The Complete Cold Email Deliverability Guide: 18 Tactics for Perfect Inbox Placement

Master cold email deliverability with 18 proven tactics covering domain setup, email warmup, authentication, sending limits, and content optimization to achieve 60-80% open rates.

January 11, 2026 ยท 22 min read

Deliverability Cold Email Email Warmup SPF DKIM DMARC Sender Reputation

Every cold email that lands in spam is a potential customer you never reach. The difference between a 20% open rate and an 80% open rate often comes down to technical setup and sending practices that most teams overlook.

This guide consolidates 18 deliverability tactics drawn from sending millions of cold emails, managing email warmup networks, and analyzing data from thousands of campaigns. These are not theoretical best practices. They are the specific actions that determine whether your emails reach the inbox or disappear into spam folders.

The stakes are high. A single deliverability mistake can tank an entire campaign, damage your domain reputation for months, and cost your team significant pipeline. But the teams that master these fundamentals consistently achieve open rates above 60-70%, sometimes reaching 80%+.

The Foundation: Domain and Infrastructure Setup

1. Send From Secondary Domains

Never send cold emails from your primary business domain. Your official domain carries your company’s sender reputation across all communications including transactional emails, customer support, and marketing. One aggressive cold email campaign gone wrong can poison deliverability for every email your company sends.

Instead, purchase secondary domains specifically for outbound prospecting. These domains absorb any reputation risk while keeping your main domain protected.

Domain naming best practices:

  • Add prefixes or suffixes to your brand name: try-yourbrand.com, getyourbrand.com, yourbrand-mail.com
  • Keep the brand recognizable so recipients can identify you
  • Avoid including numbers in the domain (e.g., yourbrand123.com)
  • Never use exotic extensions like .website, .tech, .us, or .io for cold email

Stick with .com as your first choice. The .co extension works as a backup. These are the most trusted extensions by inbox providers, and anything unfamiliar adds friction that can trigger spam filters.

The economics work in your favor. Domains cost roughly $12-15 per year. Spreading your sending across multiple domains costs almost nothing compared to the protection it provides. If one domain gets flagged, you continue operating from others while that domain recovers.

2. Distribute Sending Across Multiple Domains

Your sender reputation is heavily domain-based. Concentrating all sending on a single domain means one deliverability problem spreads to every email address on that domain.

The risk concentration problem: If you have ten email accounts all on outreach.yourbrand.com and one account triggers spam complaints, the reputation damage affects all ten accounts. Suddenly your entire outreach operation is compromised.

The distributed approach: Instead, spread accounts across multiple domains. Three accounts on try-yourbrand.com, three on get-yourbrand.com, three on mail-yourbrand.com. If one domain has issues, only a third of your sending capacity is affected.

This architecture provides:

  • Isolation of reputation risk between domain groups
  • Redundancy if any single domain is compromised
  • Flexibility to retire problematic domains without disrupting operations

For teams running high-volume outbound, platforms like Instantly and Smartlead support unlimited email accounts precisely because distributed sending is now the standard approach.

3. Use Google Workspace or Microsoft 365 Mailboxes

The two major professional email providers own most of the business inbox market. Google Workspace and Microsoft 365 together account for the vast majority of B2B email addresses your prospects use.

Why provider matching matters: When a Google Workspace inbox receives an email from another Google Workspace account, it arrives from trusted infrastructure. Google knows the sending patterns, authentication, and reputation signals. The same applies to Microsoft 365.

Sending from custom SMTP servers, alternative providers, or exotic email setups immediately raises suspicion. These setups lack the established trust relationships that major providers have built.

What to avoid:

  • Custom SMTP servers running on your own infrastructure
  • Budget email providers without established reputations
  • Free email accounts (Gmail, Outlook.com personal accounts)
  • Any provider that is not Google Workspace or Microsoft 365 for professional cold outreach

This single decision has an outsized impact on deliverability. You can follow every other best practice perfectly, but sending from non-standard infrastructure creates a handicap that is difficult to overcome.

4. Configure SPF, DKIM, and DMARC Authentication

Email authentication protocols are no longer optional. Since February 2024, Gmail and Yahoo require SPF, DKIM, and DMARC for bulk senders. Microsoft followed in May 2025 with identical requirements. Emails failing authentication are now rejected outright rather than merely filtered to spam.

Understanding the three protocols:

  • SPF (Sender Policy Framework) defines which IP addresses and domains can send email on your behalf through a DNS TXT record
  • DKIM (DomainKeys Identified Mail) adds a cryptographic signature to messages, proving the email actually came from your domain
  • DMARC (Domain-based Message Authentication Reporting and Conformance) tells receiving servers what to do with messages that fail SPF or DKIM checks

Implementation sequence:

  1. Set up SPF and DKIM records first
  2. Add DMARC with p=none policy and reporting enabled
  3. Monitor DMARC reports for authentication failures
  4. Gradually tighten to p=quarantine then p=reject as issues are resolved

Never jump directly to p=reject without first monitoring. This could block legitimate emails from services you have not yet configured.

Tools like MailReach and Woodpecker include domain authentication audits that verify your SPF, DKIM, and DMARC records are properly configured before you start sending.

5. Set Up a Custom Tracking Domain

Every cold email platform tracks opens and clicks through tracking links. By default, these links use shared domains that all users of that platform share. This creates a critical vulnerability.

The shared domain problem: If another user on your email platform runs a spammy campaign, their activity damages the reputation of the shared tracking domain. Since your emails contain the same tracking domain, their bad behavior affects your deliverability.

Custom tracking domains solve this by using your own subdomain for tracking instead of shared infrastructure.

Setup process:

  1. Create a subdomain like click.yourdomain.com or track.yourdomain.com
  2. Add a CNAME record in your DNS pointing to your email platform
  3. Verify the subdomain in your cold email tool
  4. Ensure the tracking domain aligns with your sending domain

Best practices:

  • Use a consistent tracking domain rather than switching frequently
  • If using multiple email tools, assign unique subdomains to each
  • Allow new tracking domains time to build trust before high-volume sending

This is a mandatory step. Skipping custom tracking domain setup means you are gambling on the behavior of every other user on your platform.

Building and Maintaining Sender Reputation

6. Warm Up Every New Mailbox

A brand new email account has zero sender reputation. To inbox providers, this looks exactly like an account created for spam. Sending cold emails from an unwarm account triggers aggressive filtering.

Email warmup gradually builds positive reputation by generating authentic engagement patterns. Warmup services send and receive emails between your account and a network of real mailboxes, creating the opens, replies, and positive interactions that signal legitimate sending.

Warmup timeline:

  • Week 1: 5-10 emails per day, focus on engagement
  • Week 2: Increase to 30-50 per day
  • Week 3: Ramp to 80-100 per day
  • Week 4+: Maintain engagement while beginning live campaigns

The initial warmup phase should last a minimum of 14 days before any cold campaigns. During this period, send zero cold emails. The warmup traffic is building the foundation that your campaigns will rely on.

Warmup tools to consider:

  • MailReach operates a network of 20,000+ real inboxes for authentic engagement
  • Mailwarm provides Y Combinator-backed warmup with a 1,000+ inbox network
  • Instantly and Smartlead include built-in warmup with all plans

7. Never Stop Warming

Warmup is not a one-time setup task. Sender reputation degrades when positive engagement drops. Teams that stop warmup after initial setup often see deliverability decline over weeks.

Continuous warmup strategy:

  • Keep warmup running during active campaigns
  • Maintain warmup between campaigns when you are not sending cold emails
  • Only pause warmup if you are completely shutting down an inbox

Think of warmup as ongoing reputation maintenance rather than initial configuration. The constant stream of positive engagement signals keeps inbox providers confident that your account sends wanted mail.

MailReach specifically recommends never stopping warmup, even between outreach pushes, to avoid reputation decay.

8. Limit Sending to 100 Emails Per Day Per Account

The days of sending 200-300 emails per inbox are gone. Aggressive volume triggers spam filters and damages sender reputation quickly.

Current safe limits:

  • Maximum: 100 cold emails per day per Google Workspace or Microsoft 365 inbox
  • Conservative: 30-50 emails per day for maximum safety
  • Other providers: 50 or fewer, sometimes much lower depending on the provider

These limits exist because inbox providers track sending patterns. Accounts that suddenly blast high volumes look like compromised accounts or spam operations. Even if content is perfect, volume alone can trigger filtering.

Scaling volume safely:

Instead of pushing 200 emails from one inbox, deploy four inboxes each sending 50 emails. This achieves the same volume with dramatically lower risk. Platforms like Instantly and Smartlead offer unlimited email accounts precisely because distributed sending is the new standard.

Refer to our guide on cold email changes for 2026 for more detail on how send limits have evolved and what to expect going forward.

List Quality and Email Verification

9. Source Contacts From LinkedIn

Not all contact sources produce equal results. LinkedIn produces the highest quality contact data because:

  • Profiles are maintained by the contacts themselves
  • Professional information is more accurate and current
  • The platform actively removes fake accounts

What to avoid:

  • Purchased email lists from unknown vendors
  • Web scraping that pulls contacts without verification
  • Database exports that have not been validated recently

Purchased lists and scraped data have significantly higher rates of invalid emails, spam traps, and outdated information. These problems directly damage deliverability when emails bounce or trigger complaints.

Use tools like Apollo that maintain large verified databases, or email finders like Findymail that specialize in finding verified emails from LinkedIn profiles and company domains.

10. Always Verify Your Email List

Even when sourcing from quality data providers, email verification before sending is mandatory. Email addresses become invalid constantly as people change jobs, companies restructure, and domains expire.

What verification catches:

  • Invalid addresses that will hard bounce
  • Spam traps planted to catch indiscriminate senders
  • Disposable emails from temporary email services
  • Role-based addresses like info@ or sales@ that often have higher complaint rates
  • Syntax errors and typos that cause bounces

Most verification services classify emails into three categories: valid, invalid, and catch-all (or risky). The valid and invalid categories are straightforward. Catch-all emails require special handling.

The catch-all challenge:

Catch-all domains are configured to accept mail to any address, so verification cannot confirm whether a specific mailbox exists. Approximately 20-25% of catch-all emails will bounce when you send to them.

The dangerous pattern to avoid:

Sending all valid emails first, then switching to catch-all emails when you run out of valid addresses. This creates a spike in bounce rate that damages reputation.

The correct approach:

Mix catch-all emails throughout your list at approximately 20% of total volume. This controls bounce rate within acceptable limits and maintains consistent sender reputation.

Budget-friendly verification options like MillionVerifier offer pay-as-you-go credits at low per-email costs, making verification economical even for large lists.

11. Clean Your List Beyond Verification

Email verification catches technical problems. Manual list cleaning catches data quality issues that also impact deliverability.

What to remove:

  • Generic role-based addresses: info@, sales@, support@, admin@
  • Obvious personal email addresses: Gmail, Yahoo, Hotmail for B2B outreach
  • Duplicate entries that would receive the same email multiple times

What to fix:

  • Name typos: First and last names swapped, special characters, random capitalization
  • Company name errors: Outdated company names, incorrect formatting
  • Emoji or special characters: Remove from all data fields

These data quality issues create two problems. First, personalization fails visibly when someone receives an email with mangled data. Second, recipients who see obvious errors are more likely to report spam, which directly harms sender reputation.

Clean data is not just about professionalism. It directly impacts whether your emails reach the inbox.

Sending Strategy and Behavior

12. Spread Sending Throughout the Day and Week

Blasting all emails at once looks nothing like normal human behavior. Inbox providers detect these patterns and treat them as automated spam.

Natural sending patterns:

  • Distribute emails across business hours (typically 9 AM to 6 PM recipient time)
  • Vary the timing so emails do not all send at the exact same minute
  • Send on business days, avoiding weekend blasts
  • Avoid scheduling all emails for Monday morning when inboxes are most crowded

Every major cold email platform includes scheduling features to space sending over time. Use them. The goal is to look like a busy professional sending individual messages throughout the workday, not a system blasting a list.

13. Limit Follow-ups to Two Emails Maximum

The conventional wisdom of persistent follow-up has inverted. Data from millions of campaigns now shows that excessive follow-ups hurt rather than help.

The follow-up curve:

  • Initial email + one follow-up: Increases reply rate by approximately 60%
  • Second follow-up: Adds another 20% lift
  • Third follow-up: Reply rates start declining
  • Fourth+ follow-ups: Reply rates drop significantly while spam complaints spike

Each additional email after the second gives recipients another opportunity to report spam. Those spam complaints damage sender reputation far more than the marginal replies gained.

Optimal sequence structure:

  1. Initial email with your strongest pitch
  2. Wait 3-4 days minimum
  3. One follow-up with a genuinely different angle (not “just bumping this up”)
  4. Stop email outreach

If two emails generate no response, switch to a different channel like LinkedIn. Wait 60-90 days before trying email again with entirely different messaging.

This approach protects reputation while maintaining persistence through channel diversification rather than inbox stuffing.

Content and Formatting

Links are one of the primary triggers for content-based spam filtering. Every link in your email is analyzed for reputation, and problematic links can tank deliverability instantly.

The link problem:

  • Links to domains with poor reputation trigger filtering
  • Multiple links in a single email increase spam scores
  • URL shorteners are heavily flagged due to their use in phishing
  • Even legitimate links can cause issues if the destination domain has any reputation problems

Best practices:

  • Include one link maximum in cold emails
  • Link to your own domain with established reputation
  • Never use URL shorteners (bit.ly, tinyurl, etc.)
  • Test emails with your planned links before launching campaigns

Images create similar problems. Most spam contains images, so inbox providers treat image-heavy emails with suspicion. Cold emails should be primarily text with minimal or zero images.

15. Never Include Attachments

Attachments in cold emails are a deliverability killer. They are the primary vector for malware and phishing, so inbox providers filter them aggressively.

Why attachments fail:

  • All major email providers scan attachments for malware
  • Unknown senders with attachments trigger maximum suspicion
  • Many corporate email systems strip attachments from external senders
  • Attachment filtering bypasses content analysis and goes straight to blocking

If you need to share documents, host them on your website and link to the page. This gives recipients a safe way to access the content while avoiding attachment filtering.

16. Avoid Spam Trigger Words and Formatting

Certain words, phrases, and formatting choices trigger spam filters based on their prevalence in actual spam. The impact varies by industry and context, but some patterns consistently cause problems.

High-risk word categories:

  • Financial terms: “free,” “guarantee,” “no cost,” “limited time”
  • Health and nutrition claims
  • Get-rich-quick language
  • Urgency and scarcity triggers: “act now,” “don’t miss out”
  • Sexual or adult content terms

Formatting problems:

  • ALL CAPS in subject lines or body text
  • Excessive exclamation points!!!
  • Red or bright colored text
  • Multiple font sizes and styles in a single email
  • Unusual punctuation or spacing

Many of these elements are fine in context. The issue is that spam filters have learned to associate them with unwanted mail. Testing is the only way to know whether specific content causes problems for your audience.

Use spam testing tools like MailReach’s free spam tester to check content before launching campaigns.

Every cold email must include a working, easy-to-find unsubscribe link. This is both a legal requirement and a deliverability factor.

Why unsubscribe links matter for deliverability:

Without an unsubscribe option, recipients who want to stop receiving emails have only one recourse: marking as spam. Spam complaints devastate sender reputation far more than unsubscribe clicks.

The unsubscribe link is an escape valve. It gives recipients a way to opt out that does not damage your reputation.

What does not count:

  • “Reply ‘unsubscribe’ to stop receiving emails” - This is not a valid unsubscribe mechanism
  • Hidden or difficult-to-find links
  • Links that require multiple steps to complete
  • Broken or non-functional unsubscribe pages

The link should be visible at the bottom of every email and should complete the unsubscribe with a single click. Anything more complicated increases spam complaints.

Testing and Monitoring

18. Run Inbox Placement Tests Before and During Campaigns

You can have perfect sender reputation and still land in spam because of a single content element. Inbox placement testing reveals exactly where your emails are landing across different providers before you send to your actual list.

How inbox placement testing works:

Testing tools send your email to a list of seed addresses across Gmail, Outlook, Yahoo, and other providers. They then check whether each email landed in the inbox, promotions tab, or spam folder.

When to test:

  • Before launching any new campaign
  • After making changes to email content or templates
  • When you notice declining open rates
  • Periodically during long-running campaigns

What testing reveals:

  • Authentication failures (SPF, DKIM, DMARC issues)
  • Content elements triggering spam filters
  • Blacklist status across major databases
  • Provider-specific deliverability problems

MailReach includes 20 spam test credits with all warmup plans. Smartlead offers SmartDelivery testing as an add-on. Woodpecker includes a deliverability monitor that predicts problems before they occur.

Testing is not a one-time task. Deliverability is dynamic. Something that worked last month might trigger filtering today. Regular testing catches problems before they cost you leads.

The Deliverability Stack

Implementing these practices requires the right tools. Here is how the components fit together:

Warmup and Reputation:

Sending Infrastructure:

  • Instantly for unlimited accounts with inbox rotation
  • Smartlead for dynamic IP allocation and ESP matching
  • Woodpecker for free verification and warmup with unlimited accounts

List Verification and Sourcing:

  • Apollo for verified B2B contact database with 210M+ contacts
  • Findymail for LinkedIn-based email finding with under 5% bounce guarantee
  • MillionVerifier for budget-friendly bulk verification

Testing and Monitoring:

Implementation Checklist

Before launching your next campaign, verify these elements are in place:

Domain Setup:

  • Sending from secondary domains (not your primary business domain)
  • Using .com or .co extensions only
  • Spreading accounts across multiple domains

Technical Configuration:

  • Google Workspace or Microsoft 365 mailboxes
  • SPF, DKIM, and DMARC properly configured
  • Custom tracking domain set up and verified

Reputation Building:

  • All mailboxes warmed for 14+ days before sending
  • Warmup running continuously, not just during setup
  • Volume limited to 100 emails per day per inbox maximum

List Quality:

  • Contacts sourced from LinkedIn or verified databases
  • All emails verified before sending
  • Catch-all emails limited to 20% of list
  • Role-based and generic addresses removed

Sending Behavior:

  • Emails distributed throughout day and week
  • Maximum two follow-ups per sequence
  • Minimum three days between emails

Content:

  • Minimal links (one maximum)
  • No attachments
  • No spam trigger words or formatting
  • Visible, working unsubscribe link

Testing:

  • Inbox placement test run before launch
  • Regular testing during campaign

Have a Guide to Share?

If you've built a workflow worth documenting, we'd love to feature it.

Submit a Guide