Skip to main content

Cold Email Deliverability Guide

Deliverability — not copy, not targeting — is the single largest determinant of cold email campaign performance. Without proper infrastructure, authentication, and warm-up, roughly 46% of emails never reach the recipient’s inbox. Fully authenticated senders are up to 2.7x more likely to land in the primary inbox, which means fixing your DNS records is as much a pipeline initiative as hiring another SDR.

Why deliverability is the #1 factor in cold email success

Most teams that struggle with cold email blame copy or list quality first. They rewrite subject lines, swap CTAs, and rebuild their ICP — while half their emails sit in spam folders unseen. When agencies audit underperforming campaigns, they routinely find deliverability sitting at 50–60% inbox placement. That means 40–50% of outreach volume produces zero impressions, zero opens, and zero pipeline. The math is unforgiving. If you send 1,000 cold emails with a 50% inbox placement rate, only 500 arrive. At a 5% reply rate on delivered emails, that’s 25 replies. Improve inbox placement to 90% and you get 900 delivered, yielding 45 replies from the same list — an 80% increase in output with zero change to copy, targeting, or volume. Every percentage point of deliverability compounds directly into meetings booked.
Industry data shows mean deliverability of about 91% at a 2% bounce rate, but problems escalate rapidly above 5% hard bounces. Teams operating without proper authentication or warm-up typically land in the 50–60% range — effectively burning half their pipeline before anyone reads a word.
Deliverability breaks down into three layers: authentication (proving you are who you claim to be), reputation (building trust through consistent sending behavior), and content (avoiding the patterns spam filters flag). Most failures happen at layers one and two — the infrastructure — long before content enters the equation.

What infrastructure do you need for cold email?

Cold email infrastructure requires four non-negotiable foundations: dedicated sending domains, proper authentication records, warmed IP addresses or accounts, and monitoring systems. Skip any one of these and you are building on sand. Dedicated sending domains. Never send cold email from your primary business domain. Use secondary domains (e.g., getacme.com or acmeleads.com instead of acme.com) so that if a domain takes a reputation hit, your main corporate email remains unaffected. For volume campaigns, rotate across multiple sending domains — if one gets flagged, the others continue operating. Sending limits per account. Sending 500 emails from one inbox destroys deliverability. Sending 30 emails per day from 17 accounts protects each domain’s reputation while maintaining total throughput. Cap each sending account at 30–50 campaign emails per day and scale horizontally by adding accounts, not by increasing volume per account. Dedicated vs. shared IPs. Shared IP addresses mean your deliverability is at the mercy of other senders on that pool. One bad actor can tank the reputation for everyone. Dedicated IPs give you full control over your sender reputation, but they require proper warm-up — ISPs treat new IPs with zero history the same way a bank treats someone with no credit score. Custom tracking domains. Default tracking domains from outreach tools are shared across thousands of senders. Setting up a branded CNAME (e.g., track.getacme.com) isolates your tracking reputation from other senders and looks cleaner to spam filters.

SPF, DKIM, and DMARC explained simply

These three authentication protocols are DNS records that prove to receiving mail servers that you are authorized to send email from your domain. Google, Yahoo, and Microsoft (as of May 2025) all enforce these for bulk senders. Without them, your emails get spam-foldered or outright rejected.
Think of SPF as a guest list, DKIM as a tamper-proof seal, and DMARC as the bouncer who decides what happens when someone shows up without proper credentials.
ProtocolWhat it doesHow it worksDNS record type
SPF (Sender Policy Framework)Authorizes which servers can send email for your domainReceiving server checks the sending IP against a list of approved IPs published in your DNSTXT record at your domain root
DKIM (DomainKeys Identified Mail)Verifies email content hasn’t been altered in transitAttaches a cryptographic signature to each email; receiving server validates it against a public key in your DNSTXT record at selector._domainkey.yourdomain.com
DMARC (Domain-based Message Authentication, Reporting, and Conformance)Tells receiving servers how to handle emails that fail SPF or DKIM checksCoordinates SPF and DKIM results and enforces a policy you define (none, quarantine, or reject)TXT record at _dmarc.yourdomain.com
SPF implementation. Add a TXT record listing every service authorized to send on your behalf. Example: v=spf1 include:_spf.google.com include:sendgrid.net ~all. Keep total DNS lookups at or below 10 per RFC 7208 — exceeding this limit returns a PermError that silently breaks authentication. DKIM implementation. Generate a key pair in your email platform, publish the public key as a TXT record, and enable signing. Use a minimum 1,024-bit key; 2,048-bit is preferred for stronger security. A missing character in the p= value or unsupported key length will cause silent failures. DMARC implementation. Start with p=none (monitoring mode) to collect data on your authentication results without blocking any mail. Review DMARC aggregate reports for 2–4 weeks to identify any legitimate senders that aren’t passing SPF or DKIM. Then tighten to p=quarantine and eventually p=reject. Research from Valimail shows that 75–80% of domains with a DMARC record struggle to enforce it, usually because SPF and DKIM weren’t properly configured first.
Only 7.7% of the world’s top 1.8 million email domains use the strictest DMARC policy (p=reject). Yet authenticated senders are 2.7x more likely to reach the inbox. The gap between “technically configured” and “properly enforced” is where most deliverability problems hide.
Verification. After publishing all three records, wait 24–48 hours for DNS propagation. Then send a test email to a Gmail account, open “Show original,” and confirm you see SPF: PASS, DKIM: PASS, DMARC: PASS. Check Outlook headers for authentication results as well.

Common spam triggers and how to avoid them

Spam filters evaluate hundreds of signals. These are the ones that most frequently kill cold email campaigns: Content triggers:
  • ALL CAPS in subject lines or body text — triggers both algorithmic and human spam reports
  • Excessive punctuation (multiple exclamation marks, question marks)
  • Deceptive or clickbait subject lines that don’t match body content
  • Risky attachments (PDFs, ZIP files) in first-touch cold emails
  • HTML-heavy formatting, colored fonts, or multiple images in what should read like a plain-text conversation
  • Link-heavy emails — more than one or two links signals promotional content
Technical triggers:
  • Missing or misconfigured SPF, DKIM, or DMARC records
  • Shared tracking domains flagged by other senders’ behavior
  • Sending from a domain with no warm-up history
  • High bounce rates (above 2% total, with any hard bounces raising flags)
  • Spam complaint rates approaching 0.3% — Google’s threshold for restricting sender privileges
Behavioral triggers:
  • Sending 200+ emails per day from a single account
  • Sudden volume spikes (going from 10 emails/day to 500 overnight)
  • Low engagement rates (few opens, no replies) signaling recipients don’t want your mail
  • No unsubscribe mechanism — Google, Yahoo, and Microsoft all require RFC 8058 one-click unsubscribe headers for bulk senders
Google’s Postmaster Tools threshold is 0.3% spam complaint rate, but top-performing senders aim for 0.1% or below. Once you exceed 0.3%, Gmail mitigations become unavailable and your domain enters a recovery cycle that can take weeks. Treat 0.1% as your operational ceiling, not 0.3%.
What works instead: Keep emails between 25–100 words. One clear ask. Plain-text formatting. Dynamic personalization fields that show clear relevance to the recipient. A/B test two subject lines and two body variants per campaign, keep the winner, iterate.

Domain warm-up process and timeline

Warm-up is the process of gradually increasing sending volume on a new domain or IP to build positive sender reputation with mailbox providers. Skip it and ISPs treat your email the way a bank treats someone with no credit history — every small misstep triggers suspicion.
1

Days 1–2: Publish authentication records

Configure SPF, DKIM, and DMARC for every sending domain. Add List-Unsubscribe and List-Unsubscribe-Post headers. Verify records using Gmail Postmaster Tools. Set up a custom tracking domain CNAME and confirm it resolves correctly. Most DNS changes propagate within 24–72 hours.
2

Days 1–7: Begin warm-up sending

Start with 5–10 emails per day from each new account. Enable automated warm-up (a network that opens and replies to your messages to generate positive engagement signals). Do not send any campaign emails during this phase — warm-up traffic only. Monitor open rates and inbox placement daily.
3

Days 7–14: Ramp gradually

Increase to 10–20 emails per day. Introduce a small batch of verified contacts (import only addresses that pass email verification as “deliverable”). Target zero hard bounces and total bounces under 2%. Begin A/B testing subject lines and body copy on this small cohort.
4

Days 14–21: Scale to campaign volume

Ramp to 20–40 emails per day per account. Run automated inbox placement tests across Gmail, Outlook, and Yahoo seed accounts. If placement is at or above 80% and open rates show no sudden dips, continue increasing. If placement drops, pause and re-warm for 3–5 days before resuming.
5

Days 21–28+: Reach steady state

Settle at 30–50 campaign emails per day per account. Keep warm-up running between campaigns — a gap of more than 7 days without sends can cool your reputation. Maintain consistent daily volumes; ISPs reward predictability. Add additional sending accounts to scale total volume rather than pushing individual accounts higher.
Scorecard targets at steady state:
  • Inbox placement: 80% or higher on seed tests
  • Bounce rate: under 2% total, hard bounces near zero
  • Spam complaint rate: under 0.1% (well below Google’s 0.3% enforcement threshold)
  • Reply rate: 3–5% or higher by week three or four
Keep warm-up running even between campaigns. Email engaged contacts at least once every two weeks to maintain consistent deliverability. Domains and accounts that go dormant lose reputation, requiring another ramp-up cycle before production sends.

Monitoring and blacklist management

Deliverability is not a set-and-forget configuration. It requires continuous monitoring with automated guardrails that catch problems before they compound. Core metrics to track weekly:
  • Inbox placement rate — the percentage of emails landing in primary inbox vs. spam/promotions (target 80%+)
  • Open rate — sudden dips signal deliverability issues, not copy problems
  • Reply rate — the ultimate signal of healthy deliverability plus relevant messaging
  • Bounce rate — pause any sending account that exceeds 2% on a send
  • Spam complaint rate — monitor via Gmail Postmaster Tools; investigate any spike toward 0.1%
Inbox placement testing. Run recurring seed tests by sending to test accounts across Gmail, Outlook, and Yahoo. This tells you exactly where your emails land — primary inbox, promotions tab, spam folder, or blocked entirely. Run these tests before launching new campaigns and weekly during active sends. Blacklist monitoring. Hundreds of blacklists exist, and landing on even one can cascade into deliverability problems across providers. Automated monitoring tools check your sending IPs and domains against these lists and alert you when you’re flagged. If blacklisted, the remediation process varies by list — some require a formal delisting request, others clear automatically after the offending behavior stops. Auto-pause guardrails. Set rules to automatically pause a sending account if bounce rate exceeds 2%, spam complaint rate rises toward 0.3%, or inbox placement dips below your threshold (typically 75%). Fix the underlying issue, re-warm for 3–5 days, then resume. This prevents a single bad send from burning an entire domain’s reputation. Troubleshooting common issues:
  • High bounces: Pause sends immediately. Re-verify the contact segment. Remove recently acquired or unvalidated domains. Resume at a lower daily cap after verification passes.
  • Spam placement spike: Confirm SPF/DKIM/DMARC alignment is passing. Disable link tracking temporarily. Reduce daily caps by 50%. Re-warm the affected inbox for 3–5 days.
  • Complaint spike: Check that one-click unsubscribe headers are functioning. Refine targeting criteria. Suppress non-engagers (contacts who haven’t opened in 2+ campaigns) faster. Monitor Postmaster spam rate for 72 hours before resuming full volume.

DIY deliverability vs. managed infrastructure

The gap between knowing what to do and executing it consistently across dozens of domains and accounts is where most in-house teams break down. Here’s how the two approaches compare in practice:
What you manage yourself:
  • Purchase and configure sending domains (registrar, DNS records)
  • Set up SPF, DKIM, and DMARC for each domain manually
  • Configure and maintain custom tracking domains
  • Run warm-up sequences using a separate warm-up tool or network
  • Monitor inbox placement across providers using seed testing tools
  • Track blacklist status across hundreds of lists
  • Manually pause, diagnose, and restart accounts when issues arise
  • Maintain list hygiene with a separate email verification service
Where it breaks:
  • SPF record exceeds 10 DNS lookups and silently fails — no alert fires
  • A sending account exceeds bounce thresholds overnight and damages domain reputation before anyone notices
  • Warm-up lapses between campaigns, requiring a fresh ramp-up cycle
  • One misconfigured DKIM key causes a domain to fail authentication for days before the team spots it in DMARC reports
  • Scaling from 5 to 25 sending accounts multiplies the configuration and monitoring burden 5x
Best for: Technical teams with dedicated email operations staff who send moderate volumes (under 500 emails/day total) and have time for daily monitoring.Typical monthly cost: 200200–600 across 3–5 separate tools (warm-up service, email verification, inbox placement testing, blacklist monitoring, sending platform).
The deciding factor is usually not cost — it’s consistency. DIY works when someone owns deliverability as their primary job. It fails when it’s one of fifteen responsibilities on a marketing ops person’s plate, because the monitoring gaps and configuration drift accumulate silently until pipeline craters.

How Outbound System manages deliverability

We treat deliverability as infrastructure, not an afterthought. Every client engagement includes dedicated sending domains with full SPF, DKIM, and DMARC configuration; automated warm-up sequences before any campaign launches; continuous inbox placement monitoring across Gmail, Outlook, and Yahoo; and auto-pause guardrails that protect domain reputation from runaway bounces or complaints. This infrastructure layer is why our campaigns consistently produce the reply rates and meeting volumes our clients see — the copy and targeting matter, but only because the infrastructure ensures those emails actually arrive in primary inboxes. For a deeper look at how we build and execute cold email campaigns end to end, see our cold email service page. For context on how cold email compares to other outbound channels, read our outbound lead generation guide.

Cold Email Service

Full-service cold email including infrastructure, copy, targeting, and optimization — deliverability managed for you.

Outbound Lead Generation Guide

How cold email fits into a complete outbound system alongside LinkedIn and cold calling.

Cold Email Benchmarks

Performance benchmarks for reply rates, open rates, and meetings booked across industries and company sizes.
Ready to stop losing pipeline to deliverability problems? Book a call to see how we build and manage the infrastructure behind high-performing cold email campaigns.
The primary cause is infrastructure failure, not bad copy. Missing or misconfigured SPF, DKIM, and DMARC authentication records cause receiving servers to treat your emails as suspicious. Without these records, roughly 46% of emails fail to reach the inbox. Add in lack of domain warm-up, shared IP reputation damage, and high bounce rates from unverified lists, and most cold email programs are fighting deliverability problems they don’t even know they have.
Plan for 2–4 weeks of gradual ramp-up before production sends. Start at 5–10 emails per day and increase by roughly 10–15 per day each week, monitoring inbox placement throughout. Keep automated warm-up running continuously — even between campaigns — because a gap of more than 7 days can cool your sender reputation and require partial re-warming.
SPF authorizes which servers can send email for your domain (like a guest list). DKIM attaches a cryptographic signature to each email verifying it hasn’t been tampered with in transit (like a tamper-proof seal). DMARC coordinates the two and tells receiving servers how to handle emails that fail either check — deliver, quarantine, or reject. All three are DNS TXT records, and Google, Yahoo, and Microsoft now require them for bulk senders.
Cap each individual sending account at 30–50 campaign emails per day. Scale total volume by adding more sending accounts, not by increasing per-account volume. Sending 500 emails from a single inbox is a reliable way to trigger spam filters and damage domain reputation. Seventeen accounts sending 30 emails each achieves the same volume (510 total) while protecting every domain in the rotation.
Dedicated IPs give you full control over sender reputation — no other sender’s behavior can damage yours. They’re recommended for teams sending at significant volume (5,000+ emails per day across accounts). For smaller operations, shared IPs managed by a reputable platform can work, but your deliverability is partially dependent on other senders in the pool. Either way, the IP needs proper warm-up before production volume.
Google enforces at 0.3% — once you cross that threshold, Gmail mitigations become unavailable and recovery takes weeks. But 0.3% is the ceiling, not the target. High-performing senders maintain complaint rates at or below 0.1%. Monitor your complaint rate weekly via Gmail Postmaster Tools and investigate any upward movement immediately. The most common fix is refining targeting (you’re reaching people who aren’t a fit) and ensuring one-click unsubscribe headers function properly.
You can manage it yourself if you have a technically proficient team member who can dedicate consistent time to domain configuration, warm-up monitoring, blacklist checks, and inbox placement testing across providers. The risk is that deliverability monitoring tends to become a “check it when something breaks” task rather than a daily discipline — and by the time something visibly breaks, domain reputation damage has already compounded. Managed infrastructure services handle this as a system, which is why agencies and outsourced providers typically outperform DIY setups on deliverability metrics.