If you take one thing from this guide, take this: 80% of cold email failure happens before you ever hit “send.” It is almost never the copy. It is almost never the offer. It is the infrastructure underneath — the domains, the DNS records, the warmup, the volume ramp. Get those right and average copy will outperform brilliant copy on a broken setup every single time.
This is the exact checklist we run for every new ReplyWorks client during their first week. It is also the checklist we wish we had been handed when we started, because it would have saved us roughly six months of false starts and three burned domains.
1. Buy secondary domains — never use your main one
Your primary brand domain is far too valuable to risk on cold outreach. Spam complaints are inevitable in volume sending, and even a single bad week can damage your transactional email deliverability for months afterward — meaning password reset emails, invoices, and customer notifications start landing in spam alongside your campaigns. The fix is simple: send all cold outreach from secondary domains that look and feel like your brand but are technically separate properties.
Good naming patterns include get-yourcompany.com, tryyourcompany.com, yourcompany.io, yourcompanyhq.com, and hi-yourcompany.com. Avoid hyphens combined with numbers, avoid exotic TLDs like .xyz, .top, .click, or .work — those are statistically over-represented in spam corpora and many filters penalize them by default. Stick to .com whenever possible, then .io, then .co.
For registration, we strongly recommend Cloudflare or Porkbun rather than GoDaddy or Namecheap. You want clean WHOIS records, fast DNS propagation, no constant upsell prompts, and DNS that actually works in under sixty seconds. Budget around $10–15 per domain per year. For each engagement we typically register between three and ten domains depending on the volume tier.
One small but important detail: buy your domains in batches a few weeks before you actually need them. Brand-new domains have no aging history, and inboxes weight aged domains more favorably during the first few weeks of sending. A thirty-day-old domain performs measurably better than a one-day-old domain even when everything else is identical.
2. Configure your DNS records — SPF, DKIM, and DMARC
These three records are how receiving inboxes verify that an email claiming to be from your domain actually came from a server you control. Get any of them wrong — or worse, leave them missing — and your messages route straight to spam. They are not optional, they are not “nice to have,” they are the price of entry.
SPF (Sender Policy Framework)
SPF is a TXT record on your domain listing every server allowed to send mail on its behalf. For Google Workspace it looks exactly like this:
v=spf1 include:_spf.google.com ~allFor Microsoft 365 it looks like this:
v=spf1 include:spf.protection.outlook.com -allThe ~all versus -all at the end matters. ~all means “soft fail — accept but mark suspicious.” -all means “hard fail — reject outright.” Start with soft fail until you are confident no legitimate mail flows from anywhere else, then tighten.
DKIM (DomainKeys Identified Mail)
DKIM is a cryptographic signature your mail server adds to every outbound message, which receiving servers verify against a public key published in your DNS. You generate it inside your provider — for Google Workspace go to Apps → Gmail → Authenticate email — and paste the resulting TXT record into your domain DNS. The record will be long, around two hundred characters, and it will look like a wall of base64 nonsense. That is correct.
DMARC (Domain-based Message Authentication)
DMARC tells receiving inboxes what to do when a message fails SPF or DKIM. Start with the safest possible policy:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.comThe p=none means “monitor only — do not block anything yet.” After two or three weeks of sending without issues, tighten to p=quarantine (move failures to spam) and eventually p=reject (refuse failures entirely).
Always — always — verify your records using mail-tester.com before sending a single live campaign. Send a test email from your new mailbox to the address mail-tester gives you, then check the score. You are aiming for a clean 10/10. Anything below 9 means something is misconfigured and you need to fix it before going further. We have never once sent from a setup scoring below 10 and had it perform well.
3. Create 2–3 mailboxes per domain
Each mailbox can safely send between thirty and fifty cold emails per day after warmup. So if you want to send a thousand cold emails per day, you need roughly twenty-five mailboxes — which means eight to ten sending domains. Plan your domain count backwards from your desired volume, not forwards from a guess.
Use real first names — firstname@get-yourcompany.com, not generic addresses like info@, sales@, or hello@. Generic addresses get filtered far more aggressively. Add a profile photo to each mailbox. Add a short, non-promotional signature with a real name, title, and company. Both human recipients and spam filters check these, and missing them is a small but consistent negative signal.
For provider, Google Workspace at $6 per mailbox per month and Microsoft 365 at $6 per mailbox per month are the only two we recommend for cold outreach in 2025. Avoid bulk SMTP services like SendGrid, Postmark, or Amazon SES for cold campaigns — their reputation is collectively burned for outbound and you will land in spam regardless of how good your setup is. Those services exist for transactional and marketing email to opted-in lists, not cold prospecting.
4. Warm up the mailboxes for two to three weeks
Warmup means sending small volumes of conversational-looking email between your new mailboxes and a network of trusted inboxes that automatically mark you as “Not Spam,” reply to your messages, and move you from the Promotions tab into the Primary tab. Over time this builds your sender reputation gradually and naturally, the way a human would build it.
Smartlead, Instantly, and Mailreach all have built-in warmup pools you can join. Set them to start at five to ten emails per day per mailbox and ramp by five additional emails per day until you hit thirty to forty. That ramp typically takes fourteen to twenty-one days. There is no shortcut. There is no premium tier that lets you skip ahead. Sender reputation is a slow-cooking thing and you cannot microwave it.
Do not skip this step. It is the single biggest reason new campaigns flop. We have seen clients spend weeks on copy, targeting, and offer iteration only to get nuked by spam filters because they tried to send their first real campaign on day three of a brand-new mailbox. The mailbox needs to look “alive” before you ask it to do real work.
5. Send your first campaign — slowly
Even after a complete warmup, you should ramp your real sending volume gradually rather than going to full output immediately. Day one: ten emails per mailbox. Day three: twenty. Day seven: thirty. Day fourteen: forty if your reply rate is healthy and your bounce rate is below two percent. If anything looks off — bounces creeping up, reply rates collapsing, deliverability test scores dropping — pause and investigate before pushing higher.
Add a randomized thirty- to ninety-second delay between sends within a campaign. Disable open tracking entirely — every modern open-tracking pixel hurts deliverability and the data is nearly worthless because of mail privacy protection. Disable link tracking unless you absolutely need attribution, and if you do need it, use a custom tracking domain that you set up specifically for that purpose, not the sending tool’s default shared domain.
Above all, watch your bounce rate religiously. Anything above three percent means your list is dirty and you need to re-verify it through NeverBounce, ZeroBounce, or MillionVerifier before continuing. Above five percent and most sending tools will pause your account automatically. Bounces are the single fastest way to wreck a domain reputation that took weeks to build.
Quick checklist before launch
- Secondary domain registered — not your main brand
- SPF, DKIM, and DMARC all pass mail-tester.com at 10/10
- MX records pointing correctly to your provider
- Each mailbox has a real first name, profile photo, and signature
- Warmup completed for at least fourteen days at thirty-plus emails per day
- List verified with bounce rate under two percent
- Open tracking disabled
- Sending volume capped at thirty to forty per mailbox per day
- Reply-to inbox monitored daily by a human
That is the entire setup. It is not glamorous and it is not exciting, but it is the boring work that separates campaigns that book meetings from campaigns that vanish into spam folders. If you do everything on this list, you have already outpaced ninety percent of teams sending cold email today.