Live Direct Marketing
HomeBlogData & Lists

A Practical Guide to Sourcing a B2B Prospect List From Zero

July 7, 2026 · 11 min read · Guide: Data & Lists

Most list-building advice describes filling a newsletter signup form, not identifying the forty companies that match your ICP and finding the right person to email at each one. Building a B2B prospect list for cold outreach is a research and verification problem before it's a volume problem — a tight list of 200 correctly-matched accounts will consistently outreply a purchased list of 5,000. This guide covers where to source firmographic and contact data, how to filter it against an ICP, and what separates a send-ready list from one that quietly tanks deliverability in a week.

Key takeaways
  • A B2B lead list for cold outreach should be judged on ICP-fit precision, not row count — a smaller correctly-matched list consistently beats a larger loosely-matched one on reply rate and deliverability.
  • Company-level firmographic data and contact-level decision-maker data are two separate sourcing problems and usually need different sources — treat them as two steps, not one pass.
  • Verified, recently-checked email addresses matter more than raw list size; a bounce rate above 3-5% starts damaging sender reputation faster than a smaller list slows a campaign down.
  • Purchased or scraped bulk lists rarely map cleanly to a specific ICP and often carry stale or role-based addresses — treat them as raw material for enrichment, not a send-ready list.
  • Building a company database in-house from structured sources gives more control over ICP accuracy than any pre-packaged list product, and it's the only way to keep provenance clear for compliance later.

Why a purchased list isn't a shortcut

The instinct when a campaign needs volume is to buy a list — a data broker sells 10,000 contacts in your target industry for a flat fee, and it feels like the fastest way to fill a pipeline. In practice, most purchased lists are built for breadth, not fit: the industry and title filters are broad categories, the data is months or years stale, and there's no way to verify how the list was compiled or whether the contacts ever consented to any form of outreach at all.

Sending to a list you didn't build yourself means sending to companies that don't match your ICP as often as they do, which shows up directly in the numbers — reply rates well under 1%, bounce rates high enough to trigger spam-folder placement for the rest of the campaign, and occasionally a recipient who reports the message as spam because nothing about it reads as researched or relevant to their business.

For targeted B2B outreach, the actual constraint is never list size — it's the number of companies that genuinely match the ICP and have a reachable decision-maker. A campaign built around 150 to 300 tightly matched accounts, sent slowly and personalized properly, will outperform a 5,000-row purchased list on every metric that determines whether the campaign is worth running again.

Sourcing company-level data: building the company database

Firmographic sourcing and contact sourcing are different jobs, and treating them as one step is where most list-building efforts go wrong. Start with the company database — the set of legal entities that match the ICP on industry, size, and geography — before worrying about who to email at each one.

Official business registries are the most reliable starting point precisely because they're not sales-oriented: national or regional company registries publish legal name, registration status, and often SIC/NAICS industry codes and incorporation date, which is enough to build a first-pass filtered list before any enrichment. From there, layered sources sharpen the picture.

Sourcing the decision-maker: contact-level data

Once the company list is filtered, the harder problem starts: finding the specific person who owns the decision, not a generic info@ inbox or a receptionist's line. Title search on LinkedIn against the company page is the most direct route — filtering by function and seniority within a known company almost always surfaces the right role, even when the exact person changes.

Company "about" or "team" pages, press releases naming department heads, and conference speaker lists are slower but often more current than a third-party contact database, especially for smaller or private companies that don't show up well in bulk data providers. Once a name and role are confirmed, email address discovery usually comes down to pattern inference (most companies use one of a handful of first.last@ formats) followed by a verification pass — never send to a guessed address without verifying it first.

Generic role-based addresses (info@, sales@, contact@) should be treated as a fallback, not a target — they get filtered by spam rules more aggressively, rarely reach an actual decision-maker, and don't support the kind of personalization that makes cold B2B outreach work in the first place.

Example

A practitioner building a list for a logistics-software ICP finds "Acme Freight Co" matches on size and industry via the registry pass, confirms via LinkedIn that the VP of Operations is the buyer for this category, infers the address as firstname.lastname@acmefreight.com based on two other verified employees at the same company, and runs it through a verification tool before adding it to the send list — rejecting it and falling back to a LinkedIn InMail approach if verification comes back as undeliverable or catch-all.

Turning raw records into an ICP-filtered list

Raw firmographic and contact data isn't a prospect list until it's been filtered against a written ICP definition — otherwise the temptation to include "close enough" companies creeps in, and list quality erodes one exception at a time. A written ICP with explicit, checkable criteria keeps that filtering consistent across however many hundreds of records get processed.

The criteria that matter most for B2B list building are usually a combination of firmographic bounds and situational signals — the former define who could plausibly buy, the latter define who's more likely to buy right now.

Verification and hygiene before the first send

A filtered list still needs a hygiene pass before it touches a sending account. Run every address through an email verification service to catch invalid, disabled, and catch-all domains — a list with a verified match rate under roughly 90% shouldn't go out yet, since the bounce volume alone will start affecting sender reputation on the account used to send it.

Cross-check the list against any existing suppression or do-not-contact records before adding new contacts, deduplicate against companies already in an active sequence, and record where each contact came from — the source and date of each record matters both for compliance (demonstrating a lawful basis for processing business contact data under GDPR, and including a working opt-out per CAN-SPAM) and for knowing which parts of the list are getting stale.

Mistakes that quietly wreck a prospect list

The most common failure is treating list-building as a one-time purchase instead of an ongoing process — contact data decays at roughly 2-3% a month as people change roles and companies, so a list built six months ago and never refreshed is already meaningfully stale by the time a new campaign launches against it.

A close second is an ICP defined too loosely to actually filter anything — "any company with a website in our industry" isn't a filter, it's a description of the entire internet, and lists built against vague criteria end up back at the purchased-list problem: broad reach, low match, poor reply rates. The fix is the same written, checkable ICP criteria described above, applied consistently rather than loosened whenever the list feels too small.

How LDM approaches building an ICP list for a campaign

In practice, the pipeline that works best mirrors the steps above rather than skipping any of them: pull a firmographic-filtered company set into a dedicated company list, enrich each record with a confirmed decision-maker contact, run the whole batch through email verification, and only then pour the verified, deduplicated set into a campaign as its own recipient list — kept separate from other campaigns so results can be attributed cleanly.

Keeping provenance on every record (which source it came from, when it was added, when it was last verified) is what makes the list defensible later and easy to refresh — instead of rebuilding from scratch every quarter, only the stale segment needs re-verification, and the ICP filter can be re-applied as criteria evolve without losing the research already done on records that still qualify.

FAQ

How big should a first B2B prospect list be?

Smaller than most people expect — 150 to 300 tightly ICP-matched accounts is a reasonable starting point for a first cold campaign, sent gradually rather than all at once. Volume should scale only after the ICP filter and verification process are proven to produce a healthy reply rate on that first batch.

Should I buy a list or build one from scratch?

Build it, or treat a purchased list strictly as raw material to re-verify and re-filter, not as send-ready. Purchased lists rarely match a specific ICP closely enough to protect reply rates or deliverability, and provenance is usually impossible to establish for compliance purposes.

How often should a prospect list be refreshed?

Re-verify email addresses at least every 3-6 months, since contact data decays at roughly 2-3% a month as people change jobs. A full re-pull against the ICP criteria once or twice a year is usually enough unless the ICP definition itself changes.

What's the minimum data needed per contact before sending?

A verified email address, confirmed name and role at a company that passes the ICP filter, and enough firmographic context to personalize the opening line credibly. Sending without at least this much turns a targeted campaign into a generic blast.

How do I find the right decision-maker without expensive paid tools?

LinkedIn's free search combined with a company's own team or about page covers most cases — filter by function and seniority against a known company, then confirm the name against the company site or a recent press mention before inferring an email address.

Is scraping company websites for contact data compliant with GDPR and CAN-SPAM?

Processing publicly available business contact data generally has a lawful basis under GDPR when used for relevant B2B outreach, but every email still needs a clear identity, a working opt-out, and (for CAN-SPAM) a physical postal address. Keep records of where each contact came from so a lawful basis can be demonstrated if asked.

Important: this is not bulk email and not spam. We run targeted outreach: every message goes to a specific representative of a specific company for a legitimate business reason, in small daily volumes, personalised to the recipient. Every email identifies the sender and includes one-click opt-out; unsubscribes and stop-lists apply to all future campaigns without exception. Companies that ask not to be contacted are excluded permanently.

Want to apply this to your outreach?

We will map it to your segment and product — before any work starts.

Talk to us