Two years ago, you could send cold emails from your main business domain with a basic email platform and get decent inbox placement. That era is over. Gmail and Microsoft both tightened their filtering significantly in 2024, and what used to work now gets you flagged, throttled, or sent straight to spam.
Deliverability, which is the percentage of your emails that actually reach the recipient's inbox rather than their spam folder, has become a technical discipline. If you're sending cold outreach and you haven't set up your sending infrastructure properly, you're essentially posting letters without stamps and wondering why nobody replies.
Email providers use a combination of signals to decide whether your email reaches the inbox. Understanding these signals is the difference between a campaign that generates meetings and one that generates silence.
Sender reputation. Every domain that sends email builds a reputation score with major providers. Send too many emails too quickly, get too many bounces, receive spam complaints, and that score drops. Once it drops below a threshold, your emails start going to spam. Not some of them. All of them. Including the ones to people who actually want to hear from you.
Authentication records. This is where it gets technical, but the concepts are straightforward. Three acronyms matter: SPF, DKIM, and DMARC.
SPF (Sender Policy Framework) is a DNS record that tells email providers which servers are allowed to send email on behalf of your domain. Without it, providers have no way to verify that an email claiming to be from you actually came from you.
DKIM (DomainKeys Identified Mail) adds a digital signature to your emails. It's like a wax seal on a letter. The receiving server checks the signature against a public key in your DNS records. If it matches, the email is verified as genuinely from you and unaltered in transit.
DMARC (Domain-based Message Authentication, Reporting and Conformance) ties SPF and DKIM together and tells receiving servers what to do with emails that fail authentication. Reject them, quarantine them, or let them through. Without DMARC, even if you have SPF and DKIM, providers may still treat your emails with suspicion.
If any of these are missing or misconfigured, your cold emails are fighting with one hand tied behind their back.
Content signals. Email providers also analyse the content of your emails. Certain phrases, excessive links, image-heavy layouts, and formatting patterns associated with spam will trigger filters. "Act now," "limited time offer," "click here for your free..." These aren't just cliches. They're filter triggers.
Here's a rule that surprises most business owners: never send cold email from your primary business domain.
Your primary domain (yourcompany.co.uk) is your reputation. It's what your existing clients use to email you. It's connected to your website, your branding, your professional identity. If that domain's sender reputation gets damaged through cold outreach, your regular business emails start hitting spam too. Invoices to clients. Proposals to prospects. Internal communications.
The solution is a separate sending domain. Not a random throwaway domain, but a professional-looking alternative that's clearly related to your main brand. If your business is smithmanufacturing.co.uk, your sending domain might be smith-mfg.co.uk or smithmfg.co.uk. Close enough that recipients recognise the connection. Separate enough that reputation damage doesn't bleed into your primary domain.
We set this up for a golf networking business earlier this year. They'd been sending all their outreach from their main domain and had started noticing deliverability issues. Their open rates had dropped from 35% to 18% over three months, despite the content quality staying the same. The domain had been flagged.
We set up a dedicated sending domain, configured SPF, DKIM, and DMARC properly, warmed it over three weeks, and migrated their cold outreach to it. Within a month, open rates were back above 30%. Their main domain recovered too, once it stopped being associated with high-volume cold sending.
You can't buy a new domain and start sending 500 emails a day from it. Email providers will flag any new domain sending at volume as suspicious. The domain has no history, no reputation, no track record. As far as Gmail and Microsoft are concerned, it might as well be a spam operation.
Domain warming is the process of building that reputation gradually. Start by sending a small number of emails (10 to 20 per day) to contacts you know will engage. Internal addresses, friendly contacts, people who will open and reply. Over two to three weeks, gradually increase the volume while maintaining high engagement rates.
The goal is to build a positive reputation before you send at scale. Email providers see a new domain with consistent delivery, high open rates, low bounces, and genuine replies, and they assign it a positive reputation score. That score is what allows you to scale volume later without triggering spam filters.
Skip this step and your very first campaign will damage the domain before it's had a chance to build credibility. I've seen businesses burn through three sending domains in a year because they kept skipping the warming phase.
Even with a warmed domain and perfect authentication, there are practical limits to how many cold emails you can send per day without triggering filters.
For a single sending domain, a safe daily limit is around 50 to 100 emails for cold outreach. Not 500. Not 1,000. Fifty to a hundred. This feels low if you're used to thinking about email marketing in terms of thousands, but cold email and marketing email are different animals.
Marketing emails go to people who've opted in. Cold emails go to people who haven't. The tolerance for volume is dramatically lower. Push past the safe limits and you'll see deliverability drop within days.
For higher volumes, you need multiple sending domains and multiple sending accounts, each staying within safe limits. A campaign sending 500 cold emails per day might use five or six sending domains, each handling 80 to 100 sends. This requires more setup but protects each domain's reputation.
The sending pattern matters too. Don't send all 100 emails at 9:01am. Spread them across the day with natural-looking intervals. Email providers flag unnatural patterns, and batch-sending from a single domain at a single time looks exactly like what it is: automated cold outreach.
Setting up your sending infrastructure isn't a one-time job. Deliverability requires ongoing monitoring.
Track your bounce rate per campaign. Anything above 3% for hard bounces means your data quality is poor and your sender reputation is being damaged. Track your spam complaint rate. Anything above 0.1% is a warning sign. Track your inbox placement rate using tools like GlockApps or Mail-Tester.
Check your authentication records periodically. DNS changes, hosting migrations, and platform switches can break SPF, DKIM, or DMARC without anyone noticing until deliverability craters weeks later.
And watch your sending domain's reputation using Google Postmaster Tools (for Gmail delivery) and Microsoft SNDS (for Outlook delivery). Both are free. Both tell you exactly how email providers view your domain. If you're not checking these regularly, you're flying blind.
Cold email still works. I've seen it generate six-figure pipeline value for clients this year. But it only works when the technical foundation is solid. And that foundation requires knowledge, effort, and ongoing attention that most businesses don't have internally.
This is one area where doing it yourself, without understanding the technical requirements, can actually make things worse. A botched cold email campaign doesn't just fail to generate leads. It actively damages your domain reputation, which affects every email your business sends.
Get the infrastructure right first. Then worry about the copy.
Martin Dugan, AA2
