What's the Difference Between Spam and Cold Email?
"Spam" and "cold email" are often used interchangeably, but they have distinct legal definitions, different characteristics, and require different handling strategies. In 2026, the practical line between them has blurred considerably — but the distinction still matters.
The Legal Distinction
Spam (illegal unsolicited email)
Spam, in the legal sense, refers to unsolicited commercial email that violates applicable regulations. Under CAN-SPAM (US), this means email that uses deceptive headers, misleading subject lines, lacks a physical address, or doesn't provide an opt-out mechanism. Under GDPR (EU), any commercial email sent without prior consent is considered spam.
Cold email (legal but unsolicited)
Cold email is unsolicited commercial email that complies with applicable regulations. Under CAN-SPAM, a cold email is legal as long as it: identifies the sender accurately, includes a physical address, provides an opt-out mechanism, and honours opt-out requests. The sender does not need your permission to send the first message.
The Practical Experience
From the recipient's perspective, the distinction is often meaningless:
| Characteristic | Traditional Spam | AI Cold Email |
|---|---|---|
| Solicited? | No | No |
| Wanted? | No | Usually no |
| Personalised? | No | Yes (AI-generated) |
| Legal? | Usually no | Usually yes (US) |
| Easy to identify? | Yes | No |
| Caught by spam filter? | Usually | Often not |
A "legal" cold email from an AI tool that scraped your LinkedIn, generated a personalised pitch, and sent it via a warmed-up domain feels exactly like spam to the recipient. The legality doesn't make it less intrusive, less time-wasting, or less annoying.
Why the Distinction Matters
Despite the experiential similarity, the distinction matters for two practical reasons:
1. How Gmail's filter handles them
Gmail's spam filter is designed to catch illegal spam — deceptive headers, known spam domains, malicious links. Cold email that complies with CAN-SPAM passes these checks, which is why it reaches your inbox. Understanding this explains why "just use Gmail's spam filter" isn't sufficient for cold email.
2. How you should handle them
Reporting genuinely illegal spam (phishing, malware, deceptive content) to Gmail helps Google's detection systems. Reporting CAN-SPAM-compliant cold email as spam also trains your personal filter, but has less impact on Google's global models since the email isn't technically violating policies.
For cold email specifically, sender verification is more effective than spam reporting because it doesn't depend on the email being "spam" by any definition — it simply requires the sender to verify they're a real person.
The Grey Area: "Legitimate" Cold Outreach
Not all cold email is unwanted. A journalist researching a story, a conference organiser inviting a speaker, a potential customer with a genuine question — these are all "cold" emails from people you've never corresponded with. They're also emails you'd probably want to receive.
This grey area is why blanket blocking of all unknown senders is too aggressive for most people, and why sender verification (which lets genuine contacts through after a brief challenge) is a better approach than complete blocking.
Frequently Asked Questions
Should I report cold email as spam in Gmail?
If the email is genuinely unwanted, yes. Even if it's CAN-SPAM compliant, marking it as spam trains Gmail's filter for your account. For emails that are clearly deceptive or impersonating someone, use "Report phishing" for a stronger signal.
Is cold email ethical?
Opinions vary widely. The cold email industry argues it's a legitimate sales channel. Recipients increasingly view it as an invasion of attention. The ethics depend on volume (50 personalised emails is different from 50,000 AI-generated ones), relevance (targeted outreach vs mass blasting), and honesty (genuine research vs AI-faked personalisation).
Will the distinction between spam and cold email disappear?
Functionally, it's already disappearing. As AI makes all cold email look personalised and legitimate, the only meaningful distinction is whether the recipient wanted the email — which is impossible for a spam filter to determine. This is why the future of inbox protection is shifting from content analysis to sender verification.
How Do AI Cold Email Tools Work? (Behind the Scenes)
Older →Is It Safe to Give Gmail API Access to Third-Party Apps?
Ready to stop AI spam from reaching your inbox?
Captchainbox protects your Gmail from AI-generated cold email. 5-minute setup, no ongoing maintenance.
Join the waitlist