Yes, you can run database reactivation yourself. This guide gives you the entire stack and every step, holding nothing back. By the end you will also see clearly why it is a five-discipline job, and exactly what it costs in tools, time and legal risk, so you can decide honestly whether to build it or hand it over. No sneering at DIY here. If you want the recipe, here it is in full.
What You're Actually Attempting
Database reactivation means working leads you already paid for, not buying new ones. The people in your CRM raised their hand once. The acquisition cost is already sunk, which is why the prize is real: you are recovering value that is just sitting there, not spending fresh money to find it.
Every business with a CRM has a version of the same asset going stale. Mortgage brokers with hundreds of enquiries that never got a quote. Solar installers sitting on a spreadsheet of homeowners who asked for prices and heard nothing since. B2B firms with contacts from webinars and trade shows that went nowhere. The instinct is to go find more leads. The cheaper win is to work the ones you already own.
If you want the full explainer on what a reactivation campaign is and the response rates to expect, read our companion piece on how database reactivation works. And before you do anything else, go size your own database with the free dead database calculator. If the number it gives you is small, DIY may not be worth the setup. If it is large, keep reading.
The Honest Reality Check: Five Disciplines, Not One
DIY database reactivation is not one task. It is five separate jobs stitched together: data engineering, UK compliance, deliverability infrastructure, AI conversation design, and live sales follow-up. Any one of them done badly sinks the whole campaign, no matter how good the other four are.
This is the part most people underestimate. The idea sounds simple: text your old leads. The execution touches five different skill sets, and they rarely live in one person. A brilliant copywriter with no deliverability knowledge will land every message in spam. A great data engineer who skips the compliance step can expose the business to a fine. Here is the honest breakdown of what you are signing up for.
| Discipline | What it involves |
|---|---|
| 1. Data engineering | Exporting the CRM, deduping, verifying emails, validating phone numbers, structuring consent flags. |
| 2. UK compliance | Lawful basis under UK GDPR, the PECR soft opt-in, TPS and CTPS screening, retention limits, opt-outs. |
| 3. Deliverability infrastructure | Separate sending domains, SPF, DKIM, DMARC, mailbox warmup, SMS platforms, inbound numbers. |
| 4. AI conversation design | The sequence, the copy, and a reliable two-way agent that qualifies, respects STOP, and books slots. |
| 5. Live sales follow-up | Fast human handoff on positive replies, booking, and closing the revived conversations. |
Read that table again and be honest about which of the five you can genuinely cover. If the answer is four, the fifth is the one that will sink you. The rest of this guide walks through each step in order.
Step 1: Get Your Data Out and Clean It
Export your CRM, then clean it before you touch anything else. A raw export is full of duplicates, badly formatted phone numbers, dead email addresses and missing consent flags. Sending to a dirty list wastes money and wrecks your deliverability from day one.
Every CRM export is messier than you expect. The same person appears three times. Phone numbers are stored in five different formats, some with the country code, some without, some with spaces. A chunk of the email addresses have bounced or belong to people who left their company years ago. And almost nowhere is there a clean flag telling you whether the contact actually consented to marketing. Fix all of this first.
Deduplication. OpenRefine is free and excellent for clustering near-duplicate records. Dedupely runs from around $19 a month and plugs into common CRMs. If you are on a small list you can fuzzy-match in Google Sheets with formulas. Whatever you use, dedupe before you verify, so you are not paying to verify the same email twice.
Email verification. This removes dead addresses before they generate bounces that flag you as a spammer. MillionVerifier is around $0.0005 per email and its credits do not expire. ZeroBounce and NeverBounce sit around $0.004 to $0.008 per email. Bouncer is similar. Any of them will do the job. (Prices at the time of writing, always check current rates.)
Phone validation. Twilio Lookup does a basic format check for free, and line-type intelligence (mobile vs landline vs VoIP) for around $0.008 per lookup. Knowing which numbers are mobiles matters, because you can only send SMS to mobiles, and texting a landline is wasted money. (Prices at the time of writing, always check current rates.)
| Job | Tool options | Rough cost |
|---|---|---|
| Deduplication | OpenRefine, Dedupely, fuzzy-match in Sheets | Free, or from ~$19/mo |
| Email verification | MillionVerifier, ZeroBounce, NeverBounce, Bouncer | ~$0.0005 to $0.008 per email |
| Phone validation | Twilio Lookup | Free format check, ~$0.008 per line-type lookup |
All prices above are approximate and at the time of writing. Always check current rates before you build a budget on them.
Step 2: The Compliance Minefield (UK)
This is general information, not legal advice. Verify your specific situation with the ICO and a data-protection specialist before you send anything. UK reactivation lives or dies on two rulebooks: UK GDPR (which needs a lawful basis) and PECR (which governs electronic marketing). Get this step wrong and it is the most expensive mistake in the whole process.
This is the section people skip, and it is the one that can actually hurt you. Read it slowly. None of what follows is legal advice, it is a plain-English map of the rules so you know what to check with a specialist.
You need a lawful basis, and consent is not always optional. UK GDPR requires a lawful basis to process personal data. For electronic marketing, where PECR requires consent, you cannot fall back on "legitimate interests" to get around it. If PECR says you need consent for that message, you need consent. That is the trap that catches people who think "legitimate interests" is a universal skeleton key. It is not.
The PECR soft opt-in for email and SMS. There is a narrow exception that lets you email or text without fresh consent, called the soft opt-in. It has three exact conditions, and you need all three:
(a) you got the person's details during a sale, or during negotiations for a sale, of your product or service; and
(b) you are marketing your OWN similar products or services; and
(c) you gave them a simple way to opt out when you first collected the details, and in every message you have sent since.
The trap that sinks most DIY reactivation. Look hard at condition (a). The soft opt-in needs a sale, or genuine negotiations for a sale. Now think about a typical "dormant database". A large chunk of it is people who only ENQUIRED and never bought. They asked a question, got a brochure, went quiet. There was no sale and arguably no negotiation for one. For those people, the soft opt-in likely does not apply, which means you would need consent to email or text them at all. This is the single biggest legal mistake DIY reactivation makes: treating a list of old enquiries as if the soft opt-in covers it. Often it does not. You can read the ICO's guidance on electronic mail marketing and the soft opt-in and check your own situation against it.
Phone calls are their own rulebook. If you plan to phone anyone, you must screen your call list against the Telephone Preference Service (TPS), and the Corporate TPS (CTPS) for business numbers, as well as your own do-not-call list. You cannot make live marketing calls to numbers registered with the TPS or CTPS without specific consent. And automated or recorded marketing calls, which is what an AI-voice broadcast is, need SPECIFIC prior consent from the person. That makes an AI-voice blast the single most restricted channel of all. Do not assume it is the easy option just because it is automated. The ICO's guidance on telephone marketing, the TPS and automated calls sets this out.
SMS mechanics. Every marketing text must carry a simple opt-out, in practice "Reply STOP". And there is a technical catch that trips people up: UK alphanumeric sender IDs (where the message shows your brand name instead of a number) are one-way only. Recipients cannot reply to them. So if you want to receive replies, and you legally must be able to receive STOPs, you have to buy an inbound virtual number and send from that.
Retention. There is no fixed legal expiry date on data, but the ICO's line is clear enough: you must not keep personal data for longer than you need it. Data you have held too long is unlikely to have a lawful basis to be processed, and very old cold enquiries are the weakest ground of all. A three-year-old enquiry from someone who never bought is exactly the kind of record that gets a campaign into trouble. The ICO's storage limitation guidance explains the principle.
The stakes just multiplied. As of February 2026, under the Data (Use and Access) Act 2025, PECR fines are aligned with UK GDPR at up to £17.5 million or 4% of global annual turnover. That is a roughly 35x jump on the old £500,000 cap. Getting reactivation wrong is now materially more expensive than it used to be, which is exactly why the compliance step is not optional and not something to eyeball.
Step 3: Segment Before You Send
Do not send one message to the whole list. Segment first, because different leads have different lawful bases, different response likelihoods, and need different angles. The first cut is always compliance: strip opt-outs and anyone with no lawful basis before you do anything else.
Segmentation is where the strategy actually lives. A blast to everyone is both illegal for some of the list and ineffective for the rest. Cut the database along these lines:
Consent and opt-out status, first. Before any other segmentation, remove anyone who has opted out and anyone with no lawful basis to be contacted. This is not a nice-to-have. It is the gate everything else passes through. Get this wrong and the fine risk from the section above becomes real.
Recency tiers. Split by age: 0 to 6 months, 6 to 12 months, 12 to 24 months, and 24 months or older. Older means a weaker lawful basis and a lower response rate. The freshest tier is your best ground on both counts.
Original source. An inbound enquiry is not the same as a referral, and neither is the same as a bought list. Bought lists usually have no lawful basis for reactivation at all, so exclude them. The people who found you and reached out themselves are your strongest segment.
Enquiry or deal value. A high-value lost deal deserves a human picking up the phone, not an automated blast. Segment your biggest lost opportunities out and handle them personally.
Reason lost or stage reached. "Quoted then went cold" needs a different message from "no-showed a call", which needs a different message from "price objection", "timing was wrong", or "chose a competitor". Each of these is a different conversation. Writing one generic message for all of them wastes the best insight you have.
Step 4: Write the Sequence and the AI Copy Layer
A good reactivation sequence is not one message. It is a re-introduction, then a value follow-up, then the highest-responding message of all: asking why they did not proceed last time. LLMs are genuinely good at drafting these variants. Just remember that drafting the copy is the easy 20% of the job.
Here is what a well-built sequence looks like:
Message 1, the re-intro. Acknowledge the previous contact, explain why you are reaching out now, and offer one specific low-friction next step. No pitch. One clear question.
Message 2, the value or angle follow-up. A different angle on the same ask. Often a specific piece of information (current rates, a capacity note, a service update) that makes the timing feel relevant rather than random.
Message 3, the highest-responding message. Instead of asking if they are ready, ask why they did not proceed last time. This gets the highest response rate of anything in the sequence, because it is the first message that asks something real rather than pitching.
Later touches, conditional. Only contacts who engaged with earlier messages get later touchpoints. Interested leads get a booking link, quiet leads get a final polite opt-out message, and anyone who says stop exits cleanly.
Where the LLM helps, and where it does not. ChatGPT and Claude are genuinely good at drafting sequence variants, writing subject lines, matching your tone, and summarising incoming replies. Use them for that. But be honest about the limits. An LLM does not know your real offer or your actual prices, so it will invent them if you let it. It will also happily write a non-compliant SMS with no STOP line, because it does not know about PECR unless you make it. Drafting the copy is the easy 20% of database reactivation. The other 80% is everything around it.
Step 5: Build the Sending Infrastructure (Where DIY Quietly Breaks)
Never blast a big dormant list from your main domain. You risk spam complaints, blacklisting, and torching the deliverability of your normal business email. Set up a separate domain or subdomain, authenticate it properly, and warm the mailboxes for two to four weeks before you send at volume.
This is the step that quietly kills DIY campaigns. Everything looks fine, the messages send, and then nobody replies, because everything landed in spam. Deliverability is an infrastructure problem, not a copy problem.
Email. Do not send a big cold or dormant list from your main business domain. If it triggers spam complaints or a blacklist, you take down your everyday business email with it. Instead, register a separate domain or subdomain purely for reactivation, configure SPF, DKIM and DMARC correctly, and warm the mailboxes for two to four weeks by ramping volume slowly before you push real numbers through. Sequencing platforms like Instantly (from around $30 a month) or Smartlead (from around $39 a month) handle the sequences and include warmup, but you still pay separately for the domains, the mailboxes, and email verification. (Prices at the time of writing, always check current rates.)
The Google and Yahoo bulk-sender rules. Since February 2024, if you send 5,000 or more messages a day to Gmail addresses, you must authenticate with SPF and DKIM, publish a DMARC record, offer one-click unsubscribe, and keep your spam complaint rate under 0.3%. Break these and Gmail simply stops delivering your mail to inboxes. Yahoo has equivalent requirements. This is not optional guidance, it is the price of reaching the inbox at all.
SMS. UK platforms include Twilio (around £0.037 per UK SMS), ClickSend, TextMagic and BulkSMS. Buy an inbound UK number (around £1 to £2 a month) so you can receive replies and STOPs. Remember the rule from the compliance section: UK alphanumeric sender IDs are one-way, so you cannot receive replies through them, which is exactly why the inbound number is not optional. (Prices at the time of writing, always check current rates.)
Step 6: The Two-Way Conversation Engine (the Genuinely Hard Part)
This is where the "AI" in AI reactivation actually lives, and where DIY teams under-scope the most. A reliable two-way agent that qualifies interest, handles objections, does not hallucinate your prices, respects STOP, and books a real slot is a proper build. It is not a config toggle.
Drafting the copy is easy. Building an agent that can hold a real conversation with hundreds of people at once, without embarrassing you, is the hard single component of the entire project. And the failure modes here are not typos. They are trust and compliance problems: the bot double-books a slot, promises something that is not true, quotes a price you do not offer, or messages someone who already opted out. Any one of those is worse than sending nothing.
Your options range along a spectrum:
Work the replies manually. Perfectly fine at small volume, and honestly the safest starting point. A human reads every reply and responds. It just does not scale. Once you are handling hundreds of conversations, it collapses.
All-in-one tools with conversation bots. Platforms like GoHighLevel (from around $97 a month plus usage) bundle a CRM, sequences and a basic conversation bot. Cheaper than bespoke, but the bot is only as reliable as you configure it, and configuring it to be genuinely safe is real work. (Prices at the time of writing, always check current rates.)
Bespoke conversational-AI SMS agents. Purpose-built platforms like Regal.ai sit at the enterprise, quote-based end. These are the reliable version, and they cost accordingly.
Be honest with yourself here. The reliable two-way engine is the hardest single component of DIY reactivation, and it is the one teams consistently under-scope. If you cannot build or buy a conversation layer you actually trust to respect a STOP and never invent a price, you are not ready to send at volume.
Step 7: Booking, Handoff and Measurement
A positive reply is worthless if it goes cold before a human picks it up. Route interested replies to a person fast, put a booking link in front of them, and measure the funnel in order so you know where it leaks.
Scheduling. Calendly and Cal.com both have free tiers, with paid plans up to around $16 per user a month. Put a booking link in the hands of every lead the AI qualifies, so interested people can book themselves without waiting on a human to reply. (Prices at the time of writing, always check current rates.)
Fast human handoff. The moment a reply is genuinely positive, a person needs to be on it quickly. Warm intent goes cold fast. This is the live sales follow-up discipline from the five-discipline table, and skimping on it wastes everything the earlier steps built.
The metrics that matter, in funnel order: delivery rate, reply rate, positive-reply rate, booked-call rate, show rate, and finally closed or revived revenue and your overall revival rate. Measure them in that order, because a problem shows up at the earliest broken stage. If your delivery rate is low, nothing downstream matters until you fix it.
And two compliance metrics you must watch: your opt-out and STOP rate, and your spam-complaint rate. That second one must stay under the 0.3% Gmail threshold or you lose inbox placement. These are not vanity numbers. They are early warnings that something in your list or your messaging is wrong.
The Honest Tally: What DIY Really Costs
A sensible minimal DIY stack runs roughly £120 to £450 or more per month, dominated by SMS volume. But the bigger cost is time and skills: several weeks of setup, and a job that needs data, compliance, copywriting, deliverability and sales ability all at once.
Here is a realistic monthly stack, adding up the minimum you actually need to run this properly:
| Component | Rough monthly cost |
|---|---|
| Email verification | ~£5 to £30 (usage-based) |
| Cold-email sender + extra domains/mailboxes | ~£30 to £90 |
| SMS platform + inbound number + per-message | ~£40 to £250+ (volume-driven) |
| Scheduler | Free to ~£13 |
| Optional all-in-one / CRM with bot | ~£75+ |
| Optional dedupe tool | Free to ~£15 |
That lands on a realistic range of roughly £120 to £450 or more per month, and the SMS volume is what pushes it up. A small campaign sits near the bottom. A high-volume SMS-led campaign sits well above the top. All figures are approximate and at the time of writing.
The skills it really needs. Data and ops to clean the list. Compliance awareness to keep you legal. Copywriting to make the sequence work. Deliverability and technical setup so the messages arrive. And live sales follow-up to close the revived conversations. That is rarely one person. It is why the five-discipline framing matters: you are not buying a tool, you are assembling a small team's worth of capability.
The realistic timeline. Domain warmup alone is two to four weeks before you can safely send at volume. Data prep and compliance mapping take days to weeks depending on how messy your CRM is. And running it is ongoing: daily reply-handling, list hygiene, deliverability monitoring, and TPS re-screening. This is not a fire-and-forget project. It is a process you keep feeding.
So, Should You Build It or Hand It Over?
The idea is simple: text your old leads. The execution spans data engineering, UK privacy law with newly-multiplied fines, email and SMS deliverability, reliable AI conversation, and live sales follow-up. Whether you build it or hand it over comes down to whether those five skills exist in-house and whether you have the weeks to set it up.
If you have all five skills available and the four to six weeks to build the infrastructure properly, this guide is your blueprint. Go and use it. Everything you need is above, in order, with the tools and the compliance rules laid out. That is genuinely all of it. We are not holding back a secret step.
If you would rather skip the four to six week build and the compliance exposure, that is exactly what Levity does. We run the whole thing end-to-end, and you pay per booked meeting, not per message sent, which puts the deliverability and legal burden on us instead of you. If you are weighing up providers, our rundown of the best database reactivation agencies in the UK is a fair place to start, and the database reactivation service page explains exactly how we run it.
Frequently Asked Questions
Can I do database reactivation myself?
Yes, you can run database reactivation yourself, and this guide gives you the entire stack to do it. The catch is that it is really five jobs stitched together: data engineering, UK compliance, email and SMS deliverability, AI conversation design, and live sales follow-up. Any one done badly sinks the campaign, so DIY makes sense if you have those skills in-house and the weeks to build the infrastructure properly.
What tools do I need to reactivate my database?
At minimum you need a dedupe tool (OpenRefine is free), an email verifier (MillionVerifier, ZeroBounce or Bouncer), a phone validator (Twilio Lookup), a cold-email sequencer with mailbox warmup (Instantly or Smartlead), extra sending domains and mailboxes, an SMS platform with an inbound UK number (Twilio, ClickSend or BulkSMS), a scheduler (Calendly or Cal.com), and something to handle two-way replies reliably. You also need a way to screen call lists against the TPS and CTPS if you plan to phone anyone. Prices change, so always check current rates before you commit.
Is it legal to email or text old leads in the UK?
It can be, but only if you have a lawful basis under UK GDPR and you meet the PECR rules for electronic marketing. For email and SMS, PECR usually requires consent unless the PECR soft opt-in applies. This is general information, not legal advice, so verify your specific situation with the ICO and a data-protection specialist before you send anything. Getting it wrong is materially more expensive now that PECR fines are aligned with UK GDPR.
Can I text or email people who enquired but never bought?
Often not without consent, and this is the single biggest legal mistake DIY reactivation makes. The PECR soft opt-in only applies where you obtained the details during a sale or negotiations for a sale of your product. A large chunk of a typical dormant database is people who only enquired and never bought or negotiated, so the soft opt-in likely does not cover them and you would need consent to email or text them. Old cold enquiries are the weakest ground of all.
How much does DIY database reactivation cost?
A sensible minimal DIY stack runs roughly £120 to £450 or more per month, dominated by SMS volume. That covers email verification, a cold-email sender with extra domains and mailboxes, an SMS platform with an inbound number and per-message costs, a scheduler, and optional dedupe or all-in-one tooling. The bigger cost is time: several weeks of setup, including 2 to 4 weeks of domain warmup before you can safely send volume, plus ongoing daily reply-handling and list hygiene. Prices change, so check current rates.
How long does it take to set up a reactivation campaign?
Realistically four to six weeks before you can safely send at volume. Domain warmup alone takes 2 to 4 weeks, and data preparation plus compliance mapping take days to weeks depending on how messy your CRM is. Once live, it is not fire-and-forget: you have ongoing daily reply-handling, list hygiene, deliverability monitoring, and TPS re-screening for as long as the campaign runs.
Can I just use ChatGPT to reactivate my database?
ChatGPT and Claude are genuinely good at drafting sequence variants, subject lines, tone-matching and summarising replies, but drafting the copy is the easy 20% of the job. An LLM does not know your real offer or prices, and it will happily write a non-compliant SMS with no STOP line. It cannot clean your data, warm your domains, screen against the TPS, or run a reliable two-way conversation that respects opt-outs and books real slots. Those are the hard parts, and a chatbot on its own does not solve them.
Should I do database reactivation in-house or hire an agency?
Build it in-house if you have data, compliance, deliverability, copywriting and live sales skills available and the weeks to set up the infrastructure properly. Hand it over if you would rather skip the four to six week build and the compliance exposure. A specialist agency runs the whole stack for you and typically charges per booked meeting rather than per message sent, which removes the setup risk and puts the deliverability and legal burden on them.
Rather Skip the Six-Week Build?
Levity runs AI database reactivation end-to-end: the data cleaning, the UK compliance, the deliverability setup, the AI conversation layer, and the live handoff. You skip the whole build and the legal exposure, and you pay per booked meeting, not per message sent.
Rees Calder is the founder of Levity, an AI-powered lead generation agency. He builds AI reactivation and outbound systems for B2B clients across the UK. This DIY guide is the same playbook Levity runs for clients, written out in full so you can decide whether to build it or hand it over.