Email Deliverability for Cold Outreach: Why Your Emails Go to Spam (and How to Fix It)

The deliverability problem no one warns you about

You write a good email. You build a targeted list. You hit send. And nothing happens — not because your offer was wrong, but because your emails never arrived in the inbox. They went to spam, or worse, they were rejected at the server level before anyone ever saw them.

Deliverability is the unglamorous foundation of cold email. Without it, every other element of your outreach — copy, targeting, offer — is irrelevant. This guide covers the technical and operational setup required to land in the inbox reliably.

---

Why emails go to spam: the root causes

Email service providers (ESPs) and mailbox providers (Google Workspace, Microsoft Outlook, iCloud) use filtering algorithms to decide what reaches the inbox. The major signals:

1. Authentication failures Your email claims to come from your domain, but the receiving server can't verify it. This is the single most common cause of deliverability failures for new senders.

2. Sending from a cold domain A brand-new domain with no email history that suddenly sends 200 messages per day is a strong spam signal. Real businesses don't do that.

3. Engagement signals Low open rates, high delete-without-read rates, and spam complaints all lower your sender reputation score over time.

4. List quality Sending to invalid, outdated, or spam-trap email addresses drives up bounce rates. Google's 2024 bulk sender requirements set a spam complaint threshold of 0.1% — exceeding that triggers filtering. Bounce rates above 2% signal poor list quality.

5. Content and links Spam-flagged words, shortened URLs, and sending the same identical email to thousands of addresses trigger pattern-matching filters.

---

Step 1: Set up SPF, DKIM, and DMARC correctly

These three DNS records are the authentication foundation of email deliverability. Without all three, you will have deliverability problems at scale.

SPF (Sender Policy Framework) SPF specifies which mail servers are authorized to send email on behalf of your domain. It's a TXT record in your DNS. A basic SPF record for Google Workspace looks like:

v=spf1 include:_spf.google.com ~all

The ~all (softfail) is common but ~all is preferred over -all (hardfail) for outreach domains where you want bounce-back notifications to still reach you.

DKIM (DomainKeys Identified Mail) DKIM adds a cryptographic signature to your outgoing emails, proving the email hasn't been tampered with in transit. Your email sending service (Google Workspace, Instantly, Smartlead) generates the DKIM key pair; you add the public key as a DNS TXT record. This is a one-time setup in your DNS provider.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) DMARC tells receiving servers what to do when an email fails SPF or DKIM checks and where to send reports. A starting DMARC record:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com

Start with p=none (monitoring mode) to see reports without blocking any email. Once you've reviewed the reports and confirmed your legitimate senders are all authenticated, move to p=quarantine or p=reject for stronger protection.

Verification: Use MXToolbox (mxtoolbox.com) to verify all three records are correctly configured before you start sending.

---

Step 2: Domain warm-up

Never send cold outreach from a fresh domain immediately. Inbox providers track the sending history of every domain. A new domain that skips from zero to high volume looks like a spam operation.

The warm-up process: gradually increase sending volume over 4–8 weeks, starting with a small number of emails per day and increasing by roughly 20–30% per week. Crucially, the emails sent during warm-up should receive positive engagement — opens, replies, no spam complaints.

Warm-up tools:

• Instantly.ai ($37/month Hypergrowth plan): includes automated warm-up that sends emails between warm-up pool members (real Gmail/Outlook accounts) and auto-engages them positively
• Smartlead ($39/month Basic): similar warm-up network, strong deliverability monitoring dashboard
• Both tools integrate warm-up management directly with outreach campaign management

Warm-up schedule (approximate):

| Week | Max Emails/Day | |------|---------------| | 1–2 | 10–20 | | 3–4 | 30–50 | | 5–6 | 75–100 | | 7–8 | 150–200 |

After week 8, a healthy domain can typically sustain 200–500 cold emails per day without deliverability degradation, provided list quality and engagement signals remain healthy.

Infrastructure guidance: Use a separate subdomain or a separate domain entirely for cold outreach (e.g., hm-outreach.com vs. your main hmxzone.com). If the outreach domain gets reputation damage, it doesn't affect your main domain.

---

Step 3: Sending volume limits

Even warmed-up domains have effective sending limits. The commonly cited guidelines for sustained cold outreach without reputation damage:

• Per inbox: 50–100 cold emails per day maximum
• Per domain: 200–500 per day if spread across multiple inboxes on the domain
• Rotate across multiple warmed-up email accounts ("inbox rotation") to scale volume while keeping per-inbox counts safe

Instantly and Smartlead both support inbox rotation natively — you add multiple email accounts and the tools distribute sends across them automatically.

---

Step 4: List hygiene

Email verification before sending is non-negotiable. Sending to invalid addresses bounces, and a bounce rate above 2% triggers deliverability filters.

Verification tools:

• ZeroBounce: $16 for 2,000 credits; categorizes as valid, invalid, catch-all, disposable, abuse
• Hunter.io (email finder + verifier): $49/month Starter for 500 searches
• NeverBounce: $0.008 per email for pay-as-you-go verification

Verify lists before importing into your sending tool. Aim for no more than 15–20% catch-all addresses in your list. Remove all "invalid" and "disposable" results.

Ongoing hygiene:

• Remove hard bounces immediately after any campaign
• Remove anyone who marks your email as spam
• Suppress unsubscribes from all future campaigns (legally required under CAN-SPAM and GDPR)
• Re-verify lists older than 3–6 months before reuse

---

Step 5: Spam content signals

Technical setup is not enough if your email content triggers filters.

Practices to avoid:

• Image-heavy emails with minimal text (common spam pattern)
• More than one link in a cold email
• URL shorteners (bit.ly, etc.) — use full domain URLs
• Excessive bold, caps, or exclamation points
• Spam-trigger words: "free," "guaranteed," "limited time," "act now," "winner"

What helps:

• Plain-text or near-plain-text format — no HTML templates for cold outreach
• Personalization tokens that are actually different per email
• Varied send times (not all at exactly the same time)
• A clear, easy unsubscribe method in every email (legally required)

---

Testing and monitoring

Before launch:

• Mail-Tester (mail-tester.com): free tool that sends your email to a test address and gives a deliverability score. Aim for 9/10 or higher.
• GlockApps ($9/month Basic): seeds your email to real inbox accounts across Gmail, Outlook, Yahoo, etc. and tells you exactly which are delivering to inbox, promotions, or spam.

Ongoing monitoring:

• Watch your daily spam complaint rate in Instantly/Smartlead dashboards — stay below 0.1%
• Watch bounce rate — stay below 2%
• Monitor open rates by inbox provider — if Outlook opens drop suddenly, you may have reputation issues specifically with Microsoft's filters
• Set up Google Postmaster Tools (free) for your domain — shows your domain reputation score and spam rate as seen by Gmail

---

Sources

• Google Bulk Sender Guidelines (2024) — spam complaint threshold of 0.1%, bounce rate guidance
• Instantly.ai and Smartlead published pricing pages (2025)
• ZeroBounce pricing page (zerobounce.net)
• MXToolbox documentation for SPF/DKIM/DMARC verification
• GlockApps pricing and documentation (glockapps.com)
• RFC 7208 (SPF), RFC 6376 (DKIM), RFC 7489 (DMARC) — technical standards

Let's talk