Where can you source data for cold email?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Where your cold email list comes from matters more than most people realize. Under GDPR, a vendor's compliance doesn't transfer to you. You need your own lawful basis for processing that data, regardless of what the provider's terms of service say.

Safest sources: Your own network, inbound leads that didn't convert, trade show attendees who opted in to follow-up, and published business contacts where outreach is contextually reasonable. No compliance gray areas here.

Commercial data providers: ZoomInfo, Apollo, Lusha, and Clearbit aggregate business contacts from public sources. Quality varies a lot by provider and how fresh the data is. Before committing, ask for documentation of their collection methods. Then have legal confirm it satisfies your lawful basis in the regions you're targeting.

Higher-risk sources: Scraped social media data, compiled lists from unknown vendors, data without documented provenance. CAN-SPAM has lower bars for B2B cold outreach than GDPR does, but neither law protects you when the data source is questionable.

The quick test: if you can't explain where a contact came from and why they'd recognize your company, they're not a safe cold target.

Before launching any campaign, validating your list catches addresses that'll bounce or trigger spam filters. Cheap insurance before risking your sender reputation on new data. If you want that done properly, Review My Emails cleans lists specifically for outreach ;)

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Check my cold email data sourcing

I'm building a cold email campaign and want to make sure my data sourcing is legally sound. Here are my specifics: - Regions I'm targeting: e.g. US only / UK and EU / global - Data source I'm considering: [e.g. Apollo, ZoomInfo, scraped LinkedIn, trade show list, etc.] - Legal framework applicable to my business: e.g. GDPR, CAN-SPAM, CASL, or unsure - Business type: B2B or B2C - My company's legal team involvement: yes we have one / no, need to self-assess Given all this, help me understand: is my intended data source compliant? What lawful basis applies? What documentation should I get from the provider?

Edit the yellow boxes, then send to the AI of your choice.