Cold outreach to another licensee — operator-to-operator courtesy + the actual rules

CAN-SPAM applies to every commercial email, cannabis or not. Five things it requires; none of them are hard, but the FTC penalty is up to $51,744 per email if you skip them.

1. 1**Accurate header info.** From-address has to identify the sender. No spoofing the recipient’s licensee name in the From line; no fake reply-to.
2. 2**Honest subject line.** ‘Re: our conversation last week’ when you’ve never spoken — that’s a §316.5 violation by itself, and it’s the move that gets cold-email lists nuked from regulator inboxes.
3. 3**Identify the email as commercial.** Ad / promotional intent has to be clear. We don’t need a ‘THIS IS AN ADVERTISEMENT’ banner — ‘I’m offering CannAgent to other operators’ in the body counts.
4. 4**Physical postal address.** A real one. Footer line, every cold email. CannAgent’s footers pull from the CANNAGENT_PHYSICAL_ADDRESS env var so the wrong-address-by-typo failure mode is impossible.
5. 5**Working opt-out.** A link OR a reply-mechanism the recipient can use to remove themselves from the list, no login, no fee. Honored within 10 business days.

Cannabis advertising rules govern customer-facing marketing. Cold-email between licensees usually isn’t in scope — but a few specific moves push you back into it fast.

• **B2B operator-to-operator email about a software product** — generally NOT regulated as cannabis advertising under WAC 314-55-155, OAR 845-025-8050, 1 CCR 212-3 R 6-205. The rule scope is ‘advertising of marijuana, marijuana products, or marijuana licensees to consumers.’ A licensee emailing another licensee about a POS isn’t consumer advertising.
• **An efficacy claim about cannabis** in your cold email (‘our system helps you sell more flower’ → safe; ‘our system grows your THC potency’ → not safe) — pulls you back under WSLCB advertising scope. Don’t make claims about the product even when the email is about software.
• **Discount language tied to cannabis purchases** in the body (‘reply for 20% off your bulk-flower order’) — would also fold back into advertising scope. We’re emailing about software; keep the body about software.
• **Recipient list scraped from a public WSLCB licensee directory** — fine. Public records. Doesn’t require consent under WA / OR / CO law.
• **Recipient list bought or rented from a third party** — riskier. Ask the seller for the consent record. If they can’t produce one, walk away.

Compliance is the floor. The actual operator community is small, and a poorly-written cold email gets passed around faster than a well-written one. These are the courtesy moves we use.

• **Acknowledge the cold reach.** ‘Doug here, you don’t know me but I run two licensed shops’ — that line costs you nothing and signals you’re not pretending it’s a referral. Operators have radar for fake-warm openers.
• **Cite your own license number.** Green Life Cannabis (414755) and Seattle Cannabis Co (426199) at the top of every cold email. Says: I’m operating in the same regulatory frame you are. Builds 30 seconds of trust.
• **Two questions, then stop.** Long cold emails get scrolled past. Two yes/no questions in the screener pattern (‘Are you on Dutchie? Is your bill north of $1,500/store?’) qualifies the prospect AND respects their time.
• **One clean off-ramp.** ‘Reply pass and I’m gone.’ Makes the recipient’s decision easier — they don’t have to find an unsubscribe link OR draft a polite no.
• **Never CC three people from the same shop.** Owner gets the email, GM gets the email, comptroller gets the email — that’s a panic move on your end and a turnoff on theirs. Pick one contact per shop.
• **Don’t follow up more than twice.** First email + one bump = the entire campaign. After that you’re a stalker, not a vendor.

These are the moves that turn a cold email into a complaint. We’ve seen all of them in our own inbox over the past 18 months.

• **Subject line lies.** ‘RE: your invoice’ / ‘Following up on our call’ / ‘[Action required]’ when none of that is true. Reportable under §316.5.
• **No physical address.** First thing the WSLCB-CCRS people look at when a complaint lands. Missing address = automatic strike.
• **Sending from a domain that doesn’t match your business.** ‘mailoutreach42.io’ instead of yourdispensary.com. Reads as a list-broker; deliverability tanks; some recipients report it as phishing.
• **Buying a leaked WSLCB list.** Public records are public; lists scraped from leaked employee data are not. Don’t.
• **Sending the same email seven times in two weeks.** That’s how you get on a state-blacklist that gets quietly shared between regulators. Once you’re on it, you’re effectively done with cold outreach.
• **Pretending an operator referred you.** ‘[Mutual operator] said I should reach out’ when they didn’t. The operator community is small; this gets back to them in a week.

Honest disclosure: we built the cold-outreach infrastructure for ourselves first, then offered it to other operators. Five things land out of the box.

• **Bulk-import** — paste the WSLCB licensee CSV; case-insensitive email dedup; rows tagged so the inbound demo-form leads stay separated from the cold cohort.
• **Cold-template** — operator-to-operator copy with license-number disclosure baked in; placeholders for first-name + dispensary + physical-address + opt-out token; sentinel fallback when the address env-var is unset so you can’t accidentally send a §7704-non-compliant email.
• **Working /unsubscribe page** — recipient clicks, opt-out lands as an audit row keyed to email, every future send to that address is automatically blocked.
• **Manual suppression** — when a recipient replies ‘remove me’ instead of clicking the link, paste the email into the suppression form. Same audit-row write; same enforcement.
• **Suppression enforcement** — every send goes through a JOIN against the unsubscribe table before Resend fires. Fail-closed: if the check throws, the send is skipped, not sent. The audit row records the block so you can see why no email left.