What is a cold email?

Cold email follows a six-step workflow: define an Ideal Customer Profile (ICP), build a verified lead list, configure email deliverability (SPF, DKIM, DMARC records and a warmed sending domain), write personalized messages, launch a structured follow-up sequence, and analyze performance metrics to iterate.

Deliverability is the technical foundation. Since 2024, Google and Microsoft enforce strict sender authentication requirements — missing or misconfigured DNS records cause outright rejection before a human ever sees the message. Gmail's bulk sender guidelines require spam complaint rates below 0.3%; top-performing teams target below 0.1%. Domain warm-up — gradually increasing sending volume over 2–4 weeks — is required before production sends, especially on new domains.

Content is the creative layer on top. The best cold emails are short (50–125 words achieves a 2.4x higher reply rate than emails over 200 words), open with something specific to the recipient's world rather than a generic self-introduction, make a single clear ask, and close with a low-friction call to action like "Worth a 15-minute call?" rather than "Schedule a demo with our team today." The opener is the highest-leverage line in the email — it determines whether the first few seconds convert to a full read.

Cold email is targeted and one-to-one: the sender has researched the recipient's role, company, and situation and believes there is a genuine fit. The email arrives without prior consent but is addressed to a real professional at a real business, with a documented, specific reason for outreach.

Warm email goes to contacts who have already shown intent — a website visit, a content download, a free trial sign-up, or a prior sales conversation — so the relationship has an implicit starting point. Warm outreach consistently outperforms cold on reply rates because the prospect already has some context about the sender.

Spam is neither targeted nor researched. It is sent in bulk to anyone with an accessible address, contains generic copy, and prioritizes volume over relevance. The practical difference between cold email and spam is not the absence of consent — it is the presence of research, targeting, and compliance. Legal cold email must include a clear sender identity, a physical postal address, and a working opt-out mechanism under CAN-SPAM. In 2026, AI-powered inbox filters from Google and Microsoft evaluate intent and engagement patterns, not just keyword lists — so a technically compliant cold email to a poorly matched list behaves like spam in practice, triggering suppression and reputation damage even without a legal violation.

Yes — but the definition of "working" has narrowed significantly. Generic bulk blasts to purchased lists produce reply rates below 1% and increasingly trigger inbox filtering by AI-powered spam classifiers that analyze engagement history and sender reputation, not just message content.

Targeted, personalized cold email to well-defined ICPs still produces meaningful pipeline. The Instantly 2026 Benchmark Report found that top-quartile senders achieve 5.5%+ reply rates and top-decile senders exceed 10.7% — on campaigns often running thousands of contacts per month. In focused verticals like legal services, 10% average reply rates are reported across practitioner studies (Belkins industry data).

The clearest proof of life is in the signal-based segment. Cold emails anchored to a specific, recent trigger event — a funding round, a job posting surge, a competitor mention in a press release — achieve 15–25% reply rates in practitioner data from Belkins and Martal Group. The mechanism is simple: the email arrives at the right moment with evidence that the sender did genuine homework, which is a fundamentally different experience than receiving a mass-distributed template. This is why the fastest-growing practice in B2B outbound is not higher volume — it is higher signal-to-noise ratio.

In the United States, cold email to business recipients is legal under the CAN-SPAM Act (2003), which operates on an opt-out rather than opt-in model. Senders must identify themselves accurately, avoid deceptive subject lines, include a physical postal address, and honor opt-out requests within 10 business days. Each non-compliant email carries a maximum civil penalty of $53,088, as adjusted by the FTC effective January 17, 2025.

In the European Union, B2B cold email is permissible under GDPR's "legitimate interest" basis (Article 6(1)(f), Recital 47), provided the sender can document why outreach is relevant to the recipient's professional role and conducts a Legitimate Interest Assessment (LIA). B2C cold email in the EU requires explicit opt-in consent. GDPR violations reach €20 million or 4% of global annual revenue, whichever is greater. EU member states vary — Germany is treated as consent-heavy in practice; France is more permissive for profession-relevant outreach; the UK has its own regime under the UK GDPR and PECR.

Canada's CASL is stricter: senders generally need express or implied consent before the first commercial email. Implied consent covers contacts whose email appears on a public business website in a context that reasonably suggests professional outreach. Teams sending internationally should run separate compliance reviews per jurisdiction and document their legal basis for each campaign, not once across the organization.

Subject line decisions determine whether an email is opened or deleted: 33% of recipients decide based on the subject line alone, and 69–70% report marking emails as spam primarily based on subject line phrasing (SmartLead data). Getting the subject line right is the first conversion in a cold email sequence.

The highest-performing subject lines share three traits: specificity (a number, a company name, or a real event), brevity (21–40 characters achieves the highest average open rates per SmartLead's analysis of large-scale campaigns), and relevance (trigger-event subject lines referencing a funding round or leadership change achieve 54.7% open rates — a 42.4% lift over generic openers, per Autobound data).

Personalized subject lines outperform generic ones across measured campaigns: 20.79% open rate vs. 14.96% for non-personalized emails in Snov.io's analysis of 10M+ messages. Including a specific number in the subject line can lift opens by up to 113% versus a subject without one. Questions in subject lines boost opens by 21% on average. Emojis have a measurable negative effect on open rates among VP-level and above recipients, reducing opens by roughly 8–12% in that segment (SmartLead).

Komo is an AI Revenue Engine designed to automate the research-intensive work that sits between a CRM and an inbox — signal monitoring, prospect research, draft creation, and follow-up scheduling — while keeping a human in the loop on every send that matters.

In the context of cold email, Komo monitors the buying signals most predictive of near-term purchase intent for a given ICP: funding announcements, leadership changes, hiring surges, technology adoptions, and competitor moves. When a signal fires, Komo automatically researches the prospect, pulls relevant context, and drafts a personalized first email anchored to that specific event — the approach that consistently produces 15–25% reply rates in practitioner benchmarks from Belkins and Martal Group.

The human-in-the-loop design means a sales rep reviews and approves each draft before it sends, rather than relying on fully autonomous mass dispatch. This preserves the quality bar that separates signal-based cold email from pattern-matched spam — and protects sender reputation at a time when AI inbox filters are trained to detect and suppress exactly the kind of untargeted, high-volume outreach that erodes deliverability for everyone on a shared IP range.