Your cold emails are probably going to spam. Not because your copy is bad, not because your list is wrong, but because your sending infrastructure is broken in ways you cannot see from inside your outbox.
In 2026, inbox providers have gotten dramatically more sophisticated. Gmail processes behavioral signals across billions of senders. Microsoft's SmartScreen analyzes engagement patterns at a network level. The old playbook of "buy a domain, point some DNS records, start blasting" stopped working two years ago.
Here is what actually matters for cold email deliverability today, explained without jargon.
Every cold email you send gets checked against three authentication protocols before the recipient ever sees it. Missing even one is enough to tank your inbox placement.
SPF tells inbox providers which servers are allowed to send email on behalf of your domain. It is a DNS TXT record that lists authorized sending sources.
Without SPF, any server on the internet could send email claiming to be from your domain. Inbox providers treat unauthenticated senders the same way they treat phishing attempts: straight to spam.
What to do: Add a TXT record to your DNS that includes every service you send email through. If you use OnyxSend, your SPF record should include our mail servers. Keep your SPF record under 10 DNS lookups, because exceeding that limit causes a hard fail.
DKIM adds a cryptographic signature to every email you send. The receiving server checks this signature against a public key published in your DNS. If the signature matches, the email is verified as genuinely from your domain and unaltered in transit.
Think of it as a wax seal on a letter. It proves the message came from you and was not tampered with along the way.
What to do: Generate a DKIM key pair, publish the public key as a DNS TXT record, and configure your sending service to sign outgoing emails with the private key. Most modern sending platforms handle this automatically.
DMARC ties SPF and DKIM together and tells inbox providers what to do when authentication fails. It also sends you reports about who is sending email on behalf of your domain.
A DMARC record has three policy levels: - p=none: Monitor only. You get reports but failed emails still deliver. - p=quarantine: Failed emails go to spam. - p=reject: Failed emails are blocked entirely.
What to do: Start with p=none to collect data. After 2-4 weeks, once you have confirmed that all legitimate email passes authentication, move to p=quarantine. For cold outreach domains, p=none is usually sufficient because you want deliverability data before enforcing strict policies.
This is the single most common deliverability error in B2B outreach, and it is also the most damaging.
Your primary company domain (the one on your website, your support emails, your transactional messages) has a reputation score that affects everything you send. When you run cold outreach from that domain and inevitably get some spam complaints, bounces, and low engagement signals, those negative signals drag down the reputation of every email you send. Including the ones to your existing customers.
The fix is simple: Set up 2-4 dedicated sending domains that are clearly associated with your brand but separate from your primary domain. For example, if your company is Acme Corp at acme.com, your outreach domains might be getacme.com, tryacme.com, or acme.io.
Each domain gets its own reputation. If one domain takes a deliverability hit, your others stay clean. Your primary domain is never at risk.
At OnyxSend, we help clients set up and manage multiple sending domains from day one. Domain rotation happens automatically, and our deliverability monitoring flags issues before they become permanent.
A brand-new domain has no reputation. Inbox providers treat it the same way they treat a stranger walking into a private club: with suspicion. You need to build trust gradually.
Domain warmup is the process of slowly increasing sending volume over 4-6 weeks while generating positive engagement signals (opens, replies, clicks) that establish your domain as a legitimate sender.
The warmup protocol:
1. Week 1: Send 10-15 emails per day to engaged contacts (people who will open and reply). These can be internal team members, personal contacts, or a warm list.
2. Week 2: Increase to 20-30 per day. Start mixing in some cold contacts, but keep the ratio at 70% warm / 30% cold.
3. Week 3: Increase to 40-60 per day. Shift to 50% warm / 50% cold. Monitor bounce rates closely.
4. Week 4-6: Ramp to your target volume (typically 50-100 per day per domain). By now, your domain should have enough positive signals to maintain good inbox placement.
Critical rule: Never spike volume. A domain sending 10 emails on Monday and 200 on Tuesday will get flagged immediately. Increase by no more than 15-20% per day.
Even after warmup, how you send matters as much as what you send.
Spread sends across business hours. Do not batch 100 emails at 9:00 AM. Stagger them between 8 AM and 4 PM in the recipient's timezone with randomized intervals. Real humans do not send 100 emails in a 5-minute burst.
Respect per-domain limits. Most deliverability experts recommend staying under 50-75 emails per domain per day for cold outreach. If you need higher volume, add more domains rather than pushing a single domain past safe limits.
Pause on weekends unless your ICP is known to check email on Saturday. Weekend sends to business addresses tend to sit unread, which drags down your open rate and signals low relevance to inbox providers.
Deliverability is not a set-it-and-forget-it system. It requires ongoing monitoring.
Bounce rate: Keep it under 2%. Anything above 3% should trigger an immediate list audit. Hard bounces (invalid addresses) damage your sender reputation faster than almost anything else.
Spam complaint rate: Google recommends staying under 0.1%. Even a small number of complaints can cascade into deliverability problems because inbox providers extrapolate complaint rates across your entire sending volume.
Open rate: While not a perfect metric (privacy features can inflate or deflate it), a sustained open rate below 15% on cold outreach suggests your emails are not reaching the inbox.
Domain health scores: Google Postmaster Tools and Microsoft SNDS provide domain-level reputation data. Check these weekly.
OnyxSend monitors all of these metrics per domain in real time. When a domain approaches dangerous thresholds, we automatically reduce volume or pause sending before permanent damage occurs.
Cold email deliverability in 2026 is an engineering problem, not a copywriting problem. The teams that treat it as critical infrastructure (authentication, domain architecture, warmup, monitoring) consistently outperform those that focus only on subject lines and email copy.
Get the infrastructure right first. Then your great copy actually has a chance to reach the inbox and do its job.
---
Want to see how OnyxSend handles deliverability end-to-end? Request access or check our pricing to get started.