← All posts
· 7 min read

The Complete Guide to Cold Email Deliverability: Mailbox Placement in 2025

deliverabilitytechnicalDNSspam

Deliverability is the most under-discussed part of cold email. Most people obsess over copy and ignore the fact that their emails are landing in spam before anyone even reads the subject line.

This guide covers everything — DNS setup, warmup, sending behavior, and the red flags that get you flagged.

Why mailbox placement matters more than open rates

Open rate is a downstream metric. If your emails land in spam, your open rate is close to zero and you’ll never know why. Deliverability is the foundation everything else sits on.

The goal isn’t just “not spam.” It’s primary inbox placement — the tab Gmail, Outlook, and Apple Mail show first by default.

1. DNS: The non-negotiable foundation

Before you send a single email, your domain needs three DNS records configured correctly. Skip any of these and you’ll hit spam filters immediately.

SPF (Sender Policy Framework)

SPF tells receiving mail servers which IP addresses are authorized to send email on behalf of your domain.

v=spf1 include:_spf.google.com ~all

The ~all (soft fail) is industry standard. Don’t use -all (hard fail) for cold email — it’s too aggressive and can cause legitimate bounces.

Check it: Use MXToolbox’s SPF checker. Look for “SPF Record Found” with no syntax errors.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to every email you send. The receiving server verifies the signature against a public key in your DNS. It proves the email wasn’t tampered with in transit.

Your email provider (Google Workspace, Microsoft 365, etc.) generates the DKIM keys. You add the public key to your DNS as a TXT record. The process is provider-specific but takes under 10 minutes.

Check it: Send a test email to mail-tester.com and verify DKIM passes.

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do when SPF or DKIM fails — and importantly, it sends you reports so you can monitor authentication failures.

Start with a permissive policy while you get set up:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Once you’ve confirmed everything is working cleanly for 30+ days, graduate to p=quarantine, then eventually p=reject.

Important: DMARC also prevents domain spoofing — someone else sending email that appears to come from your domain. Even if you don’t care about cold email, set up DMARC.

2. Domain strategy: Never send from your main domain

This is the most important structural decision you’ll make.

Your main domain (yourcompany.com) has years of reputation built up. One bad cold email campaign can permanently damage it. Use secondary sending domains instead.

How to set up secondary domains

Buy domains that are close variations of your primary:

  • getbuyerbrains.com
  • trybuyerbrains.com
  • buyerbrainsagency.com

Set up full DNS (SPF, DKIM, DMARC) on each. Add a basic redirect from the secondary domains back to your main site — this builds light domain reputation before you send.

Budget: Secondary domains cost $10–15/year each. Buy 2–4 and rotate across them.

One mailbox per domain rule

Don’t stack multiple mailboxes on a single domain if you’re sending at volume. If one mailbox gets flagged, it can drag the whole domain’s reputation down.

3. Email warmup: The step most people skip

A brand new mailbox has no sending history. ISPs don’t trust it. If you start blasting 200 emails/day on day one, you’ll get flagged immediately.

Warmup is the process of gradually building sending volume while maintaining high engagement rates. The goal is to teach spam filters that your mailbox sends mail that people want.

Manual warmup vs. warmup tools

Manual warmup means emailing real people in your network and having them reply. It’s the highest-quality warmup signal — real replies, real engagement. Do this for the first 2 weeks.

Warmup tools (Instantly, Lemwarm, Mailreach) automate the process by sending your mailbox into a pool of other warmed-up mailboxes that auto-open and auto-reply to each other. This is fine as a supplement but doesn’t replace real engagement signals.

Warmup schedule

WeekEmails/dayFocus
1–25–10Manual only — real contacts, real replies
3–420–30Mix of manual + warmup tool
5–640–60Warmup tool + start testing cold sends
7+80–100Full cold outreach

Never jump more than 20–30 emails/day between weeks. Sudden volume spikes are a major spam signal.

4. Sending behavior: How you send matters as much as what you send

Sending windows

Send during business hours in the recipient’s timezone. Tuesday–Thursday, 8am–11am local time gets the best engagement. Avoid Mondays (inbox chaos) and Fridays (mentally checked out).

Tools like Instantly and Smartlead handle timezone-based sending automatically.

Sending limits

Even on a warmed mailbox, cap your daily sends:

  • Per mailbox: 50–80 emails/day maximum
  • Per domain: 100–150 emails/day across all mailboxes

Going over these limits is the single most common cause of deliverability collapse.

Delays between sends

Don’t send emails seconds apart. A human doesn’t do that. Most tools have a “random delay” setting — use 3–7 minutes between sends.

Reply handling

Replies are the strongest positive signal you can send to spam filters. When someone replies — even to say they’re not interested — that’s gold for your domain reputation. Set up your campaigns so replies land in a monitored inbox and respond to every single one.

5. Content signals: What triggers spam filters

Beyond infrastructure, the content of your emails matters. Spam filters score every email before delivery.

Every link is a risk. Spam filters check the domain reputation of every URL in your email. If you link to a domain that’s been flagged (or even just new), your email score drops.

Rules:

  • No more than 1–2 links per email
  • Never use link shorteners (bit.ly, tinyurl) — they’re heavily flagged
  • Use your main domain for links, not your sending domain
  • Don’t link to calendars directly in the first email — save that for follow-ups

Images

Images are a spam signal, especially in cold email. Avoid them entirely in initial outreach. Plain text outperforms HTML-rich emails for deliverability and response rates.

Spam trigger words

Certain phrases reliably trigger spam filters:

High risk: “guaranteed,” “risk-free,” “limited time offer,” “act now,” “click here,” “unsubscribe,” “you’ve been selected”

Moderate risk: “free,” “discount,” “save,” “earn,” “revenue,” “ROI,” “results”

Write like a human writing to a specific person. If it reads like a marketing email, spam filters treat it like one.

For cold email, including an unsubscribe link is legally required in some jurisdictions (CAN-SPAM, GDPR) but is also a spam signal if it’s a tracked link. Use a simple “reply with ‘remove’ to opt out” instead — it’s cleaner and less flagged.

6. Monitoring: Know before your deliverability dies

Don’t wait until your open rates tank. Monitor proactively.

Tools to use

Google Postmaster Tools — Free. Shows your domain reputation and spam rate as Google sees it. If your domain reputation drops below “High,” you have a problem. Set this up on day one.

MXToolbox — Check your DNS records and blacklist status. Run a full check on all your sending domains monthly.

Mail-tester.com — Send a test email and get a spam score with specific flags. Use this before every new campaign.

GlockApps — More comprehensive inbox placement testing across Gmail, Outlook, Yahoo. Worth running quarterly or before big campaigns.

Blacklist monitoring

If your domain or sending IP ends up on a blacklist (Spamhaus, Barracuda, SURBL), your emails stop reaching inboxes almost entirely. Check MXToolbox’s blacklist check weekly.

Getting removed from blacklists requires submitting a removal request — most have a self-service form. The process takes 24–72 hours.

7. The infrastructure setup we use at BuyerBrains

After running hundreds of cold email campaigns, here’s the exact setup we recommend for clients:

  • 2–3 secondary domains per client, rotating sends across them
  • Google Workspace mailboxes (better reputation than Microsoft 365 for cold email in most niches)
  • 2 mailboxes per domain, max 50 sends/day per mailbox
  • 4-week warmup before any cold sending begins
  • Instantly or Smartlead for sequencing and per-timezone sending
  • Google Postmaster Tools monitored weekly
  • Plain text emails only — no images, no tracking pixels in initial emails

This gives you ~200–300 clean sends per day across the infrastructure, which is more than enough for most B2B campaigns.

The bottom line

Deliverability isn’t glamorous, but it’s the difference between a campaign that books meetings and one that doesn’t exist. Get the infrastructure right before you touch copy or targeting.

Most companies skip this step, then wonder why cold email “doesn’t work.” It works — for the people who set it up correctly.

If you’d rather not manage all of this yourself, that’s exactly what we do at BuyerBrains.