Why is consent still relevant even when it’s not “required”?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Just because you can send an email doesn't mean it'll land anywhere useful. Legal permission and deliverability permission are two completely different things, and confusing them is one of the most common ways cold senders quietly destroy their reputation.
Here's the core issue. Mailbox providers like Gmail and Outlook don't read your legal team's notes. They watch what recipients actually do. Did they open it? Delete it without reading? Hit "report spam"? Those signals build your sender reputation, and that reputation determines whether your next email reaches the inbox at all.
Consent matters because it's a proxy for whether someone wants to hear from you. And when people want to hear from you, your numbers look completely different. Consent-based lists routinely outperform cold lists on every metric that mailbox providers care about.
The signals to watch if you're sending without explicit consent:
- Complaint rate. Gmail flags domains with complaint rates above 0.08%, and starts actively filtering at 0.3%. Even staying "under the threshold" means real people are marking your email as spam.
- Open rate. Cold emails typically see open rates of 15-25% on a good day. Warm, consent-based emails often hit 40-60% in the same industries. That gap tells you something about what recipients actually wanted.
- Spam trap hits. Sending to people who never asked to hear from you increases the odds of hitting addresses that exist purely to catch unsolicited senders. One spam trap hit can trigger a blocklisting.
- Domain age and volume ramp. New outreach domains that jump to high volume fast (without positive engagement signals) get flagged quickly, no matter how legally compliant the campaign is.
There's also the brand side of this, which gets underestimated. People who receive emails they didn't ask for don't forget. Even if they don't hit the spam button, they form an impression. If the first time someone hears from your company is an email they didn't request, you're already starting that relationship in a hole. (And if your email is genuinely cold, the hole is deeper than you might think.)
The practical takeaway is this. Legal permission is the floor. It tells you what you won't get fined for. Consent is the ceiling you should be aiming for, because it's what determines whether your email program actually works over time. Asking "is this legal?" before every send is fine. Stopping there is where senders get into trouble.
If you're running cold outreach and want to protect your main domain while you test, that's a smart instinct. You can read more about outreach domains and when they make sense. And if you want to check whether your current sending reputation already has damage, our free blocklist checker is a good first look.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.