Cold Email Deliverability Checklist 2026: The Complete Technical Setup Guide

Email deliverability is the foundation of every cold email campaign. You can write the most compelling, perfectly personalized email in the world, but if it lands in spam, it's invisible. In 2026, with Google and Microsoft tightening their spam filters and enforcing stricter sender requirements, getting the technical setup right is more critical than ever.

This checklist covers every technical step from purchasing domains to monitoring deliverability in production. Follow it exactly, and you'll have a sending infrastructure that consistently reaches the primary inbox. For the full infrastructure setup including cost breakdowns at every scale, see our cold email infrastructure setup guide.

Phase 1: Domain Selection and Purchase

Never send cold emails from your primary business domain. A deliverability issue on your cold outreach domain should never affect your main business communications. Here's how to set up your sending domains correctly.

• Buy secondary domains that look related to your main brand. If your company is acme.com, purchase variations like acmeoutreach.com, getacme.com, tryacme.com, or acmehq.com. Avoid domains that look spammy or unrelated. The goal is that a recipient who Googles the domain sees something credible.
• Use .com TLDs whenever possible. While .io, .co, and other TLDs work, .com domains have the highest inherent trust with email providers. In deliverability tests, .com domains consistently see 5-10% better inbox placement than alternative TLDs for cold outreach.
• Purchase from reputable registrars. Namecheap, Cloudflare, and Google Domains are reliable options. Avoid bulk domain sellers that may have reputation issues. Cloudflare Registrar is especially good because it charges at-cost pricing and has clean infrastructure.
• Buy 3-5 domains to start. This gives you enough mailboxes for meaningful volume while keeping costs manageable. Plan $10-$15 per domain per year. At 3 mailboxes per domain and 30 emails per mailbox per day, 5 domains = 450 cold emails per day — enough to book 5-15 calls per week depending on your targeting and copy.
• Set up a basic website on each domain. A simple landing page with your company information improves domain credibility. Email providers check if sending domains have a legitimate web presence. A one-page site built in Carrd or on a basic Next.js template takes 30 minutes and meaningfully improves domain trust scores. Include your company name, a brief description, a contact email, and a physical address or at minimum a city/state.
• Age your domains before sending. Ideally, purchase domains 4-6 weeks before you plan to start cold outreach. Newer domains under 30 days old are scrutinized more heavily. If you're in a rush, 14 days is the absolute minimum — but expect lower initial inbox placement.

Phase 2: DNS Record Configuration

DNS records tell email providers that your domain is authorized to send email and that messages haven't been tampered with. Getting these wrong is the number one cause of deliverability issues. When you send a test email through mail-tester.com, DNS failures alone can drop your score from 10/10 to 4/10.

SPF (Sender Policy Framework):

• SPF tells receiving servers which IP addresses and services are authorized to send email on behalf of your domain. Without it, servers have no way to verify your identity and will treat your emails as suspicious.
• Add a TXT record to your domain's DNS with the SPF value provided by your email provider. For Google Workspace: v=spf1 include:_spf.google.com ~all
• If using multiple sending services (e.g. Google Workspace plus a sending tool's SMTP), include all of them in one SPF record. You can only have one SPF record per domain. Example combining Google and Instantly: v=spf1 include:_spf.google.com include:spf.instantlyai.com ~all
• Use ~all (soft fail) rather than -all (hard fail) to avoid blocking legitimate emails during setup. Once you've confirmed all your sending sources are covered, you can tighten to -all.
• SPF has a lookup limit of 10 DNS queries. If you add too many include: statements, you'll hit the limit and SPF will start failing silently. Use a tool like dmarcian SPF Surveyor to count your lookups before publishing.

DKIM (DomainKeys Identified Mail):

• DKIM adds a cryptographic signature to every email you send, proving it came from your domain and wasn't modified in transit. Gmail and Microsoft both weight DKIM heavily in their reputation algorithms.
• Your email provider generates a DKIM key pair. You publish the public key as a TXT or CNAME record in your DNS. The private key stays on the mail server and signs each outgoing message.
• For Google Workspace: Go to Admin Console → Apps → Google Workspace → Gmail → Authenticate email. Generate a 2048-bit key (not 1024-bit — longer keys have higher trust). Google gives you the DNS record value to paste into your registrar.
• Each sending service (Google Workspace, Instantly, Smartlead) will have its own DKIM selector and record to add. They use different selectors so they don't conflict — you'll add multiple DKIM records, one per service.
• Verify DKIM is working using MXToolbox's DKIM lookup tool or send a test email to mail-tester.com and check the DKIM result before sending any cold emails. It typically takes 24-48 hours for DNS changes to propagate fully.

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

• DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. Without DMARC, even perfect SPF and DKIM provide less deliverability benefit because DMARC alignment is what triggers Google's "authenticated sender" trust signals.
• Start with a monitoring-only policy: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. This records failures without blocking anything, so you can see if any legitimate mail is misconfigured before enforcing policy.
• After monitoring for 2-4 weeks and confirming no legitimate emails are failing authentication, move to p=quarantine (sends failures to spam), then eventually p=reject (blocks failures entirely). Moving to reject signals to providers that you're a serious, well-managed sender.
• The rua email address receives aggregate XML reports about your email authentication from every major receiver. These are hard to read raw — use a free DMARC report parser like dmarcian or Google Admin Toolbox to parse them. Review weekly to catch misconfigured services.
• Add a pct tag to roll out enforcement gradually: p=quarantine; pct=10 applies the policy to only 10% of failing messages at first, letting you catch edge cases before full enforcement.

Phase 3: Mailbox Setup

Your mailboxes are where emails are sent from. The setup directly impacts deliverability and the volume you can safely send. Don't treat this as a formality — the details here matter.

• Use Google Workspace or Microsoft 365. These providers have the highest reputation with receiving servers because recipients trust senders on the same infrastructure they use themselves. Google Workspace costs $7.20/user/month. Microsoft 365 Business Basic costs $6/user/month. Free Gmail and Outlook accounts are not suitable for cold outreach — they get flagged faster and have lower sending limits.
• Create 3-5 mailboxes per domain. For example: john@acmeoutreach.com, sarah@acmeoutreach.com, mike@acmeoutreach.com. Use real-sounding first/last name combinations — not generic addresses like sales@, info@, or hello@. Spam filters weight sender address patterns, and named addresses have better deliverability than generic ones.
• Match sender names to real people on your team. The best setup is to use names of actual people at your company who are willing to have replies routed to them or a shared inbox. This means if a prospect Googles the sender's name and company, they find a real LinkedIn profile — which increases reply rates and prevents spam reports from suspicious prospects.
• Set up display names and signatures. Each mailbox should have a professional display name (First Last) and a simple 3-4 line email signature: name, title, company name, and company URL. No images, no phone numbers formatted as graphics, no legal disclaimers 200 words long. Keep it clean.
• Enable 2FA on all accounts. This prevents unauthorized access and adds a trust signal to email providers. Google and Microsoft track security posture as part of sender reputation.
• Configure forwarding or a unified inbox for replies. Set up forwarding or connect all mailboxes to your CRM or sending tool's reply tracking so you don't miss replies across multiple mailboxes. Unanswered replies hurt engagement metrics. Tools like Instantly and Smartlead handle this natively — all replies surface in one place.
• Enable IMAP and configure properly. Most cold email tools connect via IMAP/SMTP. In Google Workspace, go to Gmail settings → Forwarding and POP/IMAP → Enable IMAP. In Microsoft 365, IMAP is enabled by default but confirm it's not restricted at the admin level.

Phase 4: Email Warm-Up

New mailboxes have zero sending reputation. Email providers track every mailbox's history: how often emails are opened, replied to, marked as spam, or moved from spam to inbox. A brand-new mailbox with no history is treated as high-risk. Warm-up builds reputation gradually by simulating natural email activity before you start cold outreach. Skipping warm-up is the fastest way to land in spam from day one.

• Start warm-up immediately after DNS setup and mailbox creation. Use a warm-up tool like Instantly's built-in warmer, Warmup Inbox, Mailreach, or Lemwarm. These tools send and receive emails between a network of real accounts, open them, reply to them, and move them out of spam — all signals that tell providers your mailbox sends wanted email.
• Minimum warm-up timelines: 14 days before sending any cold emails. 21 days is safer. 30 days is ideal for the best initial reputation. For domains that will carry your highest-value campaigns, warm up for 45 days. The extra two weeks of patience translates to months of better deliverability.
• Warm-up volume ramp: Week 1: 5-10 emails/day. Week 2: 15-20 emails/day. Week 3: 25-35 emails/day. Week 4+: 40-50 emails/day. The tool manages this ramp automatically — don't try to speed it up manually.
• Continue warm-up alongside cold sending permanently. This is the mistake most people make: they stop warm-up once they start sending cold emails. Keep 20-30 warm-up emails running per mailbox every day, even while you're sending cold outreach at full volume. The warm-up counterbalances the neutral or negative engagement signals from cold emails that get ignored.
• Monitor warm-up health before launching. Most warm-up tools show an inbox placement score (the percentage of warm-up emails landing in inbox vs. spam). You should see 90%+ inbox placement before starting cold outreach. If you're below 80%, investigate: check DNS records again, verify DMARC alignment, and confirm the mailbox isn't on any blacklists. For a detailed warm-up strategy, see our email domain warm-up guide.
• What to do if warm-up scores plateau or drop: First, check if your SPF/DKIM/DMARC are all passing correctly. Second, verify the domain isn't on a blacklist (MXToolbox blacklist check). Third, confirm your mailbox isn't sending warm-up AND cold emails beyond the daily limit. If scores drop below 70%, stop all sending and run warm-up only for 7-10 days before resuming.

Phase 5: Sending Configuration

How you configure your sending directly impacts whether emails reach the inbox. These settings are non-negotiable for good deliverability in 2026 when Google's spam filters are more aggressive than they've ever been.

• Daily sending limits per mailbox: 30-50 cold emails maximum. This is not a suggestion. Exceeding this consistently triggers spam filters. The math: with 15 mailboxes across 5 domains, you can send 450-750 cold emails per day. That's enough to book a full pipeline without overloading any mailbox. Many senders who push to 80-100 emails/mailbox/day see initial performance, then a hard deliverability cliff 4-6 weeks later.
• Sending schedule aligned to recipient timezones. Send during business hours: 8am-5pm in the recipient's timezone. Emails sent at 3am local time have lower open rates and generate more "this is spam" mental associations even when opened. Most sending tools offer timezone-aware scheduling — use it.
• Random delays between sends. Set a minimum 60-120 second random delay between individual email sends from the same mailbox. A delay of exactly 90 seconds between every email looks robotic — use a range like 60-180 seconds. Instantly and Smartlead both support this natively.
• Inbox rotation across all mailboxes. Your sending tool should automatically distribute sends across all connected mailboxes rather than exhausting one at a time. This is called inbox rotation. If you have 15 mailboxes and are sending 500 emails per day, rotation ensures each mailbox handles approximately 33 emails — well under the safe limit.
• Custom tracking domain for opens and clicks. By default, most sending tools use a shared tracking domain (e.g. trk.instantlyai.com) for open tracking pixels and link redirects. The problem: thousands of other senders share this domain, including bad actors. Set up a custom tracking subdomain like trk.yourdomain.com. This involves adding a CNAME record in your DNS pointing to the tool's tracking infrastructure. Every major cold email tool supports this.
• Consider disabling open tracking for high-value campaigns. Open tracking works by embedding a 1x1 pixel image. Gmail's image proxy caches images, making open data unreliable anyway. More importantly, images in emails (even tiny tracking pixels) slightly hurt deliverability. For campaigns targeting C-level at enterprise accounts, turn off open tracking and focus on reply rates instead.

Phase 6: Content Best Practices for Deliverability

Your email content directly affects deliverability. Spam filters don't just check technical headers — they read your email body, analyze link patterns, evaluate HTML structure, and compare your content to known spam templates. Here's how to write emails that pass.

• Keep emails short: 50-120 words is the sweet spot. Long emails trigger spam filters and get lower engagement, which further hurts deliverability. A 400-word cold email also reads like a pitch deck and gets deleted. Your goal is to start a conversation, not close a deal in one email.
• Minimize links: one maximum, ideally none in email 1. Every link is a potential spam signal, especially if it redirects through tracking infrastructure. In the first email of a sequence, consider using zero links and just asking a question. Include a link in your signature (company website) — that's enough. Save your calendar link for after someone expresses interest.
• Avoid spam trigger words. The classics: "free," "guarantee," "act now," "limited time," "click here," "no obligation," "earn money," "amazing opportunity." But also watch for less obvious patterns: excessive capitalization, multiple exclamation marks, and price-forward subject lines like "Save 50%" all score negatively. Write like a real person emailing a real person.
• No images in cold emails — full stop. Images dramatically increase spam likelihood, increase email file size, add tracking pixel flags, and often don't render in preview panes. There is no good reason to include an image in a cold email. Logos, headshots, banner images — all of it belongs on your website, not in cold outreach.
• Plain text only, no HTML formatting. Bold text, colored fonts, HTML tables, and styled buttons all signal "marketing email." Cold emails that reach the inbox look like they came from someone's personal inbox — because they should. Use only natural line breaks for formatting. No bullet points, no headers, no colored text. For tips on making your email copy compelling while staying deliverable, see our guide on AI cold email personalization at scale.
• Vary email content across mailboxes and campaigns. Sending the exact same email template to thousands of people from different mailboxes creates a detectable content fingerprint. Spin your templates — use variations of your opening line, subject line, and CTA. Most sending tools support spintax ({Hi|Hello|Hey} {first name}). Use it.
• Include a soft unsubscribe option. A simple line like "PS — Let me know if you'd prefer I don't follow up" satisfies CAN-SPAM requirements, reduces spam complaints (people opt out instead of clicking spam), and actually builds goodwill. It's a better alternative to a formal unsubscribe link for cold email.

Phase 7: Bounce and Complaint Management

Bounces and spam complaints are the fastest way to destroy sender reputation. If your reply rate is low even with good deliverability, see our guide on why cold email reply rates are low and how to fix them. A bounce rate above 3% or a complaint rate above 0.1% can trigger Google and Microsoft to throttle or block your sending domain within days. Proactive management is non-negotiable.

• Verify all email addresses before sending — no exceptions. Use an email verification service (ZeroBounce, NeverBounce, or Millionverifier) to remove invalid addresses from every prospect list before uploading it to your sending tool. Target a less than 2% bounce rate. Above 3% is dangerous. Above 5% will get your mailboxes flagged. Even a "fresh" list from Apollo or Clay should be verified — contact data goes stale at roughly 2-3% per month.
• Understand the difference between hard and soft bounces. Hard bounces mean the address doesn't exist or the domain is gone — remove these permanently and immediately. Soft bounces mean the mailbox was temporarily unavailable (full, server error). Soft bounces can be retried after 24-48 hours, but if the same address soft bounces 3 times, treat it as a hard bounce and suppress it.
• Remove hard bounces immediately and automatically. Your sending tool should handle this. Verify the setting is active in your campaign configuration. Never manually re-upload a list without running it through your suppression list first.
• Monitor spam complaint rate weekly via Google Postmaster Tools. If your complaint rate exceeds 0.1% (1 in 1,000 emails), pause all cold sending immediately and investigate. Common causes: targeting too broadly (low relevance = high complaint rate), using spam trigger words, sending too many follow-ups to unresponsive contacts, or a compromised mailbox sending spam without your knowledge.
• Honor unsubscribe requests within 24 hours. When someone replies asking to be removed, remove them from every active sequence and add them to your master suppression list. Continuing to email people who've opted out generates complaints and CAN-SPAM liability. Most sending tools automate this with reply detection — confirm it's enabled.
• Maintain a master suppression list. Keep a running CSV or database of all hard bounces, unsubscribes, spam complaints, and do-not-contact requests. Before every new campaign upload, run your prospect list through this suppression list. This is especially important if you're running multiple campaigns across different tools — maintain the suppression list centrally, not per-tool.

Phase 8: Ongoing Monitoring and Maintenance

Deliverability is not a one-time setup. If emails are landing in spam despite correct technical setup, see our deeper analysis on why cold emails go to spam and how to fix it. Sender reputation is a living score that changes with every email you send. Set up monitoring from day one and check it weekly — catching a deliverability issue early is the difference between a two-day pause and a two-week recovery.

• Google Postmaster Tools (free, essential). Connect your sending domains here immediately. It shows domain reputation (from Bad to High), spam complaint rates, authentication pass rates (SPF/DKIM/DMARC), delivery errors, and IP reputation. The domain reputation score is the single most important number to watch. High = inbox. Medium = mixed. Low or Bad = spam. Check weekly minimum, daily when launching new campaigns.
• MXToolbox Blacklist Monitor. Set up automated blacklist monitoring for all your sending domains. MXToolbox checks against 100+ blacklists and emails you the moment your domain or IP appears on one. Free tier covers basic monitoring. You want to know about a blacklisting within hours, not days — by the time you notice a deliverability drop without monitoring, you've already damaged your reputation further.
• Mail-tester.com before every new campaign. Send a test email to a mail-tester.com address before launching each new campaign template. The tool gives you a score from 1-10 and flags specific issues: SPF failures, DKIM problems, HTML formatting issues, spam words, missing unsubscribe links. Aim for 9.5/10 or higher. Anything below 8/10 needs to be fixed before sending.
• Inbox placement testing with GlockApps or Mailreach. These tools send test emails to seed accounts at Gmail, Outlook, Yahoo, and other providers, then tell you whether each landed in inbox, spam, or promotions. Run an inbox placement test when setting up a new domain, when changing email templates, and any time you notice a drop in open rates. It takes 10 minutes and gives you ground truth on where your emails are actually landing.
• Weekly metrics dashboard — what to track:
  Open rate: healthy range 40-70% for well-targeted cold email. Below 30% suggests deliverability or subject line issues.
  Bounce rate: keep under 2%. Alert threshold: 3%.
  Reply rate: varies widely by industry and targeting quality, but 3-8% is a reasonable benchmark for well-personalized cold email.
  Spam complaint rate: keep under 0.1%. Check via Google Postmaster Tools.
  Warm-up inbox placement score: keep above 90%. Check in your warm-up tool dashboard.
• Rotate out mailboxes that show declining performance. If a mailbox consistently shows lower open rates than others on the same domain, it may have developed a negative reputation. Pause it, warm it up for 2 weeks, then reintroduce it at lower volume. Don't try to fight through declining inbox placement by sending more — the problem compounds.

Emergency Procedures: What to Do When Deliverability Drops

Even with perfect setup, deliverability issues occur. Knowing how to respond quickly limits the damage. Speed matters: a domain reputation in "Low" status on Google Postmaster Tools can recover in 2-3 weeks of clean behavior, but only if you stop the bleeding fast.

• If open rates drop below 20%: Stop all cold sending immediately from the affected mailboxes. Check warm-up scores, verify DNS records are still correct (DNS propagation errors or accidental deletions happen), and run a full blacklist check. Do not resume sending until you've identified the root cause. Continuing to send while diagnosing makes the problem worse.
• If you hit a blacklist: Identify which blacklist flagged you (MXToolbox shows which specific lists). Stop sending from the affected domain. Request delisting from the blacklist provider — most have automated self-service delisting forms. Spamhaus, Barracuda, and SURBL each have different processes. Before requesting delisting, fix the underlying cause (high bounce rate, spam complaints, malware, etc.) — submitting a delisting request before fixing the problem just gets you re-listed faster.
• If bounce rates spike suddenly: Stop the current campaign immediately. The most common cause is a bad prospect list — a data provider delivered stale or invalid addresses. Re-verify the list with a different verification tool (different tools catch different issues). Also check if the spike is isolated to specific domains in your prospect list, which may indicate those domains have changed their mail servers.
• If a mailbox gets suspended by Google or Microsoft: Contact the provider's support to understand the specific policy violation. Common causes are exceeding sending limits, spam complaints above threshold, or unusual sign-in activity. Immediately reduce sending volume across all remaining mailboxes on that account. Set up a replacement mailbox on a different domain and start warm-up. Don't try to reinstate a suspended mailbox quickly — it rarely works and wastes time.
• Recovery protocol for a damaged domain: Move all active sending to healthy backup domains. Run the damaged domain on warm-up only for 3-4 weeks with zero cold emails. Monitor Postmaster Tools weekly until domain reputation returns to High. Then reintroduce cold sending at 25% of previous volume for one week before ramping back up. Full recovery from "Bad" reputation status typically takes 4-8 weeks of consistent clean behavior.
• This is why you build multiple domains from the start. Agencies and serious outreach operators treat domain rotation as infrastructure, not a backup plan. Keep 2-3 domains actively sending at any time and maintain 2-3 more in warm-up rotation. When a domain gets damaged, you have headroom to shift volume immediately without pausing outreach while you recover.

The Deliverability Stack: What Tools You Actually Need

To run this checklist at scale without managing every detail manually, here are the tools that cover each layer of the infrastructure:

• Domain registrar: Cloudflare Registrar or Namecheap. Cloudflare is preferred for its clean DNS management interface and at-cost pricing.
• Mailbox provider: Google Workspace ($7.20/user/month) for the highest inbox placement. Microsoft 365 ($6/user/month) as a secondary or alternative — useful for Microsoft-heavy industries like enterprise sales.
• Email warm-up: Instantly (built-in, included with sending subscription), Mailreach ($25/mailbox/month for dedicated warm-up), or Warmup Inbox ($15/month flat rate for up to 3 mailboxes).
• Cold email sending: Instantly or Smartlead. Both support inbox rotation, custom tracking domains, reply detection, and suppression list management. Instantly has a slightly simpler UI; Smartlead has more advanced campaign logic.
• Email verification: Millionverifier ($30 for 100k verifications, highest catch rate) or ZeroBounce ($20 for 2k verifications at pay-as-you-go). Run every list through verification before upload.
• Deliverability monitoring: Google Postmaster Tools (free), MXToolbox (free tier sufficient for blacklist monitoring), GlockApps ($79/month for full inbox placement testing, or pay-per-test).
• DNS records testing: MXToolbox SuperTool (free), mail-tester.com (free, 1 test per day on free tier).

Total infrastructure cost for a 5-domain, 15-mailbox setup: approximately $120-$180/month including mailbox fees, warm-up tools, and sending platform. At 500 cold emails per day, you can expect to generate enough pipeline to justify this cost within the first week of campaigns if your targeting and copy are solid.

Want to learn how to build and sell AI automations? Join our free Skool community where AI agency owners share strategies, templates, and wins. Join the free AI Automation Sprint community.