Homechevron_rightResourceschevron_rightBlogchevron_rightThe deliverability playbook: SPF, DKIM, DMARC, and warming
Playbook

The deliverability playbook: SPF, DKIM, DMARC, and warming

If your emails go to spam, no message will save you. Here is the deliverability stack that lands B2B cold email in the inbox in 2026: secondary domains, authentication, warmup, monitoring, and recovery.

By reachiq · May 24, 2026 · schedule 8 min read

Deliverability is the floor under cold email. Every other lever (subject line, personalization, sequence length) only works if the message actually lands in the inbox. This playbook covers the seven layers of a working deliverability stack in 2026: secondary domains, authentication, warming, sending limits, content hygiene, monitoring, and recovery.

Why deliverability changed in 2024

In February 2024, Gmail and Yahoo tightened sender requirements for any domain sending more than 5,000 messages per day to their networks. The new requirements: SPF, DKIM, DMARC, and a one-click unsubscribe header. Cold email programs that ignored these saw deliverability collapse within weeks.

Outlook followed in late 2024 with similar requirements. Smaller providers (Yahoo Business, Apple iCloud, regional providers) tightened in 2025. The net effect: the bar for landing in the B2B inbox is meaningfully higher than it was three years ago.

The good news: the requirements are well-defined and the engineering work is bounded. A team that does the setup correctly once can run for years without revisiting it.

Layer 1: Secondary sending domains

Never send cold email from your primary domain. The two-domain rule:

  • Primary domain (yourco.com): All internal email, all customer-facing email, all critical operational mail. Never used for cold outreach.
  • Secondary domains (yourco-outreach.io, get-yourco.com, hello-yourco.com): All cold email. Multiple secondary domains let you split volume.

For a typical B2B outbound program:

  • 1 to 3 secondary domains.
  • 2 to 5 inboxes per domain.
  • 30 to 50 emails per inbox per day.

This gives you a per-program capacity of roughly 60 to 750 emails per day. To scale beyond that, add more domains.

Domain naming patterns that work: yourco-outreach.io, get-yourco.com, hello-yourco.com, yourco-team.com, talk-to-yourco.com. Avoid patterns that look spammy: deals-yourco.com, free-yourco.com, special-yourco.com.

Layer 2: SPF, DKIM, DMARC

The three authentication records that inbox providers require. All three. Skipping any one degrades deliverability.

SPF (Sender Policy Framework). A DNS TXT record that lists the IP addresses or hostnames allowed to send email from your domain. Format:

v=spf1 include:_spf.google.com include:sendgrid.net -all

The "-all" at the end is important. It tells receivers to reject mail from servers not listed. The softer "~all" (softfail) is acceptable but weaker.

DKIM (DomainKeys Identified Mail). A cryptographic signature added to every outgoing message. Your sending provider gives you the public key; you publish it as a DNS TXT record. The receiving server verifies the signature against the public key.

You will have multiple DKIM selectors if you send through multiple providers (Google Workspace + a cold email tool, for example). Set each one up independently.

DMARC (Domain-based Message Authentication, Reporting, and Conformance). A DNS TXT record that tells receivers what to do if SPF or DKIM fails. Format for cold email programs:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourco-outreach.io; pct=100

Use p=quarantine for cold email domains. p=reject is too aggressive (legitimate forwarded mail can fail). p=none is too permissive.

Layer 3: Warmup

A new domain sending 100 messages on day one gets flagged as spam. Domains need to build sender reputation before sending at volume. The warmup schedule:

Day rangeEmails per inbox per day
Days 1 to 35 to 10
Days 4 to 710 to 15
Days 8 to 1415 to 25
Days 15 to 2125 to 40
Day 22+40 to 50 (sustainable rate)

During warmup, the messages should look like normal business email: replies, threaded conversations, varied subject lines. Most modern cold email platforms include an automated warmup network that exchanges warming messages with other domains in the network. Use it.

Do not skip warmup. A domain that sends 50 emails on day one has a 30 to 60 percent chance of being flagged within a week. Recovering from a flagged domain takes 4 to 8 weeks and sometimes never fully recovers.

Layer 4: Sending limits

Even after warmup, there are hard limits that protect deliverability.

  • Per inbox per day: 40 to 50 emails maximum. Above this, you trigger volumetric spam filters.
  • Per domain per day: Roughly 150 to 250 emails (3 to 5 inboxes per domain). To go higher, add more domains.
  • Per send time: Spread sends across the working day. Bursts of 50 emails in 5 minutes look like spam. Spread the same 50 across 6 hours.
  • Per recipient per week: One message per recipient per week is the working ceiling. More frequent contact triggers spam complaints.

These limits feel low. They are. The math works because you scale horizontally (more domains, more inboxes) rather than vertically (more sends per inbox).

Layer 5: Content hygiene

The content of your messages affects deliverability too. The rules:

  • No tracking pixels in the first email. Tracking pixels are an open-rate-measurement convenience that reduce inbox placement by 5 to 15 percent. Turn them off for first sends. Enable from email 2 if you must.
  • No link shorteners. bit.ly, t.co, and other shorteners are heavily associated with spam. Use full URLs or your own short-link domain.
  • Plain text or simple HTML only. Logos, banners, image-heavy templates increase spam scores. Use plain text or one-image-maximum HTML.
  • One link per email maximum. Multiple links trigger spam filters. The first email should usually have zero links: a single ask, no clickable text.
  • No spam-trigger words. Common offenders: "free," "guarantee," "click here," "act now," "limited time," "no cost." Most modern filters use ML rather than keyword matching, but these words still raise the score.
  • No attachments. Cold email with attachments goes straight to spam. Send the doc on reply if asked.

Layer 6: Monitoring

Without monitoring, you find out about deliverability problems weeks after they start, when reply rates collapse. The monitoring stack:

  • Google Postmaster Tools. For Gmail deliverability. Shows your domain reputation, spam rate, and authentication status. Check weekly.
  • Microsoft SNDS. For Outlook deliverability. Less detailed than Postmaster Tools but tracks Outlook-specific signals.
  • Bounce monitoring. Track bounce rate per domain. Above 2 percent: investigate. Above 5 percent: pause sending.
  • Spam complaint monitoring. Most sending tools surface this. Above 0.1 percent: investigate. Above 0.3 percent: stop and fix.
  • Blocklist checking. Use MXToolbox or a similar tool weekly to check whether your sending IPs landed on any major blocklist (Spamhaus, Barracuda, SORBS).
  • Inbox placement testing. Send a test campaign to a panel of seed inboxes (Gmail, Outlook, Yahoo, etc.) and see how many land in inbox vs spam. Vendors like GlockApps and MailGenius automate this.

Layer 7: Recovery when things go wrong

Domains do get flagged sometimes, even with everything set up correctly. The recovery process:

Step 1: Stop sending immediately. Continued sending after a flag deepens the damage.

Step 2: Diagnose the cause.

  • Spike in bounces? List quality problem.
  • Spike in spam complaints? Message problem (too pushy, too off-target, or sent to a list segment that does not match).
  • Drop in reputation score without other symptoms? Probably a Gmail or Outlook algorithm change. Wait it out.

Step 3: Cool the domain. Reduce sending volume to warmup levels (5 to 15 emails per day) for 14 to 21 days. The domain rebuilds reputation slowly.

Step 4: Investigate the underlying cause. Fix the list quality, fix the message, or re-segment the audience.

Step 5: Ramp back up. Once the domain has held at low volume for 2 to 3 weeks without further issues, ramp by 50 percent per week until you reach the previous sending rate.

If the domain does not recover after 4 to 6 weeks of cooling, retire it and warm a new one. Sometimes a domain's reputation never fully rebuilds and starting fresh is faster than continuing to fight.

The week-1 deliverability setup checklist

To deploy a working deliverability stack from scratch:

  1. Buy 2 secondary domains. Same registrar as your primary for convenience.
  2. Set up Google Workspace or Microsoft 365 on each domain. 2 to 3 inboxes per domain.
  3. Configure SPF, DKIM, DMARC on each domain. Verify with MXToolbox.
  4. Add the unsubscribe header (List-Unsubscribe and List-Unsubscribe-Post). Required by Gmail and Yahoo for high-volume senders.
  5. Connect each inbox to your cold email tool.
  6. Enable the platform's warmup network on every inbox.
  7. Start warmup. Do not send live messages for at least 14 days.
  8. Register the primary domain with Google Postmaster Tools and Microsoft SNDS.
  9. Set up a weekly monitoring rhythm.

End-to-end, this is 4 to 6 hours of setup work and 14 days of warming. After that, you can send.

Common deliverability mistakes

Mistake 1: Using the primary domain. One bad day and your CEO's email is in spam too. Always use a secondary.

Mistake 2: Skipping warmup. A new domain at 50 sends per day on day one gets flagged within a week. Warm for 14 to 21 days, always.

Mistake 3: Ignoring DMARC. SPF and DKIM without DMARC leaves deliverability on the table. All three are required for high-volume B2B in 2026.

Mistake 4: Sending bursts. 50 emails in 5 minutes looks like spam. Spread sends across the working day.

Mistake 5: Not monitoring. A reputation drop that goes unnoticed for 4 weeks becomes a domain death sentence. Check Postmaster Tools weekly.

Do I need a separate domain for cold email?+
Yes. Sending cold email from your primary domain risks the email reputation of your entire company. Set up 1 to 3 secondary domains (yourco-outreach.io, get-yourco.com) and route all cold sending through them. The primary domain stays clean for customer-facing email.
What is SPF, DKIM, and DMARC?+
Three authentication standards. SPF lists which servers can send from your domain. DKIM cryptographically signs each message. DMARC tells receivers what to do if SPF or DKIM fails. All three are DNS TXT records, and inbox providers require all three for high-volume B2B sending in 2026.
How long does it take to warm a new sending domain?+
14 to 21 days. Start at 5 to 10 emails per day, increase by 50 percent every 2 to 3 days. Skipping warmup is the most common cause of new-domain spam flags. Modern cold email platforms include automated warmup networks that exchange warming messages with other domains.
What is a good sending volume per inbox?+
40 to 50 emails per inbox per day, after warmup. Above this, you trigger volumetric spam filters. To send higher volumes, add more inboxes (3 to 5 per domain) and more domains. Scale horizontally, not vertically.
My domain landed in spam. How do I fix it?+
Stop sending. Diagnose the cause (bounce spike, complaint spike, or reputation drop). Cool the domain at warmup-level volume (5 to 15 emails per day) for 14 to 21 days. Fix the underlying issue (list quality, message, segmentation). Ramp back up at 50 percent per week. If the domain does not recover after 4 to 6 weeks, retire it and warm a new one.

More in Playbooks

Playbook

Building a multi-channel outbound sequence

schedule8 min read
 Playbook

How to score B2B leads (ICP, BANT, fit, and intent)

schedule7 min read
 Playbook

A 14-day plan to launch your first outbound program

schedule7 min read

Ready to put this into practice?

Book 30 minutes with our team. See how ReachIQ runs outbound for B2B founders, end to end.

Book a Demo Talk to Sales