How does scrapensend work?

You describe your target audience (e.g., "25 software houses in Europe"), write instructions for the AI email, pick the tone and style, and hit Execute. scrapensend finds companies, scrapes their contact emails from real websites, generates a unique personalized email for each one, and sends them from your inbox. Setup takes about 5 minutes.

What do I need to fill in to create a campaign?

Two main things: (1) who you want to reach — a description of your target companies, and (2) what the email should say — instructions for the AI. Then you pick the tone, length, opening hook, call-to-action, and language from dropdown menus. You can also add an HTML signature and set the send interval. It takes about 5 minutes total.

Is scrapensend safe to use with my Gmail?

Yes. scrapensend uses official Google OAuth2 — we never see or store your password. Only an encrypted refresh token. Emails are sent from your actual account with natural timing intervals (3-6 minutes between each) to protect your sender reputation. You can revoke access anytime from your Google Account settings.

How personalized are the AI-generated emails?

Each email is uniquely generated. The AI reads the target company's actual website, understands their business, services, and context, and writes a message based on your instructions specifically for them. No templates, no mail merge — two companies in the same industry get completely different emails.

Where do the company emails come from?

scrapensend scrapes them from the company's own website — contact pages, footer, about pages, mailto links, even Cloudflare-obfuscated emails. These are public business emails (info@, contact@, hello@), not personal addresses. If no email is found on a website, that company is skipped.

Is cold emailing legal?

Yes. Sending B2B cold emails to publicly available business addresses is legal under GDPR (legitimate interest, Article 6(1)(f)) and CAN-SPAM Act. scrapensend only targets companies, never private individuals. Our prompt validation system blocks requests for personal data.

How much does scrapensend cost?

Three plans: Starter at $19/month (10 campaigns, 100 leads each), Pro at $39/month (40 campaigns, 200 leads each, full style controls), and Business at $79/month (unlimited campaigns, 250 leads, no branding in emails). No setup fees. Cancel anytime.

Can I control the tone and style of emails?

Yes. You can customize: objective (sales, partnership, link building, research, recruiting), opening hook (website visit, industry match, direct question, compliment), tone (casual, direct, formal, bold), length (short or standard), call-to-action (soft check, find person, offer resource, book call), and language (auto-detect, English, Polish, German, Spanish, French).

Can I preview emails before they are sent?

Yes. scrapensend has a Preview button that generates a sample email using your instructions and style settings, addressed to a fictional company. You can review the tone, content, and structure before launching the campaign.

What email providers does scrapensend support?

Currently Gmail (via OAuth2), SendGrid (via API key), and Resend (via API key). Microsoft Outlook, custom SMTP, Mailgun, and Amazon SES support is coming soon.

Can I stop a campaign after it starts?

Yes. One click on the Stop button and no more emails will be sent. You can also resume a stopped campaign later. All progress is saved.

Do I need any technical knowledge to use scrapensend?

None. If you can fill in a form and click a button, you can use scrapensend. There is no code to write, no API to configure, no CSV files to import.

Cold Email & GDPR: The Complete Legal Guide for 2026

One of the most common questions we hear from sales teams is: "Is cold email even legal?" The short answer is yes — if you do it right. The long answer involves understanding GDPR, CAN-SPAM, and several other regulations that vary by region, and implementing specific practices that keep you on the right side of the law.

This guide is not legal advice (we are a software company, not a law firm), but it is a practical walkthrough of the regulations that matter for B2B cold email in 2026, written in plain language with actionable compliance steps.

GDPR and Cold Email: The Basics

The General Data Protection Regulation (GDPR) is the EU's data protection law that took effect in May 2018. It governs how organizations collect, process, and store personal data of EU residents. Email addresses — including business email addresses — are considered personal data under GDPR.

GDPR does not ban cold email. What it requires is a lawful basis for processing personal data. Article 6 of GDPR lists six lawful bases. For B2B cold email, the relevant one is Article 6(1)(f): legitimate interest.

What Is Legitimate Interest?

Legitimate interest means you have a genuine business reason to contact someone, and that reason is balanced against the individual's rights and expectations. For B2B cold email, this typically works when:

You are contacting someone in their professional capacity about something relevant to their role
The person would reasonably expect to receive such communication given their position
You have a clear business reason for reaching out (not just "they might buy something")
The processing is necessary for your purpose and there is no less intrusive way to achieve it

Legitimate interest requires a balancing test, sometimes called a Legitimate Interest Assessment (LIA). You need to weigh your interest in sending the email against the individual's interest in not receiving it. In practice, this means:

Emailing a VP of Sales about a sales tool — likely legitimate interest. Their role directly relates to your product.
Emailing the same VP about an unrelated consumer product — weak legitimate interest. There is no professional relevance.
Emailing someone who has already opted out — no legitimate interest, period. Their explicit rejection overrides everything.

Consent Is Not Required for B2B (Usually)

A common misconception is that GDPR requires consent for all email. It does not. Consent is one of six lawful bases, and for B2B cold email, legitimate interest is generally the more appropriate basis. In fact, relying on consent for cold email creates a paradox — you would need consent before making first contact, which defeats the purpose.

That said, some EU member states have additional rules that sit on top of GDPR. Germany's UWG (Unfair Competition Act) is notably stricter about unsolicited commercial email. If you are targeting German companies, extra caution is warranted — some legal experts recommend limiting cold email to contacts where you can demonstrate a clear, specific relevance to their work.

CAN-SPAM: The US Rules

The CAN-SPAM Act applies to all commercial email sent to US recipients. Unlike GDPR, CAN-SPAM does not require a lawful basis for sending — it focuses on how you send rather than whether you can send. The requirements are:

No deceptive headers — Your "From," "To," and "Reply-To" fields must be accurate. No fake sender names or misleading domains.
No misleading subject lines — The subject must relate to the email's actual content.
Identify the message as an ad — The law requires this, though the FTC has noted that the method is flexible. Many B2B senders satisfy this through context rather than an explicit "this is an advertisement" label.
Include your physical address — A valid postal address must appear in the email. A PO box is acceptable.
Provide an opt-out mechanism — Every email must include a way for the recipient to unsubscribe.
Honor opt-outs within 10 business days — Once someone unsubscribes, you must stop emailing them promptly.

CAN-SPAM violations can result in penalties of up to $51,744 per email. The law applies per message, so sending 1,000 non-compliant emails could theoretically result in over $50 million in fines. In practice, enforcement targets egregious spammers rather than legitimate B2B outreach, but compliance is non-negotiable.

B2B vs B2C: A Critical Distinction

The legal landscape for cold email differs significantly between B2B and B2C:

B2B cold email is broadly accepted across most jurisdictions. The EU's ePrivacy Directive (which works alongside GDPR) gives member states discretion on B2B email, and most have carved out exemptions or softer rules for business-to-business communication. The rationale is that professionals expect to receive relevant business propositions as part of their work.

B2C cold email faces much stricter regulation. Most EU countries require explicit opt-in consent before sending commercial email to consumers. In the UK, the Privacy and Electronic Communications Regulations (PECR) requires prior consent for B2C email marketing. If your product targets individual consumers rather than businesses, you generally cannot cold email them in the EU or UK.

For most readers of this blog, you are doing B2B outreach — selling to businesses through their employees' work email addresses. This is the scenario where cold email, done correctly, is clearly lawful.

Canada's CASL: The Strictest Major Law

Canada's Anti-Spam Legislation (CASL) is often considered the strictest anti-spam law in the developed world. Unlike CAN-SPAM, CASL requires express or implied consent before sending commercial electronic messages.

For cold email to Canadian recipients, you need to find a basis for "implied consent." CASL recognizes implied consent in cases where the recipient's email address is conspicuously published (like on their company website) and the message is relevant to their role. However, implied consent under CASL is time-limited and the rules are complex. If Canada is a significant target market for you, get specific legal advice.

What Makes Cold Email Legal vs. Spam

Across all jurisdictions, the line between legal cold email and spam comes down to a few consistent principles:

Legal Cold Email:

Targets specific individuals based on professional relevance
References the recipient's role, company, or industry
Comes from a real person with a real business identity
Includes a clear opt-out mechanism
Honors opt-outs immediately
Sends reasonable volumes (not thousands per day from one account)
Uses accurate sender information and subject lines
Includes a physical business address

Spam:

Sends to purchased lists without relevance filtering
Uses deceptive sender names or subject lines
Has no opt-out mechanism or ignores unsubscribe requests
Sends massive volumes with no targeting
Hides the sender's identity or business information
Continues emailing people who have asked to stop

Practical Compliance Checklist

Use this checklist before launching any cold email campaign:

Data sourcing: Can you document where you got each email address? Scraping publicly available business data is generally acceptable; buying lists from shady data brokers is risky.
Relevance: Is your product or service genuinely relevant to the recipient's professional role?
Identification: Does your email clearly identify who you are and what company you represent?
Physical address: Is your business postal address included in the email?
Opt-out: Can the recipient easily unsubscribe? Is the mechanism clear and functional?
Opt-out processing: Do you have a system to process unsubscribes within 10 business days (CAN-SPAM) or "without delay" (GDPR)?
Data storage: Are you storing prospect data securely? Do you have a data retention policy?
Record keeping: Can you demonstrate your legitimate interest assessment if challenged?

How ScrapenSend Stays Compliant

ScrapenSend is built with compliance as a core feature, not an afterthought. Here is how the platform helps you stay on the right side of regulations:

Automatic unsubscribe links — Every email sent through ScrapenSend includes a one-click unsubscribe link. Opt-outs are processed instantly and synced across all campaigns.
Suppression list management — Unsubscribed contacts are automatically added to a global suppression list. They will never receive another email from your account, even if they appear in a new lead list.
Physical address injection — Your business address is automatically appended to every outgoing email.
Sending limits — Built-in daily sending limits prevent the kind of volume-based abuse that regulators look for.
Data transparency — You can export or delete any prospect's data at any time, supporting GDPR data subject rights.

What Happens If You Get It Wrong

The consequences of non-compliance range from mild to severe:

Spam complaints — Even one complaint can impact your sender reputation. Multiple complaints will get your domain blacklisted.
Domain blacklisting — If your sending domain ends up on major blacklists (Spamhaus, Barracuda), your legitimate business email will also be affected.
Regulatory fines — GDPR fines can reach up to 4% of annual global turnover or 20 million euros, whichever is higher. CAN-SPAM penalties run up to $51,744 per email.
Reputation damage — Being publicly cited for spam can damage your brand far beyond any fine.

The good news is that compliance is not difficult. It mostly comes down to treating prospects with respect: target people who would plausibly benefit from hearing from you, be honest about who you are, and stop when they ask you to stop. These are not just legal requirements — they are good business practices that also happen to improve your reply rates.

If you are setting up your outreach for the first time and want to make sure you are doing it right from day one, start with ScrapenSend's free trial. The compliance features are built in, so you can focus on writing great emails instead of worrying about regulations.