Cold Email Deliverability: The Foundations Every B2B Sender Needs
Before anyone reads your carefully written cold email, a set of machines decides whether it deserves the inbox, the spam folder or a silent rejection. Deliverability is the discipline of winning that machine decision, and in cold B2B outreach — where recipients never opted in — you start with zero benefit of the doubt. This primer covers the four pillars that determine inbox placement and the order in which to build them.
- Deliverability rests on four pillars: domain reputation, authentication (SPF, DKIM, DMARC), gradual warmup and list hygiene.
- Use a separate sending domain for cold outreach so your main company domain never carries the risk.
- Verify every address before sending; a bounce rate above 2–3% actively damages sender reputation.
- Warm up new domains and mailboxes for 3–4 weeks before real campaign volume — there is no safe shortcut.
- Keep per-mailbox volume modest and steady; cold outreach scales by adding mailboxes, not by blasting more from one.
How mailbox providers judge your email
When your message arrives at Google Workspace, Microsoft 365 or any corporate mail gateway, it is scored before a human ever sees it. The score combines who is sending (domain and IP reputation), whether the sender is who they claim to be (authentication), how recipients have treated previous mail from this sender (spam complaints, deletions without reading, replies), and what the message itself looks like (links, formatting, wording).
For cold email the reputation component dominates. A newsletter platform sends from long-established infrastructure to people who subscribed; you are sending from a young domain to people who never asked. Every signal you can control — clean authentication, verified addresses, human-like volume, content that earns replies — has to compensate for that missing consent signal.
The good news: corporate B2B mail systems are more predictable than consumer inboxes. They rely heavily on authentication, domain reputation and complaint history. If you build those correctly, a relevant one-to-one business email to a decision-maker gets treated as what it is — business correspondence, not marketing blast.
Pillar one: protect your main domain with a separate sending setup
The first structural decision in cold outreach: never send cold campaigns from your primary company domain. Cold email always carries some reputation risk — a bad list, an unlucky complaint cluster — and if that risk lands on the domain your company uses for invoices, support and internal mail, the damage spreads to everything.
Standard practice is to register one or more adjacent domains: if your company is acme.com, you send from acme-team.com, getacme.com or tryacme.io. Set the adjacent domain to redirect to your main site so a curious recipient who types it in lands somewhere real. Give each sending domain its own mailboxes with real names of real people, because replies will come and someone has to own the conversation.
Plan capacity around modest per-mailbox volume. A safe steady state for a warmed-up mailbox doing cold outreach is on the order of 20–50 emails per day. If your campaign math requires 200 emails a day, that is four to eight mailboxes across one or two sending domains — not one mailbox sending 200. Scaling horizontally keeps every individual sender looking like a human being.
Pillar two: authentication — SPF, DKIM and DMARC
Authentication is the technical handshake proving your email actually comes from your domain. It consists of three DNS records, and all three are effectively mandatory now: major providers have tightened requirements, and unauthenticated bulk senders get filtered or rejected outright.
SPF lists which servers may send mail for your domain. DKIM adds a cryptographic signature to each message that the receiving server verifies against a public key in your DNS. DMARC ties the two together and tells receivers what to do when a message fails — and, importantly, gives you reports on who is sending mail claiming to be you.
Set these up on the sending domain before the first warmup email leaves. Start DMARC with a monitoring policy (p=none) to collect reports, then tighten to quarantine once you have confirmed all legitimate mail passes. Verify the whole setup by sending a test message to a mailbox you control and inspecting the message headers: you want to see spf=pass, dkim=pass and dmarc=pass. One more record worth adding is a custom tracking domain for any link or open tracking, so tracking links resolve through your own subdomain rather than a shared platform domain with unknown reputation.
- SPF: one record per domain listing authorized senders; multiple SPF records break validation.
- DKIM: enable it in your mail provider and publish the key; rotate if a key is ever exposed.
- DMARC: start at p=none with report collection, move to p=quarantine after verification.
- Custom tracking domain: keeps redirect links on infrastructure you control.
- Recheck all records after any DNS or provider migration — silent breakage is common.
Pillar three: warmup — earning reputation before you need it
A brand-new domain with zero sending history is inherently suspicious; spammers register fresh domains, burn them and move on, and filters know this pattern. Warmup is the process of building a positive history before campaign traffic starts: low volume at first, gradual increases, and engagement signals — opens, replies, messages rescued from spam — that tell providers this sender is wanted.
A realistic schedule for a new domain and mailbox: week one, 5–10 emails per day; week two, 10–20; week three, 20–35; week four, 35–50. Increase by roughly 20–30% at a time and hold the level if you see bounces or spam placements. In parallel, use the mailbox like a human would — send a few messages to colleagues and partners who reply, subscribe to a couple of newsletters, have real threads in the sent folder.
The full warmup arc takes three to four weeks before a mailbox should carry real cold volume, and reputation needs maintenance afterwards: keep some background sending activity even between campaigns. A mailbox that goes silent for a month and then bursts back to 50 emails a day looks exactly like the burst pattern filters penalize. Warmup is covered in depth in our dedicated domain warmup guide; the one-line summary is that no one has found a safe way to skip it.
Pillar four: list hygiene — the input that poisons everything downstream
The fastest way to destroy a warmed-up domain is a dirty list. Hard bounces tell providers you are sending to addresses you do not know — the signature of a scraped or bought list. Spam traps, addresses that exist only to catch senders with bad list practices, can get a domain blocklisted from a single hit. Keeping bounce rates under 2–3% is not a target, it is a survival threshold.
Verify every address before it enters a campaign. Verification services check syntax, domain validity and mailbox existence via SMTP-level checks; run your list through one and remove invalids and unknowns. Treat catch-all domains — where every address appears valid — with caution and lower volume. Deprioritize role addresses like info@ and office@: they bounce less but convert poorly and complain more, and in address-based outreach you want a named decision-maker anyway.
Hygiene continues after launch. Suppress every hard bounce immediately and automatically. Honor every unsubscribe and opt-out reply the moment it arrives, and keep a permanent suppression list that survives across campaigns and tools. Under both GDPR and CAN-SPAM, respecting opt-outs is a legal obligation, not a courtesy — and operationally, a person who asked out and gets another email is your most likely spam complaint.
Content and sending behavior: the everyday signals
With infrastructure in place, day-to-day behavior determines whether reputation compounds or erodes. Content matters less than folklore suggests, but a few things reliably hurt: link-heavy messages, image-stuffed HTML, attachment-bearing first touches, and copy that reads like a promotion rather than a note from one professional to another. A cold B2B email should look like normal business correspondence — mostly plain text, one link at most, a real signature with a real name and company.
Sending behavior should look human too. Space messages minutes apart rather than firing a batch in one second. Keep daily volume consistent instead of spiking. Vary your templates enough that no two hundred messages are byte-for-byte identical — good personalization does this naturally, which is one more reason targeted outreach outperforms blasting.
Replies are the strongest positive signal a cold sender can generate. A message relevant enough that even 3–8% of recipients answer — the healthy range for cold B2B — builds reputation in a way no technical trick can. This is where deliverability stops being a technical discipline and merges with strategy: the better your targeting and message, the better your inbox placement, which is a virtuous cycle worth engineering deliberately.
Monitoring and the launch checklist
You cannot manage what you do not measure. Register for Google Postmaster Tools to see how Google rates your domain reputation and spam rate. Watch bounce rates per campaign and per mailbox daily during the first weeks. Run periodic seed tests — send your campaign template to a panel of mailboxes you control across Google, Microsoft and other providers, and record where it lands. Check your domains and IPs against major blocklists on a schedule, not just when something feels wrong.
When placement suddenly degrades, respond by cutting volume, not pushing through it. Diagnose in order: new bounces from a bad list segment, a broken DNS record after some change, a content change in the latest template, a complaint spike from an unusually poor audience match. Most incidents trace back to one of those four.
- Separate sending domain(s) registered, redirecting to the main site.
- SPF, DKIM and DMARC published and verified with header checks.
- Custom tracking domain configured if tracking is used.
- Mailboxes warmed for 3–4 weeks on a gradual schedule.
- Every list verified; invalids, unknowns and role addresses handled.
- Automatic suppression of bounces and opt-outs across all campaigns.
- Per-mailbox daily volume capped at warmed levels, sends spaced and randomized.
- Postmaster Tools registered; bounce, complaint and placement monitoring in place.
FAQ
What bounce rate is acceptable for cold email?
Keep hard bounces under 2–3%. Above that, mailbox providers read your traffic as unverified-list spam and reputation degrades quickly. With proper pre-send verification, staying under 2% is routine; if a verified list still bounces heavily, the data source itself is stale.
Do I really need a separate domain for cold outreach?
Yes. Cold email carries inherent reputation risk, and isolating it on an adjacent domain means a bad week damages a replaceable asset instead of the domain your company runs on. It also lets you run several sending domains in parallel and retire one cleanly if its reputation is ever hurt.
How long does warmup take before I can send real campaigns?
Plan three to four weeks for a new domain and mailbox, ramping from 5–10 emails a day to 35–50. Rushing it is the single most common self-inflicted deliverability failure — filters specifically watch for young domains that jump to volume quickly.
Is cold B2B email even legal under GDPR and CAN-SPAM?
Both frameworks allow B2B outreach under conditions. CAN-SPAM requires truthful headers, a physical address and a working opt-out that you honor promptly. GDPR requires a lawful basis — typically legitimate interest for relevant B2B communication — plus easy objection and data-handling discipline. Relevance, transparency and instant opt-out handling are the practical core of compliance.
Why do my emails reach Gmail inboxes but land in spam at Outlook?
Providers weigh signals differently and hold separate reputation views of your domain. Microsoft is often stricter with young domains and weighs its own users' engagement heavily. Run seed tests per provider, and if one lags, reduce volume to that provider's domains and rebuild engagement there gradually.
Does personalization actually affect deliverability?
Indirectly but meaningfully. Personalized messages vary naturally, avoiding the identical-blast fingerprint filters look for, and they earn more replies — the strongest positive reputation signal available to a cold sender. Deliverability and message quality are not separate workstreams; one feeds the other.
Want to apply this to your outreach?
We will map it to your segment and product — before any work starts.
Talk to us