# Deliverability Guide A cold email that lands in spam is worse than no email at all — it damages your sender reputation for future sends. Get deliverability right before you worry about copy. --- ## The Deliverability Stack Email deliverability is a layer cake. Every layer has to be correct: ``` Domain reputation (is your domain trusted by inbox providers?) ↓ Authentication (SPF, DKIM, DMARC — are you who you say you are?) ↓ Sending infrastructure (IP reputation, sending limits, ramp-up) ↓ List quality (are you sending to real, active addresses?) ↓ Email content (does the content look like spam?) ↓ Engagement signals (opens, replies, not-spam clicks) ``` Fix problems from the bottom up. No point perfecting copy if your domain is blacklisted. --- ## Domain Setup ### Use a Dedicated Sending Domain Never send cold email from your primary company domain (`acme.com`). If your cold email domain gets flagged or blacklisted, you lose your main domain's email reputation. **Setup options:** - `mail.acme.com` — subdomain of main domain - `acme-hq.com` — separate domain with similar name - `getacme.com` / `tryacme.com` — common pattern for SaaS **Rules for the sending domain:** - Set up a proper website (even a simple redirect to main site) — bare domains look suspicious - Match the company name visually — unrelated domains look like phishing - Get a G Suite / Microsoft 365 mailbox on it — shared hosting email servers have worse reputation ### SPF Record SPF (Sender Policy Framework) tells receiving servers which IP addresses are allowed to send email from your domain. Without it, your emails look unauthenticated. **DNS TXT record:** ``` v=spf1 include:_spf.google.com ~all ``` Replace `_spf.google.com` with your sending provider's SPF include. Check your provider's documentation for the exact value (Google Workspace, SendGrid, Mailgun, etc. all have their own). **Important:** Only have ONE SPF record per domain. If you have multiple, they conflict and authentication fails. ### DKIM DKIM (DomainKeys Identified Mail) adds a cryptographic signature to your emails, proving they weren't tampered with in transit. Setup is done through your email provider — they give you a DNS TXT record to add. It looks like: ``` google._domainkey.yourdomain.com IN TXT "v=DKIM1; k=rsa; p=MIGfMA0..." ``` The public key in that record lets receiving servers verify your email's signature. ### DMARC DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. **Starter DMARC record (monitoring mode):** ``` _dmarc.yourdomain.com IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com" ``` `p=none` means monitor but don't block — good to start with. Once you've confirmed SPF and DKIM are working cleanly, move to `p=quarantine` or `p=reject`. ### Verify Everything Use **mail-tester.com**: send a test email to their address, then check your score. 9/10 or higher means your authentication is clean. Below 7/10 means something is broken. --- ## Domain Warmup A brand new domain has no sending reputation. Email providers don't trust it. If you start sending 200 emails/day on day one, you will be flagged. Warmup = building reputation gradually by sending low volumes and getting positive engagement. ### Warmup Schedule | Week | Emails/Day | Focus | |------|-----------|-------| | 1 | 5-10 | Real conversations only — send to colleagues, get replies | | 2 | 20-30 | Small cold outreach batches — highly targeted, good lists | | 3 | 40-60 | Expand slightly — maintain >30% open rate | | 4 | 80-100 | Normal volume — watch bounce and spam complaint rates | | 5+ | Up to 200 | Full volume — monitor daily | **Warning signs that warmup is failing:** - Open rate drops below 20% - Bounce rate above 3% - Spam complaint rate above 0.1% - Emails landing in Gmail Promotions tab **Manual warmup vs tools:** Tools like Lemwarm, Warmup Inbox, or Mailreach automate warmup by sending emails to a network of inboxes that automatically open and engage. These help build reputation faster. They're worth it for new domains. --- ## List Quality Sending to bad email addresses destroys your sender reputation. Every hard bounce tells inbox providers your list is dirty. ### Before Sending 1. **Verify email addresses** — Use a verification tool (NeverBounce, ZeroBounce, Hunter's verify, etc.) before importing any list. Remove invalid, catch-all, and risky emails. 2. **Target bounce rate:** Keep it below 2%. Above 5% is dangerous territory. 3. **Remove catch-all domains carefully** — Catch-all domains accept any email regardless of whether the mailbox exists. Your emails won't hard-bounce, but they may go nowhere. 4. **Never buy lists** — Purchased lists are old, dirty, unverified, and frequently include spam traps (addresses placed by inbox providers to catch spammers). One spam trap hit can blacklist your domain. ### Ongoing Hygiene - Remove anyone who hasn't opened in 90 days from your sequence (move to a re-engagement campaign or suppress) - Remove unsubscribes immediately — required legally and good for reputation - Remove bounces from all future sends automatically --- ## Content That Hurts Deliverability Spam filters evaluate content alongside authentication and reputation. These patterns trigger filters: ### Spam Trigger Words to Avoid High-risk words and phrases (use sparingly or avoid): - "Free" (especially in subject lines) - "Guaranteed" / "100% guaranteed" - "No obligation" - "Act now" / "Limited time" - "Congratulations" - "You've been selected" - "Click here" - "Earn money" / "Make money" - "Risk-free" - "Special offer" - Excessive exclamation points!!! - ALL CAPS words These don't automatically spam-filter you, but they're additive — the more of them in a single email, the higher the spam score. ### Content Rules | Do | Don't | |----|-------| | Plain text or minimal HTML | Heavy HTML with complex tables, images | | One link max per email | 5+ links — looks like phishing or newsletter | | Personalized subject lines | Batch-blasted "LAST CHANCE" subject lines | | Unsubscribe link | No unsubscribe mechanism | | Consistent from name | Rotating from names | | Short emails | Wall-of-text emails | ### The HTML Question Plain text emails consistently get better deliverability than HTML emails for cold outreach. They look like real emails from real people — because they are. If you need to include your company logo and a fancy template: don't. Save that for newsletters to opted-in subscribers. Cold email = plain text, signed like a person. --- ## Sending Limits by Platform | Platform | Safe Daily Volume | Notes | |----------|------------------|-------| | Google Workspace (paid) | 500/day | Shared across all outgoing | | Google Workspace + Warmup | Up to 2000/day | After full warmup | | Microsoft 365 | 10,000/day | Generous, but still subject to reputation | | SendGrid | Depends on plan | IP reputation matters at scale | | Mailgun | Depends on plan | Good for transactional, OK for cold | | Lemlist / Instantly / Apollo | Platform-managed | Warmup built in, use their sending infrastructure | For cold outreach at scale (>500/day), dedicated sending platforms are better than Google/Microsoft direct — they're designed to manage reputation across many users. --- ## Checking Your Reputation If you suspect deliverability problems, check these: 1. **Mail-tester.com** — Authentication and content score (10/10 is perfect) 2. **MXToolbox Blacklist Check** — Check if your domain or IP is on any blacklists 3. **Google Postmaster Tools** — Shows your domain reputation with Gmail (spam rate, auth failures) 4. **Microsoft SNDS** — Similar to Google Postmaster for Outlook/Hotmail **If you're on a blacklist:** - Stop sending immediately from that domain - Identify the cause (bad list, spam complaints, warmup failure) - Follow the blacklist's delisting process (each has its own) - Consider using a new domain while the old one recovers --- ## Legal Requirements Cold email has legal requirements in most markets. Breaking them isn't just unethical — it's fined. | Regulation | Where | Key Requirements | |-----------|-------|-----------------| | CAN-SPAM | USA | Honest subject line, physical address, unsubscribe mechanism | | CASL | Canada | Requires express or implied consent — much stricter than CAN-SPAM | | GDPR | EU/EEA | Legitimate interest basis required; no soft opt-in | | PECR | UK | Similar to GDPR; ICO enforcement | **Minimum compliance for most cold email:** - Include your company name and physical address in every email - Provide a working unsubscribe link or reply-to-unsubscribe instruction - Honor unsubscribes within 10 business days (CAN-SPAM) or immediately (GDPR best practice) - Don't use misleading subject lines or from names **Disclaimer:** This is practical guidance, not legal advice. For EU/Canada outreach, consult a lawyer who specializes in email marketing law — GDPR and CASL are stricter than most people realize.