Cold email deliverability is the single biggest variable between a campaign that books meetings and one that disappears into the void. It’s also the thing most founders get wrong — not because it’s complicated, but because nobody explains it in plain terms before they start.
This guide covers everything: the infrastructure decisions, the DNS records, inbox warmup, list hygiene, reputation monitoring, and how to scale sends without destroying the domains you’ve built up. By the end, you’ll know exactly what to build, in what order, and why each step matters.
If you’re looking for the short version focused on a specific issue — like why your emails are landing in spam or how inbox warmup works — those posts go deeper on individual pieces. This guide is the full picture.
What “Deliverability” Actually Means
Deliverability is not the same as delivery. Delivery means the email wasn’t bounced — it reached a mail server. Deliverability means it reached the inbox, not spam. An email can be delivered but not deliverable. You can have a 98% delivery rate and a 30% inbox placement rate. That gap is the deliverability problem.
Mail servers — primarily Google and Microsoft, which power most business email — use a combination of signals to decide where an inbound email goes. Those signals fall into three buckets: authentication (is this sender who they claim to be?), reputation (has this sender historically behaved well?), and engagement (do recipients interact with emails from this sender?). Good deliverability means scoring well on all three, consistently.
The Infrastructure You Need Before Sending a Single Email
1. Dedicated sending domains — not your main domain
Your primary business domain (the one in your email signature, on your website, in your transactional emails) should never be used for cold outreach. If it gets blacklisted or its reputation damaged, your entire business email — investor communications, customer onboarding, invoices — is affected.
Register one to three sending domains that are close variants of your brand. If your company is acme.com, register getacme.com, useacme.com, or acmehq.com. Set up two to three Google Workspace inboxes per domain (e.g. james@getacme.com, j.smith@getacme.com, james.smith@getacme.com). Each inbox is a separate sending channel that you’ll rotate across. Domain cost: $10–$15/year. Workspace cost: $6/user/month. For three domains with two inboxes each, that’s roughly $36/month before your sequencing tool.
2. DNS authentication: SPF, DKIM, and DMARC
These three DNS records are non-negotiable. Mail servers check them on every inbound email. Missing or broken records are an immediate deliverability failure.
SPF (Sender Policy Framework) declares which mail servers are authorised to send email on behalf of your domain. It’s a TXT record in your DNS that looks something like v=spf1 include:_spf.google.com ~all. Your email provider (Google Workspace, Microsoft 365) will give you the exact record to add.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The receiving server checks the signature against a public key in your DNS to confirm the email genuinely came from you and wasn’t tampered with in transit. Your email or sequencing provider generates the key; you add it as a TXT record.
DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do when an email fails SPF or DKIM checks. Start with p=none (monitor only) so you can see failures without affecting delivery. Once your infrastructure is clean, move to p=quarantine. Never start at p=reject — too aggressive before you’ve validated everything.
Verify all three records at MXToolbox.com immediately after adding them. Every single sending domain needs its own complete set. This takes about 20 minutes per domain and is the most important 20 minutes you’ll spend on this entire process.
3. Inbox warmup: mandatory, not optional
A new inbox has zero sending history. To mail servers, it looks exactly like the infrastructure a spammer would set up — because spammers also use new inboxes. The solution is warmup: a process of gradually building sending history and reputation before running outbound campaigns.
Warmup tools (Instantly has it built in, Smartlead has it built in, Lemwarm is a standalone option) automatically send emails between a network of pre-warmed inboxes, mark them as important, and rescue them from spam folders. This simulates the behaviour of a legitimate, actively used inbox. Run warmup for a minimum of 14 days before sending any outbound. Three to four weeks is better. During the warmup period, the tool handles everything — you don’t send outbound at all from those inboxes.
For a deeper walkthrough of warmup timelines, limits, and common mistakes, see our dedicated post: Cold Email Warmup: How Long It Takes and How to Do It Properly.
List Hygiene: The Step Most People Skip
Sending to a dirty list — one with invalid, catch-all, or inactive email addresses — is one of the fastest ways to destroy domain reputation. Bounce rates above 3% are a serious signal to mail servers. Above 5%, you risk blacklisting.
Every list should be verified before you load it into your sequencing tool. This is not optional. The tools that do this well: MillionVerifier (fast, cheap, bulk-friendly — our first recommendation), NeverBounce (reliable, good API), ZeroBounce (solid for catch-all handling). Any of these will flag addresses as Valid, Invalid, Catch-All, or Unknown. Send only to Valid. Remove everything else before importing.
For lists built from LinkedIn, Apollo, or Clay, expect 5–20% of addresses to be invalid or catch-all. Verification before sending is what keeps your bounce rate under 2%.
Sending Volume: The Limits That Matter
Even with perfect infrastructure and a clean list, sending too much too fast will trigger spam filters. Google and Microsoft rate-limit inboxes based on their sending history. Ignoring those limits damages reputation.
The rules of thumb for a warmed inbox:
- First month of outbound (post-warmup): 20–30 emails per inbox per day maximum
- Month two onwards: 40–50 emails per inbox per day maximum — Google Workspace’s practical safe ceiling
- To send more volume: add more inboxes, not more emails per inbox
- Never exceed 500 emails per day from any single domain (across all inboxes on that domain)
The inbox rotation model — distributing sends across multiple inboxes on multiple domains — is how you scale volume without hitting per-inbox limits. A sequencing tool like Instantly or Smartlead handles rotation automatically once you’ve added your inboxes. At 20 inboxes sending 30 emails each, you have 600 sends/day capacity without overloading any single sender.
Monitoring Reputation
Set up Google Postmaster Tools (postmaster.google.com) for every sending domain. It’s free, takes 10 minutes to configure, and shows you domain reputation, IP reputation, authentication pass rates, and spam complaint rates from Google’s perspective.
The metric to watch most closely: spam rate. Google’s threshold for acceptable spam complaints is 0.1% — one complaint per thousand emails. If you approach or breach this, pause sending and investigate immediately. Common causes: list targeting too broad (wrong ICP), sequences too aggressive (too many follow-ups), or subject lines that feel deceptive.
Also check your domains against blacklists monthly. MXToolbox has a free blacklist checker — run every sending domain through it. Being on a blacklist is fixable but takes time; catching it early limits the damage.
What Good Deliverability Looks Like in Practice
With this infrastructure in place, here’s what you should expect from a well-run campaign targeting a relevant ICP:
- Inbox placement rate: 90%+ (test with mail-tester.com before launching)
- Open rate: 40–65% on initial emails to a targeted, verified list
- Bounce rate: under 2%, ideally under 1%
- Spam complaint rate: below 0.08%
- Domain reputation in Postmaster Tools: High
If your open rates are below 25%, treat that as a deliverability signal first, not a copy signal. Fix the infrastructure, then re-evaluate the messaging. Many founders iterate endlessly on subject lines when the real issue is that the emails never reached the inbox.
The Full Setup Checklist
- Register 2–3 sending domains (not your primary domain)
- Create 2–3 Google Workspace inboxes per domain
- Configure SPF, DKIM, and DMARC on each domain
- Verify all DNS records with MXToolbox
- Connect all inboxes to your sequencing tool (Instantly, Smartlead)
- Enable inbox warmup — run for 14–30 days before sending outbound
- Set up Google Postmaster Tools for each domain
- Verify your lead list with MillionVerifier before importing
- Start outbound sends: 20–30 emails/inbox/day in month one
- Monitor Postmaster Tools weekly; run blacklist check monthly
The principle behind all of this: Deliverability is reputation management, not a technical checklist. Every decision — how many domains, how many inboxes, how many sends per day — is a reputation decision. Build conservatively. Scale gradually. The founders who try to shortcut this always pay for it later.
Related Posts in This Series
This is the hub post for GrowthStack’s deliverability content. If you want to go deeper on a specific topic:
- Why Your Cold Emails Are Landing in Spam — And How to Fix Each Cause
- Cold Email Warmup: How Long It Takes and How to Do It Properly
- The Infrastructure Fixes That Get You Back in the Inbox
Want us to build this for you?
GrowthStack sets up your entire deliverability infrastructure as part of our GTM Foundation — properly configured, warmed, and ready to send before we hand over.