- Deliverability is infrastructure, not luck. Companies that invest in proper email setup see 60-80% open rates vs. 15-20% for those that don't.
- Never send cold outbound from your primary domain. One spam complaint can tank your entire company's email reputation.
- Domain warmup takes 14-21 days minimum. There are no shortcuts. Skip this and you'll spend months recovering.
- Authentication is non-negotiable. SPF, DKIM, and DMARC must be configured correctly on every sending domain before a single email goes out.
- Monitor daily, not monthly. Deliverability degrades silently. By the time you notice low open rates, the damage is already done.
Why Deliverability Is the #1 Outbound Killer
We've audited over 100 outbound programs. The pattern is always the same: companies invest thousands in lead lists, copywriting tools, and revenue infrastructure, then send everything from a single unwarmed domain with no authentication.
The result? 70% of their emails land in spam. They blame the copy. They blame the list. They never think to check their infrastructure.
Cold email deliverability is the foundation every outbound campaign is built on. Get it right, and a mediocre email still gets read. Get it wrong, and the best copy in the world sits unread in a spam folder.
Here's exactly how we set up deliverability infrastructure for every FlowStrata client.
What Email Authentication Records Do You Need?
Three records are non-negotiable. Think of them as your email passport. Without them, inbox providers treat your messages as suspicious.
SPF (Sender Policy Framework)
SPF tells receiving servers which IP addresses are authorized to send email on behalf of your domain.
How to set it up:
- Identify every service that sends email from your domain (your ESP, CRM, outbound tool)
- Add a single SPF record to your domain's DNS:
v=spf1 include:_spf.google.com include:sendgrid.net -all- Use
-all(hard fail), not~all(soft fail). This tells servers to reject anything not on your list
Common mistake: Multiple SPF records on the same domain. You can only have one. Merge them.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to every email you send, proving it wasn't tampered with in transit.
How to set it up:
- Generate a DKIM key pair in your email sending platform
- Add the public key as a TXT record in your DNS
- Your platform automatically signs outgoing emails with the private key
Common mistake: Using the default DKIM key from your ESP instead of a custom one for your domain.
DMARC (Domain-based Message Authentication)
DMARC tells inbox providers what to do when an email fails SPF or DKIM checks. It also sends you reports about who's sending email from your domain.
How to set it up:
- Start with a monitoring-only policy:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com- Monitor reports for 2-4 weeks to ensure legitimate emails pass
- Tighten to
p=quarantinethenp=rejectonce everything is clean
| Record | What it does | Priority |
|---|---|---|
| SPF | Authorizes sending servers | Critical - set up first |
| DKIM | Cryptographically signs emails | Critical - set up second |
| DMARC | Enforces policy on failures | Critical - set up third |
| MX | Enables receiving on the domain | Important - adds legitimacy |
| Custom tracking domain | Brands your link tracking | Important - avoids shared blacklists |
How Should You Structure Your Sending Domains?
Never send signal-based outbound from your primary domain. One spam complaint, one blacklisting, and your entire company loses the ability to send email, including to existing customers.
The Domain Architecture
For every client, we set up this structure:
- Primary domain (
company.com) - never used for cold outbound. Protected. - Sending domains (
trycompany.com,getcompany.com,meetcompany.com) - dedicated to outbound. - 3-5 sending domains per campaign for volume distribution
- 2-3 mailboxes per domain (e.g., martin@trycompany.com, hello@trycompany.com)
Domain Selection Rules
- Use variations of your brand name (not random words)
- Register
.comdomains, since other TLDs have lower trust scores - Purchase from a reputable registrar (Google Domains, Namecheap, Cloudflare)
- Set up a basic landing page on each domain that redirects to your main site (this adds legitimacy)
Volume Distribution
| Domains | Mailboxes per domain | Emails per mailbox/day | Total daily capacity | Risk level |
|---|---|---|---|---|
| 3 | 2 | 25 | 150 emails/day | Safest |
| 5 | 2 | 25 | 250 emails/day | Safe |
| 5 | 2 | 40 | 400 emails/day | Moderate |
| 5 | 3 | 40 | 600 emails/day | Higher |
Our recommendation: Keep it to 2 mailboxes per domain and cap volume at 25 emails per inbox per day. More domains spreads your risk, but cramming more mailboxes onto a single domain or pushing volume above 25 is where things break.
What Does the Warmup Process Look Like?
Domain warmup is the process of gradually building a sending reputation with inbox providers. A brand-new domain that suddenly sends 500 emails on day one will be flagged as spam immediately.
The Warmup Schedule
| Week | Daily volume | What to send |
|---|---|---|
| Week 1 | 5-10 emails/day | Manual emails to engaged contacts, colleagues, warm leads |
| Week 2 | 15-25 emails/day | Mix of warm contacts + small cold batches |
| Week 3 | 30-50 emails/day | Ramp cold volume, monitor open rates closely |
| Week 4+ | 50-80 emails/day | Full cold volume if metrics are healthy |
Warmup Rules
- Start with real conversations. Send to people who will reply. Inbox providers track engagement, and replies signal legitimacy.
- Use a warmup tool. Services like Instantly, Warmbox, or Lemwarm simulate realistic email exchanges during the warmup period.
- Monitor daily. If open rates drop below 40% at any stage, pause and investigate before continuing.
- Don't rush. We've seen companies try to compress warmup into 5 days. Every single one ended up blacklisted within a month.
How Do You Monitor Deliverability Day-to-Day?
Deliverability isn't a one-time setup. It's an ongoing process. Reputations degrade silently. Here's what we track for every client, every day:
The Daily Dashboard
- Open rate by domain - sudden drops indicate deliverability issues
- Bounce rate - must stay below 3%. Above 5% is an emergency.
- Spam complaint rate - must stay below 0.1% (Google's published threshold)
- Blacklist status - check against major blacklists (Spamhaus, Barracuda, SORBS)
- Reply rate - healthy replies improve sender reputation
Red Flags That Demand Immediate Action
ā Open rate drops below 30% on a previously healthy domain
ā Bounce rate spikes above 5% in a single day
ā You appear on any major email blacklist
ā Google Postmaster Tools shows domain reputation as "Bad"
ā Multiple recipients report your emails as spam
Tools We Use
| Tool | Purpose | Cost |
|---|---|---|
| Google Postmaster Tools | Domain reputation with Gmail | Free |
| MXToolbox | Blacklist monitoring + DNS checks | Free |
| Mail-Tester | Pre-send deliverability scoring | Free (limited) |
| GlockApps | Inbox placement testing across providers | $59/mo |
| Your ESP dashboard | Open rates, bounces, complaints | Included |
What Kills Deliverability After Setup?
Even with perfect infrastructure, these mistakes will tank your reputation:
Content Issues
- Spam trigger words in subject lines ("Free", "Act now", "Limited time")
- Too many links in the email body (stick to 1-2 max)
- Image-heavy emails with little text (use plain text or minimal formatting)
- Identical copy sent to thousands, so personalize every email
List Quality Issues
- Sending to invalid emails - verify every address before sending
- Ignoring unsubscribe requests - this generates spam complaints
- Purchasing lists from unverified vendors. These are full of spam traps.
- Not cleaning bounces - remove hard bounces immediately
Volume Issues
- Sending too much, too fast - respect your warmup ramp
- Inconsistent sending patterns - don't send 500 on Monday and 0 for the rest of the week
- Sudden volume spikes - gradually increase by 10-15% per week
The Complete Deliverability Checklist
Before launching any cold outbound campaign:
The Bottom Line
Deliverability is boring. It's DNS records, warmup schedules, and blacklist checks. Nobody wants to do it.
But in our experience, deliverability accounts for 60% of outbound success. The best copy in the world is worthless if it never reaches the inbox. Companies that treat deliverability as infrastructure, not an afterthought, consistently book 3-5x more meetings from the same volume.
Want us to audit your email deliverability? Audit your pipeline architecture and we'll run a full infrastructure check on your sending domains, authentication, and inbox placement, completely free.
Frequently Asked Questions
Depending on the blacklist, recovery takes 2-8 weeks. Some blacklists (like Spamhaus) have formal delisting processes; others remove you automatically after a cooling period. In our experience, it's often faster to retire the domain and start fresh with a new one. That's exactly why we set up 3-5 sending domains from the start.
You can, but with strict limits. Gmail allows roughly 500 emails per day, and Outlook around 300. Both will throttle or suspend your account if you hit spam thresholds. For serious outbound at scale, use a dedicated sending platform like Instantly, Smartlead, or Lemlist that manages multiple mailboxes and handles warmup automatically.
We've found that 3-4 follow-ups over 14-18 days is the sweet spot for B2B outbound. The first follow-up generates 40% of total replies. After the fourth touch, response rates drop below 1%, and you risk annoying the prospect. Space each follow-up 3-5 days apart.
Not if you set it up correctly. By using dedicated sending domains (trycompany.com instead of company.com), your primary domain's reputation stays completely isolated. This is the single most important rule in cold outbound infrastructure: never risk your primary domain.