- Cold email deliverability depends on infrastructure separation, gradual warmup, and disciplined volume pacing, not on clever subject lines or spintax.
- Use a dedicated sending domain (typically a lookalike or variant of your primary brand domain) to protect your main domain reputation from cold outreach risk.
- Hard limits apply: keep daily volume under 40 to 50 emails per mailbox, maintain a bounce rate below 2%, and aim for reply rates above 3% to sustain inbox placement.
- Authentication with SPF, DKIM, and DMARC is non-negotiable for cold email, especially after the 2024 Gmail and Yahoo bulk sender requirements.
- Even legitimate, well-crafted cold email is filtered aggressively. Expect to invest 4 to 6 weeks in warmup before scaling campaigns.
Cold email sits at the most difficult end of the deliverability spectrum. You are sending unsolicited messages to recipients who have no prior relationship with your brand, and every mailbox provider treats that pattern as suspicious by default. The result is that cold outreach campaigns routinely see 40 to 60% of messages filtered to spam, even when the sender is a legitimate business with a real offer.
This guide covers the technical and operational decisions that separate cold email programs that reach the inbox from those that burn out their domain reputation in weeks. The principles apply whether you are running founder-led outreach, a sales development team, or a dedicated cold email platform.
What Is Cold Email and Why Is Deliverability So Hard?
Cold email is outbound messaging to recipients who have not explicitly opted in to hear from you. In a B2B context, this typically means researched prospects at companies that match an ideal customer profile. Unlike marketing email (which requires opt-in under most jurisdictions) or transactional email (triggered by recipient actions), cold email lives in a narrow window between legitimate outreach and spam.
The difficulty is structural. Mailbox providers look at engagement signals like opens, replies, and move-to-primary-inbox actions to build sender reputation. Cold email starts from zero: no prior engagement, no prior conversations, and often no prior sending history from the domain at all. Every recipient who marks the message as spam or simply deletes it without engaging adds a negative data point to your reputation profile.
Sending Infrastructure for Cold Email
Use a Separate Sending Domain
The single most important decision you will make is to isolate cold email from your primary domain. If your brand lives at acme.com, your cold outreach should come from a variant like getacme.com, tryacme.com, or acme.io. This protects your primary domain reputation if the cold campaign goes sideways, and it gives you freedom to experiment with sending patterns without consequences for transactional or marketing mail.
Buy the domain at least 30 days before you start sending. Mailbox providers apply extra scrutiny to brand-new domains, and aging alone adds trust. Point the domain to a hosted website with real content; a parked domain signals low intent.
Dedicated Mailboxes Over Dedicated IPs
Most cold email platforms run sending through Google Workspace or Microsoft 365 mailboxes rather than dedicated IPs. This is intentional. The reputation of Google or Microsoft IPs is already elite, and you inherit that baseline. Your job shifts from IP reputation management to mailbox-level behavior: keeping bounces low, replies high, and spam complaints near zero.
Plan on one mailbox per 30 to 50 daily sends. Scaling to 500 sends per day therefore requires 10 to 15 mailboxes, each individually warmed up and authenticated. Subscription costs for those mailboxes (typically $6 to $12 per month each) are part of the real cost structure of cold email.
Authentication Requirements
Every sending mailbox needs complete email authentication. This is not optional after the February 2024 Gmail and Yahoo bulk sender enforcement, and it applies even to low-volume cold senders:
- SPF record listing the sending provider (Google or Microsoft)
- DKIM configured and verified on the sending domain
- DMARC policy published, starting at p=none with reporting enabled
- Custom tracking domain with its own CNAME configuration
Warning: Shared tracking domains (the default in most cold email tools) are heavily blacklisted. Always configure a custom tracking subdomain before your first send, or disable open and click tracking entirely.
Warming Up a Cold Email Sending Domain
Warmup is the process of gradually building sending history on a new domain and mailbox so that providers learn to trust your pattern. Skipping warmup is the most common reason cold email campaigns fail before they begin.
A typical warmup schedule looks like this:
| Week | Daily Volume Per Mailbox | Activity Mix |
|---|---|---|
| Week 1 | 5 to 10 emails | 100% warmup network only |
| Week 2 | 15 to 20 emails | 100% warmup network |
| Week 3 | 25 to 30 emails | 80% warmup, 20% real outreach |
| Week 4 | 30 to 40 emails | 60% warmup, 40% real outreach |
| Week 5+ | 40 to 50 emails | 40% warmup maintenance, 60% real outreach |
Most cold email platforms bundle an automated warmup network: mailboxes send messages to each other, reply to simulate engagement, move messages out of spam, and mark as important. This generates positive signals that providers interpret as genuine conversation patterns. Maintain warmup traffic at 40 to 50% of total volume even after you are fully scaled, because it provides a stable engagement floor when real reply rates dip.
Volume and Pacing Rules
Cold email is one of the few email categories where sending less actually helps you send more over time. Volume discipline protects the mailbox reputation that enables the volume you want to reach.
Enforce these hard limits:
- 40 to 50 emails per mailbox per day at steady state, never exceeding this even briefly
- 30 to 90 second random delays between sends from a single mailbox
- Send during business hours in the recipient time zone (8 AM to 5 PM local)
- Skip weekends unless your ideal customer profile specifically engages on weekends
- Cap campaign volume at 1,500 to 2,000 prospects per week per full-time SDR to maintain follow-up quality
Rotate sending across mailboxes for any single campaign rather than loading one mailbox with the full daily cap. If you have 10 mailboxes sending 40 emails per day, distribute the daily total of 400 sends evenly. This prevents any single mailbox from accumulating disproportionate complaint volume.
List Quality and Email Verification
Bounce rate is the single fastest way to destroy a cold email domain. Sending to an invalid address tells providers that your list was not verified, which is a near-certain marker of spam behavior. Verify every address before it hits a campaign.
Use a multi-step verification process:
- Syntax validation and MX record check
- SMTP handshake verification (does the server accept the address?)
- Catch-all and role-based address flagging (info, sales, admin)
- Risky pattern detection (disposable providers, typo domains)
Target a bounce rate below 2% per campaign. If you see bounces above 5%, pause the campaign immediately, re-verify the full list, and investigate the source. Bounce rates above 8% will trigger filtering at Gmail and Outlook within 24 to 48 hours. Run your list through a dedicated verifier rather than relying on the cold email platform built-in check, which is typically less thorough.
Content Best Practices for Cold Outreach
Cold email content has two deliverability dimensions: what keeps you out of the spam filter, and what generates replies (which then protects your reputation). Both matter.
Keep messages short. Cold emails under 100 words consistently outperform longer messages on both reply rate and inbox placement. Long messages raise spam filter suspicion and reduce the odds of actual engagement.
Avoid these spam triggers:
- Image-heavy messages (aim for plain text or minimal HTML)
- Link-heavy footers (one tracking link maximum, ideally zero)
- Attachments of any kind
- Aggressive sales language like Act Now, Limited Time, or Guaranteed
- All-caps subject lines or excessive punctuation
- Spintax that produces unnatural phrasing
Use a real, consistent from-name (your actual first and last name) and a human signature block with your title and company. Generic signatures like The Acme Team perform worse on both engagement and filtering.
Compliance Requirements for Cold Email
Cold email is legal in most jurisdictions when done correctly, but the requirements vary significantly by region. In the United States, CAN-SPAM requires an unsubscribe mechanism, a physical mailing address, accurate from and subject lines, and honoring opt-outs within 10 business days. Cold B2B email is explicitly permitted under CAN-SPAM as long as these requirements are met.
The European Union treats cold B2B outreach more strictly under GDPR and the ePrivacy Directive. Most EU countries allow unsolicited B2B outreach if there is a legitimate interest basis, the prospect is a business contact at a business address, and the message includes clear opt-out language. B2C cold email is effectively illegal in the EU.
Canada CASL is the most restrictive major framework, requiring express or implied consent for nearly all commercial email. Australia and the UK fall between these poles.
Tip: Include a plain-text opt-out line in every cold email, such as: Reply with the word unsubscribe and I will remove you immediately. This satisfies most regulatory requirements and dramatically reduces spam complaints.
Monitoring Cold Email Reputation
Cold email fails quietly. Inbox placement degrades before bounce rates spike, and reply rates collapse before any provider sends explicit feedback. Active monitoring is the only way to catch degradation before it becomes irreversible.
Check these metrics weekly:
- Reputation at Gmail via Google Postmaster Tools (domain and IP reputation)
- Microsoft SNDS data if any recipient volume is at Outlook or Hotmail
- Blacklist status across major DNSBLs using a sender reputation checker
- Inbox placement tests via seed accounts at Gmail, Outlook, and Yahoo
- Reply rate per mailbox (flag any mailbox that drops below 1%)
- Bounce rate per campaign (pause anything above 3%)
Gmail will silently filter a cold email domain for 30 days after a single complaint rate spike above 0.3%, even if your subsequent sending is clean. Recovery typically requires a full warmup restart rather than simply lowering volume.
Common Cold Email Deliverability Mistakes
After reviewing hundreds of cold email programs, the same failure patterns recur:
- Sending from the primary domain: Any reputation damage persists on the domain that also sends invoices, password resets, and customer marketing.
- Skipping or shortening warmup: We have two weeks, can we speed this up is the beginning of most failed campaigns.
- Buying lists: Purchased lists are saturated with spam traps, complainers, and invalid addresses. They cannot be salvaged through any technical means.
- Using a shared tracking domain: The open and click tracking subdomains that cold email tools provide by default are often already blacklisted.
- Ignoring bounce warnings: A 10% bounce rate is not a reason to keep sending; it is a reason to stop and fix the list.
- Measuring opens instead of replies: Open tracking is increasingly unreliable and irrelevant to deliverability. Reply rate is the signal that matters.
Frequently Asked Questions
A full warmup takes 4 to 6 weeks for a new sending domain and mailbox. Weeks 1 and 2 run warmup-network traffic only, while weeks 3 through 5 gradually introduce real outreach alongside continued warmup. Attempting to compress this schedule almost always results in spam folder placement that is difficult to reverse.
Cold email is legal in the United States under CAN-SPAM when the message includes an accurate from line, a valid physical address, and a functional unsubscribe mechanism. B2B cold email is permitted in most European countries under the legitimate interest basis of GDPR, but restrictions vary. Canada CASL is the strictest major framework and generally requires prior consent.
Send no more than 40 to 50 emails per mailbox per day for sustainable deliverability. To scale beyond that, add more mailboxes rather than increasing per-mailbox volume. A team of 10 warmed mailboxes can sustain 400 to 500 daily sends indefinitely if list quality and content discipline are maintained.
Authentication is necessary but not sufficient. The most common causes of spam placement on authenticated cold email are insufficient warmup, high bounce rates from unverified lists, a shared tracking domain, excessive daily volume, and low reply rates (below 1%). Fix each of these in order before questioning your content.
Yes. Cold outreach should never originate from the primary brand domain because any reputation damage affects transactional email, marketing email, and internal mail delivery. A separate domain (often a lookalike like getacme.com or tryacme.io) provides isolation and lets you experiment with cold sending patterns without jeopardizing critical email flows.