Cold email deliverability: the founder's checklist

#What cold email deliverability really is

Cold email deliverability is a reputation balance mailbox providers hold on your sending identity, spent down by every complaint and topped up by every reply. It decides whether your outbound reaches the primary inbox or gets routed to spam, promotions, or a silent drop. Treat it as a credit line with Gmail (the largest B2B inbox) and Microsoft (Outlook, Office 365, Hotmail), recalculated on every send. It is never a one-time setup you finish and walk away from.

The founders we onboard usually conflate two words their email service provider reports as if they meant the same thing: delivered and inboxed. A message counts as delivered the instant the receiving server accepts it. Whether the provider then files it in the primary tab, the promotions bucket, or spam is a separate verdict the ESP cannot see. We have watched campaigns post 98% delivered while two-thirds of the people worth a reply never saw the email.

The mechanism is behavioral scoring. Providers watch what recipients do, opens, replies, marks-as-spam, deletions without a read, and convert that into a reputation grade on your domain and IP. Cold outbound starts that account at zero, with no prior relationship to vouch for you, which is why the same message that thrives for an opted-in newsletter gets filtered when it goes cold. You stay untrusted until recipients prove otherwise on your behalf.

#How SPF, DKIM, and DMARC authenticate your sender

SPF, DKIM, and DMARC are the three DNS records that prove a message is really from you, and missing any one caps inbox placement before copy matters. SPF (Sender Policy Framework) lists the servers allowed to send for your domain. DKIM (DomainKeys Identified Mail) signs each message cryptographically. DMARC (Domain-based Message Authentication, Reporting and Conformance) tells receivers what to do when either check fails. Publish all three or accept being downranked.

SPF is a TXT record naming the IP addresses and services authorized to send your mail. When Gmail receives a message, it matches the sending IP against that list. The failure we see most often is a founder who never added their ESP's sending infrastructure to the record, so legitimate campaigns fail the check and get filtered. Keep the record under the 10-DNS-lookup limit, because an eleventh lookup makes SPF break with no warning.

DKIM attaches a private-key signature to every email; the receiver verifies it against a public key you publish in DNS, proving the message was not tampered with in transit. DMARC then binds the two together and declares your policy, monitor, quarantine, or reject, while emailing you reports on who is sending under your name. Run all three and a provider has three independent reasons to trust the envelope.

Start DMARC at p=none so you gather reports without touching delivery, read a fortnight of data until every legitimate source passes, then move to p=quarantine. We learned the discipline the hard way watching a client jump straight to p=reject. A transactional service sent through a relay nobody had listed, and order-confirmation emails to their own customers vanished for a day before the support queue caught it. Confirm your full mail flow first, then enforce. Choose p=none over an early p=reject whenever any team still routes mail through a service you have not audited.

#Why domain warm-up buys reputation before volume

Domain warm-up earns sending reputation by raising volume in measured steps over 3-6 weeks, so providers see a human ramp instead of a cold domain blasting 2,000 messages on day one. A fresh domain has no history, and sudden volume reads as the signature of a spammer, which gets you filtered immediately. Warm-up is how you spend three weeks buying the trust a real campaign draws down in a day.

The mechanism is pattern recognition. Providers model how a legitimate new sender behaves: a few emails, some replies, a few more, gradual growth. We mimic that curve deliberately, opening with internal and seed-account exchanges that generate genuine replies and important-marks, then layering real prospects on once the domain carries a track record. Engagement is the currency. You are not just sending, you are manufacturing positive signals.

1. Week 1: 10-20 sends a day, mostly to seed accounts that open, reply, and mark important.
2. Week 2: 30-50 a day, fold in a thin slice of real prospects.
3. Week 3: 60-100 a day while Postmaster domain reputation holds steady.
4. Weeks 4-6: scale toward target volume only as long as spam rate stays under 0.1%.

A working example from a recent iGaming account: rather than push one domain hard, we ran three sending domains in parallel, each on its own warm-up curve, so the combined daily volume never forced any single domain past the rate that trips a filter. Fresh, in-market data only converts when the inbox carrying it is trusted, which is the quiet dependency behind event-based lead sourcing. Splitting the load across three domains is the better choice whenever your target volume would push a single domain past its safe daily ceiling.

#How list freshness protects sender reputation

List freshness governs deliverability more than any DNS record, because every hard bounce and spam complaint is a permanent withdrawal from your reputation account. A verified, recently sourced list holds bounce under 1% and keeps engagement high; a recycled broker list can torch a warmed domain in a single campaign. The cleanest authentication stack in the world cannot outrun a dirty list.

The mechanism: providers read a high bounce rate as proof you are mailing blind, the defining habit of someone scraping addresses. Push past roughly 2-3% bounce on a send and Gmail begins throttling the whole domain. So we verify every address before it enters a sequence and re-verify anything older than 30 days, because B2B contacts decay fast as people change roles, leave companies, and abandon inboxes.

This is where freshly captured data wins on deliverability, not only on intent. A list pulled live from a conference floor last week carries near-zero dead addresses and recipients who recognize the context the moment they read line one. Unlike a list a broker has resold a dozen times, thick with role accounts, spam traps, and people conditioned to hit report, it has not been worn down by overuse. The recency that books meetings is the same recency that keeps you out of spam, which is why outbound metrics that matter track bounce as a leading reputation signal.

• Verify every address before the first send and drop anything risky or unverifiable.
• Suppress role accounts (info@, sales@, admin@) that attract complaints and forwards.
• Screen for spam traps, addresses that exist only to catch senders who never clean lists.
• Re-verify any list older than 30 days before you reuse a single address from it.

#How to monitor cold email deliverability before it slips

Monitoring cold email deliverability means watching reputation daily so you catch a decline while it is still reversible, not after replies have already dried up. Google Postmaster Tools and a hand-checked seed inbox together show where mail actually lands, which your ESP's delivered count never reveals. By the time the pipeline feels thin, the damage is usually a week old and harder to undo.

Postmaster Tools is the instrument that matters most, because Gmail holds the largest slice of B2B inboxes and is the only major provider that shows you its own scoring. Verify your sending domain there and watch four readouts: domain reputation, IP reputation, spam rate, and authentication pass rates. A slide from High to Medium domain reputation is your two-day warning before placement drops. Treat it as a fire alarm, not a footnote.

Pair that with a seed list, a spread of test accounts across Gmail, Outlook, and Yahoo that you send each campaign to and read by eye. The seed list catches the silent Microsoft drop and tells you whether you are hitting primary, promotions, or spam, which Postmaster cannot. We log placement per campaign so a slip surfaces as a trend rather than a surprise.

One signal pattern is worth knowing. When Postmaster authentication pass rates dip on a single record, it usually means a recent DNS edit broke alignment, and the seeds will show promotions-tab placement before reputation visibly moves. Unlike a reputation grade, which lags the send, seed placement reacts the same day, so weight the two together rather than trusting either alone.

#The founder's cold email deliverability checklist

The founder's cold email deliverability checklist is an ordered pre-flight you run before every campaign and revisit weekly, because placement degrades the moment one input slips. The items below are the exact sequence we run on every client account, arranged so the foundational steps gate the rest. Skip an early one and the later steps cannot rescue the send.

1. Send from a separate domain, never your primary brand domain.
2. Publish SPF, DKIM, and DMARC, then confirm DMARC alignment, not just that the records exist.
3. Warm the domain 3-6 weeks before real volume touches a cold list.
4. Verify the full list and suppress role accounts and risky addresses.
5. Cap volume per domain and split the load across multiple domains as you scale.
6. Connect Google Postmaster Tools and keep the spam rate under 0.1%.
7. Keep a seed inbox across Gmail, Outlook, and Yahoo for manual placement checks.
8. Track reply rate and bounce rate per campaign and treat open rate as directional only.

The separate-domain rule earns the top slot for a reason. We register a lookalike domain (yourcompany-mail.com against yourcompany.com) purely for outbound, so a campaign that runs into trouble never drags your corporate mail, your invoices, or your team's daily correspondence into a reputation hole. The brand domain stays pristine while the sending domain absorbs the risk. Choose that separation whenever one account carries both your sales pipeline and your operational email.

Deliverability is the price of admission; copy is what turns a delivered message into a booked call, which we break down in cold email copy that books meetings. When maintaining this stack in-house is more than your team should carry, the infrastructure is built into the service tiers. Strong cold email deliverability is not a trick or a single setting. It is a system you run, and it is the line between a list that books meetings and one nobody ever reads.