain at least) --> being a hero is guaranteed for sure… though there may not wait any virgins for you in the other “dimension”.


How says? In my opinion, if the data is public, everyone from anywhere can read it and mark it down. What’s the essential difference when we scrape them to our computer? I think the illegal point lays on how to use the data. (The above is my personal opinion.)


you store them


And in terms of legal issues… At least in Germany it is the underlying “intention”… Judges don’t like to get fooled no matter how much of a “smart ass” you think you are.

Have not been to court for these issues but for others cases (to enforce something). Judges are not stupid… that’s all I can say. And if there are laws to protect people and you try to violate that with a loophole they most likely do not accept you going through that loophole.

It is a different story if you can convince the judge of having had other intentions.


@Erika_Foo I suggest at least getting the official legal information for your country. there is always an easy understandable explanation of law offered by government institutions or start-up services. Thats much better than starting an internet research.

If you want to know exactly how it is you should go for a lawyer - but also a lawyer can’t explain everything - there will still remain some question marks. Especially with GDPA as it’s pretty new


How says? In my opinion, if the data is public, everyone from anywhere can read it and mark it down. What’s the essential difference when we scrape them to our computer? I think the illegal point lays on how to use the data. (The above is my personal opinion.)

This is not strictly true. By your logic, then anything in the public eye would not be copyrightable. But this is not the case. Just because it is publicly available, doesn’t mean that you can use it. But my opinion is it doesn’t always mean a case will be brought against you.


You store them as well if you mark all the email down on your notebook.


Again… It is about your intentions. As in every game… know your risks and then play with them within the limits of your comfort zone.

As a small player you will most likely not go to prison. In a likely worst case scenario they will beat on your hand a little and not cut it off like in hard core muslim countries.


That’s true. As I said previously, the illegal point lays on how to use the data you scrape on the internet.