B2B Cold Email in Spain: The Complete Guide (2026)

Cold email isn't dead. What's dead is how most teams run it: bought lists, generic messages sent from the primary domain, and zero understanding of why messages land in spam. The result is always the same — silence — and the wrong conclusion that "cold email doesn't work in Spain".

It works. But it's a system, not a hack. There's a technical layer (whether your email gets delivered), a message layer (whether people reply), and a legal layer (whether you get fined). This guide walks through all three end to end, with the real numbers we use in production. If you run a B2B SME and depend on word of mouth or closing every deal yourself, this is what you need to build a channel that doesn't depend on you.

Prefer we tell you straight what's broken in your current outbound? Book a free diagnosis and we'll review it with you.

Technical infrastructure: domains, inboxes, and DNS

Before you think about the message, think about who delivers it. If infrastructure is set up wrong, great copy won't matter: nobody will see it.

How many domains and inboxes do you need?

You don't guess. You work backwards from your daily send target, respecting two limits:

• **Maximum 2 inboxes per domain.** More accounts on the same domain is a pattern providers associate with spam.
• **Maximum 20–30 emails per day per inbox.** That's the safe ceiling. Exceeding it is the fastest way to burn a new account.

With those limits, the math is simple. To send 200 emails per day, you need roughly 8 inboxes across 4 domains. And never, under any circumstances, use your company's primary domain: if those messages get marked as spam, you drag down the reputation of the corporate email you use with customers and suppliers. Buy secondary domains similar to your main one (for example, `yourcompany.io` → `getyourcompany.com`) and redirect them to your official site.

Which sending tools are best: Instantly, Smartlead, or Lemlist?

All three work. The difference is what they're for.

• **Instantly** — Our default stack. Integrated domain and inbox purchase, built-in warmup, and a unibox for replies. The cleanest option to launch and scale without friction.
• **Smartlead** — Shines at agency scale: unlimited inboxes, ESP matching (pairs sender and recipient by provider), and native Spintax. More powerful, slightly more technical.
• **Lemlist** — Strongest on visual personalization and multichannel (email + LinkedIn). Useful if your play relies on dynamic images or multichannel sequences, but that visual personalization clashes with the golden rule of deliverability (see below).

For 90% of SMEs, Instantly covers everything you need. Smartlead makes sense when volume or client count justifies it.

Which DNS records are mandatory (SPF, DKIM, DMARC)?

These three records are your domain's ID card. Without them, receiving servers distrust you by default and send you to spam:

• **SPF (Sender Policy Framework):** authorizes which servers can send email on behalf of your domain.
• **DKIM (DomainKeys Identified Mail):** adds a cryptographic signature proving the message is authentic and untampered.
• **DMARC (Domain-based Message Authentication):** tells the receiving server what to do with mail that fails SPF or DKIM (usually `p=quarantine`).

You configure them in your registrar's DNS panel after creating accounts in Google Workspace or Microsoft 365. Then wait 24–48 hours for propagation and verify with tools like MxToolbox or EasyDMARC. Skip this and no copy will save you.

Lead generation: how to build the list (without breaking the law)

List quality directly drives reply rate. In Europe, it also drives legal exposure. Both are decided here.

How do you build a cold email list legally in Europe?

This is the part most guides dismiss with a cheerful "yes, it's legal." Reality is more uncomfortable, and you should know it before you export a single lead (we cover it in the legal section). In practice, a defensible list meets four criteria:

• **Professional-role data only:** you contact a job function (CEO, head of procurement), not a private individual in their personal sphere.
• **Lawful, documented source:** you know where each email came from and can prove it.
• **Real relevance to your ICP:** the commercial reason is legitimate and specific to that sector.
• **Opt-out and exclusion:** you offer a way to object and screen against opt-out lists (in Spain, the Lista Robinson).

What tools exist to find B2B emails?

It depends on whether your ideal customer is digital or physical:

• **Digital business (SaaS, agencies, services):** Apollo as the main database. Filter by industry, size, role, seniority, and country, then export. For leads without email, waterfall enrichment with FullEnrich or Bettercontact searches multiple sources until it finds a match.
• **Physical business (clinics, restaurants, local firms):** Apollo falls short. A Google Maps scraper by keyword and area ("accountants in Valencia", "clinics in Seville") works better — it pulls current web, phone, and email.
• **Hunter** is solid for finding and verifying emails from a specific domain — useful for small, highly targeted lists.

How do you verify emails before sending?

Non-negotiable. Sending to invalid addresses spikes bounces, and high bounces destroy domain reputation. The process:

1. Run the full list through a verifier (MillionVerifier, NeverBounce, or similar).
2. Keep **valid** only. Remove **invalid**.
3. For **catch-all** addresses (not directly verifiable), run a second specialized tool before deciding.

Goal: the list you upload should have expected bounce below 3%.

Building and verifying lists well is tedious — where most teams quit. If you'd rather skip the learning curve, we'll set up the full system — domains, lists, campaigns, and reporting — for your business.

Copywriting: frameworks, subject lines, length, and CTA

You have infrastructure and a list. Now the message. The rule is brutal: if your email could go to anyone without changing a word, it's spam.

Which frameworks work in cold email?

Three hold up well in cold outreach:

• **Who/Why/What:** who you are in one line, why you're writing *them* (personalization), and what you propose. Our default because it forces relevance from sentence one.
• **PAS (Problem – Agitation – Solution):** name a concrete problem in their sector, agitate it slightly, offer the way out. Works when pain is obvious and shared.
• **AIDA (Attention – Interest – Desire – Action):** the classic ad formula. Usable, but tends to sound like marketing — which hurts in cold email. Use sparingly.

The framework is the skeleton, not the substance. What converts is why you're writing that specific company. And what you propose rests on a clear, irresistible offer: if the offer is muddy, no framework saves it.

Which subject line patterns get better opens?

A good subject looks like internal mail, not a campaign. Rules:

• **Short:** 3–6 words. On mobile, anything past ~40 characters gets cut.
• **No sales words:** avoid "offer", "discount", "meeting", "demo".
• **Curiosity or context, not a pitch:** "Quick question, {{name}}", "About {{company}}", "Idea for {{company}}".

How long should a cold email be?

Short. Under 120 words, ideally 50–90. Decision-makers read on mobile between meetings; if they have to scroll, they ignore it. A structure that works: short subject → personalized first line → value prop in one or two sentences → CTA. Nothing else.

How do you write a CTA that gets replies?

The most common mistake is closing with a link or "Are you interested?" (yes/no question, easy to ignore). What works:

• **One open, low-friction question:** "How are you handling this today?" or "Would it make sense if I shared how we did it with [similar company]?".
• **Soft, assumptive CTA:** don't ask for the meeting upfront; ask permission for a small next step.
• **No links in the first email:** "If it fits, tell me and I'll send details" converts better than "more info on our website".

Campaign structure: steps, intervals, and A/B testing

How many steps should the sequence have?

Fewer than you've been told. Conventional wisdom says 4–5 follow-ups; we recommend **2 emails**: the initial touch and one follow-up. Why? Long sequences fatigue the lead, multiply spam complaints, and burn domain reputation for future campaigns. Two well-crafted touches capture most of the possible reply; if there's no interest, **re-contact in 3–5 months** without having felt pushy. It's counterintuitive, but stopping protects your most valuable asset: deliverability.

What are the optimal intervals between follow-ups?

Follow-up goes **2–4 days** after the first email. Enough not to overlap, soon enough that context stays fresh. The second email doesn't repeat the first: it reinforces the benefit with a concrete data point and closes with an even easier CTA.

How do you A/B test cold email?

With one iron rule: **change only one variable per variant**. If you change subject and body together and replies go up, you don't know what worked. Our method:

• Each week, several new variants per campaign, each changing **one** element (subject, first line, CTA, or angle).
• Run different **angles** in parallel (e.g. Who/Why/What vs PAS) to find what resonates with that ICP.
• Review every Monday, kill what doesn't reply, keep what does, and iterate on the winner with small changes.

That's what we call finding *message-market fit*: the angle and message that books meetings consistently for that specific customer profile.

Deliverability: how to stay out of spam

Deliverability is the mother metric. If email doesn't reach the inbox, everything else is noise.

What reply and bounce rates are acceptable?

• **Reply rate:** 5%+ is healthy. Above 10% is excellent. Below 5%, the problem is almost always hook or CTA, not volume.
• **Bounce rate:** below 3% without exception (below 2% is better). If it rises, stop, re-validate the list, and check DNS before continuing.

How do you avoid landing in spam?

It's the sum of several decisions, not one:

• DNS configured correctly (SPF, DKIM, DMARC) and warmup completed.
• **No links or images in the first email.** Filters associate them with spam; some clients alert the recipient. Share assets in the reply.
• **Spintax** to vary words and phrases so each send is slightly different and doesn't look like a bulk template.
• Verified list to keep bounce low.
• Rotate domains if you see deliverability drops, and keep ~10 warmup emails per day permanently.

What send volume is safe at launch?

Start low and scale with accounts, not volume per account. The ramp we use:

• **Weeks 1–2:** 30 emails/day with 2 inboxes (60/day total).
• **Weeks 3–4:** 30 emails/day with 4 inboxes (120/day total).
• **Weeks 5–6:** 30 emails/day with 8 inboxes (240/day total).

Try to send 500 emails per day from a new account and you'll burn it in days. Patience here is ROI.

Is cold email legal in Spain and the EU?

Here's the unvarnished truth — where most people get it wrong. **We are not lawyers and this is not legal advice**, but the facts are public and you should know them before you launch.

Two different laws, two different questions:

• **GDPR** asks *"can I process this data?"* Article 6(1)(f) allows processing on **legitimate interest**, and Recital 47 explicitly recognizes direct marketing as a possible legitimate interest. Spain's LOPDGDD art. 19 supports processing professional contact data. So far, collecting and enriching B2B professional data is defensible.
• **Spain's LSSI** (Law 34/2002) asks *"can I send this communication?"* **Article 21 does not distinguish B2B from B2C**: it prohibits unsolicited commercial email unless exceptions apply (prior contractual relationship, similar products, clear opt-out).

The consequence — the nuance almost no guide explains: **a valid GDPR basis does not authorize sending under the LSSI**. Spain's Data Protection Agency (AEPD) has repeatedly held that unsolicited bulk promotional email is sanctionable even in B2B, and has issued fines on that basis.

That said, in practice many B2B operators rely on a more flexible reading when contacting professional roles with lawful data, specific reason, and opt-out on every send. It's a real margin, but **narrow and legally disputed**, not a clear path. Fines are not symbolic: GDPR caps at 4% of global annual turnover; the LSSI provides fines up to €150,000 for serious infringements (up to €600,000 for very serious ones).

What opt-out mechanisms are mandatory?

The LSSI requires a simple, free way to object in **every** commercial communication. In cold email, where you avoid links in the first message, this is usually a plain-text line like "if you don't want me to write again, say so and I'll remove you", honoring objections immediately. Add screening against the **Lista Robinson** and keep a suppression log.

What to measure: KPIs and benchmarks

Which KPIs actually matter?

Forget open rate. It's not only unreliable — Apple and others inflate it — but measuring it forces a pixel that **hurts deliverability**. The real metric hierarchy:

1. **Reply rate** — whether the message connects.
2. **Positive reply rate** — real interest, not "remove me from your list".
3. **Meetings booked** — the only output that pays bills.
4. **Cost per meeting** — what truly compares cold email to other channels.

Bounce rate isn't a success KPI — it's a health alarm: if it rises, stop.

What benchmarks should I use?

Reference figures for well-segmented B2B, with a caveat: industry averages have fallen. Around 8.5% in 2019; in 2026 roughly 3.4–5% per major industry datasets, given inbox saturation and tougher filters.

• **Reply rate:** 5% remains the bar for a healthy campaign above current average; top 10% exceed 10%. Below 1%, something is broken (deliverability, segmentation, or copy).
• **Bounce rate:** below 3%, ideally below 2%.
• **Warmup reply rate:** above 40% suggests the account generates real interaction.

And one data point that confirms where the battle is: most ignored cold emails are discarded for lack of relevance, not copy. You win or lose upstream — list and segmentation — before you write.

But the best benchmark isn't industry average: it's **your own campaign from last week**. Cold email is an iteration game, not absolute numbers.

Summary and next step

Five takeaways: separate infrastructure from your primary domain; warm inboxes 3–4 weeks; build verified, legally defensible lists; write short, personalized copy without links; measure replies and meetings, not opens. The rest is weekly discipline: send, review on Monday, change one variable, repeat until you find message-market fit. Cold email rarely works alone: many clients pair it with cold calling to reach the same decision-maker on two channels.

You can build this system in-house. It's also a system that costs time, tools, and a learning curve that burns domain reputation. If you'd rather someone who's already walked that curve run it for you, book a free outbound diagnosis and we'll see if working together makes sense.