Cold Email Deliverability: How to Land in the Inbox

Why Deliverability Is the Foundation of Cold Email Success

You can write the most compelling cold email in the world, but if it lands in the spam folder, it might as well not exist. Email deliverability is the percentage of your emails that actually reach the recipient's primary inbox, and it is the single most important technical factor in cold email success.

Industry data suggests that roughly 20% of legitimate business emails never reach the inbox. For cold email specifically, that number can be much higher if your technical setup is not dialed in. Poor deliverability does not just mean lower response rates. It means wasted effort, damaged sender reputation, and in severe cases, your domain getting blocklisted entirely.

This guide covers everything you need to know about cold email deliverability, from authentication protocols to domain warming, sender reputation management, and avoiding the content traps that trigger spam filters.

Email Authentication: SPF, DKIM, and DMARC

Email authentication is the technical foundation of deliverability. These three protocols tell receiving mail servers that you are who you claim to be and that your emails have not been tampered with in transit.

SPF (Sender Policy Framework)

SPF is a DNS record that specifies which mail servers are authorized to send email on behalf of your domain. When a receiving server gets an email from your domain, it checks the SPF record to verify that the sending server is on the approved list.

**How to set up SPF:**

1. Identify all services that send email from your domain (your email provider, CRM, marketing tools, etc.).

2. Create a TXT record in your DNS settings.

3. The record format looks like: `v=spf1 include:_spf.google.com include:sendgrid.net ~all`

4. Each `include` statement authorizes a specific sending service.

5. The `~all` at the end means emails from unauthorized servers should be treated as suspicious (soft fail). You can use `-all` for a hard fail, which is more strict.

**Common SPF mistakes:**

Forgetting to include all sending services, causing legitimate emails to fail SPF checks.

Exceeding the 10 DNS lookup limit. Each `include` statement can trigger multiple lookups. If you exceed 10, SPF breaks entirely.

Using `+all` which authorizes anyone to send as your domain, completely defeating the purpose.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to your outgoing emails. The receiving server uses a public key published in your DNS to verify that the email was actually sent by your domain and was not modified in transit.

**How to set up DKIM:**

1. Generate a DKIM key pair through your email provider (most providers offer this in their admin settings).

2. Add the public key as a TXT record in your DNS.

3. Your email provider automatically signs outgoing messages with the private key.

4. Receiving servers verify the signature against the public key in your DNS.

**Key considerations:**

Use a 2048-bit key for stronger security.

Rotate your DKIM keys periodically (every 6 to 12 months).

Ensure DKIM alignment, meaning the domain in the DKIM signature matches the domain in the From address.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC builds on SPF and DKIM by telling receiving servers what to do when an email fails authentication checks. It also provides reporting so you can monitor who is sending email from your domain.

**How to set up DMARC:**

1. Start with a monitoring-only policy: `v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com`

2. This tells receiving servers to send you reports without taking action on failed emails.

3. Review reports for 2 to 4 weeks to identify any legitimate sending sources that are not properly authenticated.

4. Gradually tighten your policy to `p=quarantine` (send failed emails to spam) and eventually `p=reject` (block failed emails entirely).

**DMARC policy progression:**

**p=none:** Monitor only. Good for initial setup.

**p=quarantine:** Failed emails go to spam. Use once you are confident all legitimate sources are authenticated.

**p=reject:** Failed emails are blocked. The gold standard, but only implement after thorough monitoring.

Domain Warming: Building Sender Reputation From Scratch

If you are sending cold emails from a new domain or a domain that has not been used for email outreach before, you need to warm it up. Sending hundreds of cold emails from a cold domain is the fastest way to land in spam.

What Is Domain Warming

Domain warming is the process of gradually increasing your sending volume over several weeks to build a positive sender reputation with inbox providers. It mimics the natural email behavior of a legitimate business, signaling to Gmail, Outlook, and other providers that your domain is trustworthy.

The Domain Warming Process

**Week 1: Foundation**

Send 10 to 20 emails per day

Send only to people who are likely to engage (colleagues, friends, existing contacts)

Focus on generating replies, not just sends

Have recipients search for your emails in spam and mark them as "not spam" if they land there

**Week 2: Gradual Increase**

Increase to 20 to 40 emails per day

Begin mixing in some cold outreach to your most targeted prospects

Continue generating engagement (replies, forwards, and opens)

**Week 3: Scaling Up**

Increase to 40 to 70 emails per day

Expand cold outreach while monitoring deliverability metrics

Watch for any spikes in bounce rates or spam complaints

**Week 4: Approaching Target Volume**

Increase to 70 to 100 emails per day

By now, your domain should have established a baseline reputation

Continue monitoring inbox placement rates

**Week 5 and Beyond: Full Volume**

Gradually reach your target daily volume (typically 100 to 200 emails per day per mailbox)

Never exceed 200 cold emails per day from a single mailbox

Add additional mailboxes to scale further rather than overloading one

Domain Warming Best Practices

**Use a secondary domain.** Never send cold emails from your primary business domain. If your company is acme.com, send cold email from acme-mail.com or getacme.com. This protects your primary domain's reputation.

**Set up the secondary domain properly.** Configure SPF, DKIM, and DMARC on the secondary domain. Set up a basic website so it does not look like a throwaway domain.

**Create 2 to 3 mailboxes per domain.** Spread your sending volume across multiple mailboxes (e.g., james@acme-mail.com, sarah@acme-mail.com) to avoid overloading any single one.

**Engage in genuine email conversations.** During the warming period, use the mailbox for real email conversations. Subscribe to newsletters, reply to emails, and generate organic activity.

Understanding and Managing Sender Reputation

Your sender reputation is a score that inbox providers assign to your domain and IP address based on your email sending behavior. A high reputation means your emails reach the inbox. A low reputation means they go to spam.

Factors That Affect Sender Reputation

**Positive signals:**

High open rates (indicates recipients want your emails)

High reply rates (the strongest positive signal)

Low bounce rates (indicates a clean email list)

Low spam complaint rates (recipients are not marking you as spam)

Consistent sending volume (no sudden spikes)

Proper authentication (SPF, DKIM, DMARC all passing)

**Negative signals:**

High bounce rates (above 3% is a red flag)

Spam complaints (even 0.1% complaint rate can hurt you)

Sending to spam traps (email addresses created specifically to catch spammers)

Sudden spikes in sending volume

High unsubscribe rates

Low engagement rates

How to Monitor Sender Reputation

**Google Postmaster Tools:** Free tool that shows your domain's reputation with Gmail, including spam rate, authentication success, and delivery errors.

**Microsoft SNDS:** Similar to Google Postmaster but for Outlook and Hotmail recipients.

**Third-party tools:** Platforms like SenderScore, Talos Intelligence, and BarracudaCentral provide reputation scores and blocklist monitoring.

Recovering From a Damaged Reputation

If your sender reputation has taken a hit, recovery is possible but takes time.

1. **Stop all cold outreach immediately.** Continuing to send while your reputation is damaged will only make things worse.

2. **Identify the cause.** Was it a spike in bounces, spam complaints, or hitting a spam trap? Each requires a different fix.

3. **Clean your email list thoroughly.** Remove all invalid addresses, role-based addresses (info@, admin@), and any addresses that have bounced.

4. **Reduce volume dramatically.** Resume sending at 10% of your previous volume.

5. **Focus on engaged recipients.** Only email people who have a history of opening or replying.

6. **Gradually rebuild.** Follow the domain warming process again, increasing volume slowly over 4 to 6 weeks.

7. **Request delisting.** If you have been added to a blocklist, most have a removal request process. Fix the underlying issue first, then request removal.

Managing Bounce Rates

Bounces are one of the fastest ways to damage your sender reputation. There are two types, and each requires different handling.

Hard Bounces

A hard bounce means the email address does not exist. The mailbox is invalid, the domain does not exist, or the address has been permanently deactivated.

**Target:** Keep hard bounces below 2%.

**How to minimize hard bounces:**

Verify every email address before sending using a verification service.

Remove any address that hard bounces immediately. Never retry a hard bounce.

Use double-opt-in for inbound email lists.

Regularly clean your contact database, removing addresses that have not engaged in 6 or more months.

Soft Bounces

A soft bounce means the email could not be delivered temporarily. The recipient's mailbox might be full, the server might be down, or the message might be too large.

**Target:** Keep soft bounces below 3%.

**How to handle soft bounces:**

Most email platforms automatically retry soft bounces a few times.

If an address soft bounces three or more times across different campaigns, remove it.

Monitor for patterns, such as soft bounces from a specific domain, which might indicate a server-side block.

Content That Triggers Spam Filters

Even with perfect technical setup, the content of your emails can trigger spam filters. Here are the most common content-based spam triggers.

Words and Phrases to Avoid

Spam filters analyze the text of your emails for patterns associated with spam. While modern filters are more sophisticated than simple keyword matching, certain words and phrases still raise red flags when combined with other signals.

**Urgency and pressure:** "Act now," "limited time," "do not miss out," "urgent"

**Money and offers:** "Free," "discount," "no cost," "save money," "double your revenue"

**Guarantee claims:** "100% guaranteed," "risk-free," "no obligation"

**Excessive punctuation:** Multiple exclamation marks, all caps, or symbols like dollar signs

Formatting Red Flags

**Image-heavy emails.** Cold emails should be plain text or near-plain text. Lots of images, especially with minimal text, is a spam signal.

**Colored fonts and excessive formatting.** Keep formatting simple. Bold and bullet points are fine. Red text, large fonts, and multiple colors are not.

**Too many links.** Stick to one or two links maximum. Multiple links, especially to different domains, trigger spam filters.

**Large attachments.** Never include attachments in cold emails. Use links to hosted documents instead.

**HTML-heavy templates.** Cold emails should look like they were written by a person, not designed by a marketing team. Minimal HTML is best.

Structural Best Practices

Keep your emails between 50 and 150 words for optimal deliverability and engagement.

Include a plain text version alongside any HTML version.

Use a proper text-to-link ratio. Emails that are mostly links with little text look spammy.

Include your physical address and an unsubscribe mechanism to comply with CAN-SPAM and GDPR.

Sending Patterns That Protect Deliverability

How you send is just as important as what you send. Your sending patterns signal to inbox providers whether you are a legitimate business or a spammer.

Volume Management

**Never send more than 200 cold emails per day per mailbox.** This is a hard rule. Exceeding this threshold dramatically increases your chance of triggering spam filters.

**Spread sends throughout the day.** Sending 200 emails at once looks like a spam blast. Distribute sends over a 4 to 6 hour window with random intervals between each email.

**Keep volume consistent day to day.** Sending 50 emails on Monday and 500 on Tuesday raises red flags. Aim for consistent daily volume with no more than 20% variation.

Sending Schedule

**Send during business hours.** Emails sent at 3 AM look automated. Send between 8 AM and 6 PM in the recipient's time zone.

**Avoid weekends for initial outreach.** Weekend emails get lower engagement, which hurts your metrics and, by extension, your reputation.

**Randomize send times slightly.** If every email goes out at exactly 9:00 AM, it looks automated. Add random delays of 1 to 5 minutes between sends.

List Hygiene

**Verify before sending.** Run every email address through a verification service before adding it to a campaign.

**Remove unengaged contacts.** If a prospect has not opened any of your emails after the full sequence, remove them from future campaigns.

**Honor all unsubscribe requests immediately.** This is both a legal requirement and a deliverability best practice.

**Segment your lists.** Smaller, well-targeted segments produce better engagement metrics than large, generic blasts.

Monitoring and Maintaining Deliverability

Deliverability is not a one-time setup. It requires ongoing monitoring and adjustment.

Key Metrics to Track

**Inbox placement rate:** The percentage of emails reaching the primary inbox versus spam or promotions. Aim for 95% or higher.

**Open rate:** While not a direct deliverability metric, consistently low open rates can indicate inbox placement issues. Cold emails should achieve 40% to 60% open rates.

**Bounce rate:** Track hard and soft bounces separately. Hard bounces should stay below 2%.

**Spam complaint rate:** Keep this below 0.08%. Even small increases can damage your reputation.

**Unsubscribe rate:** Track but do not suppress. A high unsubscribe rate indicates targeting or messaging issues.

Weekly Deliverability Checklist

1. Check Google Postmaster Tools for any reputation changes.

2. Review bounce rates across all active campaigns.

3. Monitor spam complaint rates.

4. Verify that SPF, DKIM, and DMARC records are still properly configured.

5. Check if your domain or IP appears on any major blocklists.

6. Review inbox placement test results.

7. Clean your email list of any new hard bounces.

Deliverability Is an Ongoing Practice

Getting cold email deliverability right requires attention to technical setup, content quality, and sending behavior. It is not something you configure once and forget. The inbox providers are constantly updating their algorithms, and what worked last year might not work today.

The good news is that by following the practices in this guide, you will be ahead of the vast majority of cold emailers who skip the technical fundamentals and wonder why their campaigns underperform.

[ColdScribe AI](/) generates cold emails that are optimized not just for engagement but for deliverability. Every email is designed to look and feel like a genuine one-to-one message, which is exactly what inbox providers want to see.

Ready to send cold emails that actually reach the inbox? [Try our generator](/generate) and start with emails built for deliverability from the ground up.