A cold email that lands in spam doesn't exist. The prospect never sees it, never opens it, and never replies. The sender assumes low interest. The real problem is often that the email never had a chance to generate interest at all.
Deliverability is the set of factors that determine whether an email reaches the inbox or the spam folder. It combines technical configuration, domain reputation, and behavioral signals. Fixing deliverability requires understanding which layer is broken, because the symptoms look identical — emails not generating replies — regardless of the cause.
Authentication: SPF, DKIM, and DMARC
Authentication records tell receiving mail servers that the email actually came from who it claims to be from. Missing or misconfigured records are the most common reason cold emails land in spam, and they're also the easiest to fix.
SPF (Sender Policy Framework) is a DNS record that lists which mail servers are authorized to send email on behalf of your domain. When a receiving server gets an email claiming to be from yourcompany.com, it checks your SPF record to confirm the sending server is on the approved list. An email failing SPF is treated as potentially spoofed and routed to spam or rejected entirely.
DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to every outgoing email. The receiving server checks this signature against a public key in your DNS records to confirm the email wasn't altered in transit. DKIM passing is a strong positive signal that tells inbox providers the email is legitimate.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a policy record that tells receiving servers what to do with emails that fail SPF or DKIM — reject them, quarantine them to spam, or deliver them anyway. DMARC also provides reporting so you can see which servers are sending email using your domain, which helps catch spoofing. A DMARC policy of at minimum "p=none" with reporting enabled is the starting baseline. Moving to "p=quarantine" or "p=reject" provides stronger protection once you've confirmed all legitimate email passes authentication.
All three records live in your domain's DNS settings. Most email sending platforms provide exact records to add when you connect a domain. Tools like MXToolbox let you verify that SPF, DKIM, and DMARC are correctly configured after setup.
Domain reputation and why you need secondary sending domains
Every domain that sends email accumulates a reputation with inbox providers like Google, Microsoft, and Yahoo. That reputation is based on engagement signals: open rates, reply rates, spam complaint rates, and bounce rates. A domain that sends to bad addresses, generates spam complaints, or has very low engagement gets flagged as a low-quality sender and its emails get routed to spam more frequently.
The practical implication for cold email is significant. Cold outreach to strangers will always generate lower engagement rates than email to opted-in subscribers or colleagues. Sending cold email from your primary business domain puts your company's core email reputation at risk. If deliverability is damaged, it affects not just outreach campaigns but internal communications, customer support email, and transactional messages like invoices and receipts.
The standard solution is to register secondary sending domains specifically for cold outreach. These are variations of your main domain — trycompanyname.com, getcompanyname.com, companynamehq.com — that look professional and trustworthy to recipients but keep cold outreach risk isolated from your main domain. If a sending domain's reputation deteriorates, it can be retired and replaced without touching the primary domain.
Running multiple sending domains also helps with volume. Each domain and inbox should send no more than 50 to 100 cold emails per day without risking reputation damage. A team running 500 cold emails per day needs roughly 5 to 10 warmed sending domains.
Domain warming
A new domain with no sending history is treated with suspicion by inbox providers. There's no track record to evaluate, so the default assumption is that new domains used for email are high risk. Warming builds the sending history that inbox providers need to trust the domain.
The warming process starts very low. Days 1 through 5: send 10 to 15 emails per day. Days 6 through 10: increase to 20 to 30. Continue increasing gradually over 4 to 6 weeks until you reach your target daily volume. The emails sent during warmup should generate high engagement — opens, replies, and removal from spam folder — because those signals are what build the positive reputation score.
Automated warming tools handle this by sending emails between accounts in a large network and automatically engaging with them. Accounts in the warmup network open the emails, reply, and rescue messages from the spam folder. This simulates the high-engagement patterns that tell inbox providers the domain is a legitimate sender. Most sending platforms offer warmup tools or integrate with dedicated warming services.
List quality and bounce rate
List quality is the single most controllable factor in deliverability after authentication setup. Sending to email addresses that don't exist generates hard bounces. A hard bounce rate above 2 percent is a strong negative signal to inbox providers. Above 5 percent, deliverability damage becomes significant and recovery is slow.
Email verification removes invalid addresses before they generate bounces. Verification tools check whether an address has a valid format, whether the domain exists and accepts email, and whether the specific mailbox is active. A verification pass before any campaign typically removes 5 to 20 percent of addresses from purchased or scraped lists, depending on list source and age.
Spam complaint rate is a parallel concern. Gmail's Postmaster Tools dashboard shows your domain's spam rate as measured by Gmail users clicking the spam button on your emails. A spam rate above 0.1 percent is a warning threshold. Above 0.3 percent, Google actively deprioritizes the domain in inbox delivery. Keeping messages relevant, personalizing for the recipient, and making it easy to unsubscribe all reduce complaint rates.
Content signals that affect deliverability
Spam filters evaluate message content alongside sender reputation. Certain patterns trigger filters regardless of how clean the domain reputation is.
Large image-to-text ratios are a filter trigger. Emails that are mostly images with minimal text look like spam because early spam used images to hide text that keyword filters would catch. Cold emails built heavily around images see worse deliverability than those that are primarily plain text.
Tracking links redirect through a third-party domain before landing on the destination. This breaks deliverability in two ways: the link domain may itself be on blocklists, and the redirect pattern is a known spam tactic. Disabling open and click tracking in cold outreach campaigns improves deliverability, even though it means losing engagement data.
Plain text emails consistently outperform HTML-formatted emails for cold outreach on deliverability. A plain text email with a personalized first line, a clear value proposition, and a single call to action looks like a genuine human message rather than a mass marketing campaign. That distinction matters both to spam filters and to recipients.
Monitoring deliverability
Deliverability problems are often invisible until they're severe. A domain that's been quietly accumulating spam complaints may see no change in outward metrics until it tips into a blocklist, at which point delivery rates drop sharply.
Google Postmaster Tools is free and provides direct insight into how Gmail — which handles roughly 40 percent of business email — views your domain. It shows spam rate, domain reputation score, and IP reputation. Setting it up takes about 15 minutes and provides the earliest warning of reputation problems.
MXToolbox's blacklist check scans your domain and sending IP against major public blocklists. A listing on a major blocklist like Spamhaus drops deliverability substantially for all recipients using that blocklist for filtering. Checking monthly catches listings before they compound.
Frequently Asked Questions
Why do cold emails go to spam?
Cold emails land in spam for three main reasons: missing or misconfigured authentication records (SPF, DKIM, DMARC), a domain or IP with damaged reputation from prior high-volume or high-complaint sending, and content patterns that spam filters flag. A new domain with no sending history is also high risk because it lacks the reputation signals inbox providers use to evaluate legitimate senders. Sending cold email from your primary business domain compounds the risk because a reputation hit affects all company email.
How long does it take to warm up a cold email domain?
A proper domain warmup takes 4 to 6 weeks. The process starts with very low sending volume, typically 10 to 20 emails per day, and increases gradually while maintaining high engagement rates. Warming tools automate this by sending emails between accounts in a network and having them automatically open, reply, and move messages out of spam. A fully warmed domain can typically handle 50 to 100 cold emails per day per inbox before reputation risk becomes significant.
What is a safe bounce rate for cold email?
The acceptable bounce rate for cold email is below 2 percent. A bounce rate above 5 percent signals poor list quality to receiving mail servers and raises your spam score. Hard bounces, where the email address doesn't exist, are the most damaging. Verifying email addresses before sending using a tool like NeverBounce or ZeroBounce removes invalid addresses before they generate bounces and keeps your sender score healthy.
Should you send cold email from your main domain?
No. Using your primary domain for cold outreach puts your transactional and internal email at risk if deliverability is damaged. The standard practice is to register one or more secondary sending domains that are variations of your main domain, warm them separately, and use them for outbound campaigns. If a sending domain's reputation is damaged, it can be replaced without affecting the primary domain.