First Customers (GTM)

Is it legal to cold email people in India, and do I need their consent first?

A starting point

For business-to-business outreach in India there's no blanket ban on emailing a stranger, but the DPDP Act and basic decency both point the same way: be transparent, make it easy to opt out, and don't scrape and blast at scale. If you email people in the EU or send anything marketing-heavy, GDPR and CAN-SPAM style rules matter more, so include who you are and a real unsubscribe path. As a starting point, treat every cold email as if the recipient will screenshot it, and you'll stay on the right side of both the law and your reputation.

Go deeper

Hand-picked from around the web, each with a note on why it earns your time.

3 resources 3 link-checked Read Use

Read

📄 Article
✓ Link checked India Free Beginner

Why we picked it This is the India-specific legal picture from a global law firm, not a US or EU rulebook that a founder has to translate. It lays out how the DPDP Act treats consent for marketing (free, specific, informed, unambiguous, and withdrawable) and flags the TRAI Do Not Call layer that is unique to India. Treat it as a starting point for where the law is heading (most provisions land in 2027), not a green light or a verdict on any one campaign.

Electronic Marketing in India (Data Protection Laws of the World)

From DLA Piper Data Protection Laws of the World by DLA Piper

  • Under the DPDP Act, marketing consent must be a clear affirmative action and can be withdrawn as easily as it was given, so pre-ticked boxes or assumed consent do not hold.
  • India also has the TRAI National Do Not Call layer, a separate rule set from the DPDP Act that most US and EU guides never mention.
  • The DPDP marketing provisions are not fully in force yet (target mid-2027), so today is the time to build clean habits, not to assume there are no rules.
Open dlapiperdataprotection.com
📄 Article
✓ Link checked Free Beginner

Why we picked it If you email anyone outside India (US, EU, Canada), you need the cross-border basics in one place, and this guide puts CAN-SPAM, GDPR, and CASL side by side as an operational checklist rather than legal theory. It is honest that the three regimes pull in different directions: the US lets you cold email with an opt-out, the EU wants a legitimate-interest justification, and Canada wants consent before the first send. Use it as a working starting point, then get real advice before a big campaign.

GDPR, CAN-SPAM, and B2B Email List Compliance

From Instantly.ai by Hans Dekker

  • CAN-SPAM (US) lets you cold email without prior consent, but demands honest sender identity, a working opt-out honored within 10 business days, and a physical postal address.
  • GDPR (EU) usually leans on legitimate interest for B2B, which means you must be able to justify the contact and disclose where you got their data within a month.
  • CASL (Canada) is the strictest of the three: you generally need consent before the first message, so treat Canadian lists differently from US ones.
Open instantly.ai

Use

🛠️ Tool
✓ Link checked Free Beginner

Why we picked it Knowing the rules is one thing, adding a compliant opt-out and address to your emails without bugging an engineer is another, and this free generator does exactly that. You fill in your business details and it outputs table-based HTML with a working unsubscribe link, sender identity, and physical address that renders across Gmail, Outlook, and Apple Mail. It is a practical starting point for the footer, not a substitute for actually processing the unsubscribes you receive.

Email Footer Generator (CAN-SPAM and GDPR)

From Sequenzy by Sequenzy

  • Generates a copy-paste HTML footer with the required unsubscribe link, physical postal address, and sender identification, no coding needed.
  • Offers minimal, standard, and detailed layouts so the footer fits both cold outreach and full newsletters.
  • The footer only covers the visible requirement: you still have to honor opt-outs promptly and keep the unsubscribe link live for at least 30 days.
Open sequenzy.com

People also ask