What are the penalties for non-compliance with anti-spam laws?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
The numbers are real and the regulators do act. Let's go country by country so you know what you're actually risking.
United States (CAN-SPAM): Up to $53,088 per violation, and each individual email can count as a separate violation. The FTC enforces this, as do state attorneys general. In practice, the biggest CAN-SPAM cases involve senders who ignored opt-out requests or used deceptive headers, not senders who forgot a mailing address once.
European Union (GDPR): Up to €20 million or 4% of global annual turnover, whichever is higher. Enforcement has been active since 2018. Meta, Google, and LinkedIn have all faced nine-figure fines. For cold email specifically, the risk centers on not having a valid lawful basis for processing the contact's data.
Canada (CASL): Up to CAD $10 million per violation for businesses. CASL is widely considered the strictest anti-spam law in the world. It requires express or implied consent before sending, not after.
Australia (Spam Act 2003): Up to AUD $2.2 million per day for ongoing violations. The Australian Communications and Media Authority (ACMA) has pursued enforcement against overseas senders who were emailing Australian addresses.
The pattern across all of them: regulators go after repeat offenders and those who ignore opt-outs, not senders who made one honest mistake. That doesn't mean the rules don't apply to you, but it does mean the best protection is a clean process, not legal gymnastics. If you're not sure whether your cold outreach is compliant, our free SOS call is a good starting point before you scale.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.