You can write the best cold email on earth, and it does not matter if nobody sees it. That is the brutal truth of cold email deliverability: the inbox is a bouncer, and most founders never get past the rope. Roughly one in six emails never reaches the inbox, which drags the global inbox placement average down to around 84%. For cold senders with no reputation, it is usually a lot worse than that.
We are Sameer and Ankit. We ran outbound for agency clients for years, then for ourselves, and we have burned our share of domains learning this the hard way. Here is the part nobody selling you a tool will admit: deliverability is mostly free. It is DNS records, patience, and a clean list.
The expensive "deliverability stack" people push at you is largely stuff you bolt on later, or never. Nobody pays us to recommend anything here. This is the boring infrastructure that actually works, and the bloat we tell every founder to cut.
◢What is cold email deliverability?
Cold email deliverability is the percentage of your emails that reach the actual inbox, not spam, not a "promotions" tab, not a silent void. It is the gap between "sent" and "seen." A 98% send rate means almost nothing if half of those emails land in spam.
Think of it as your reputation score with mailbox providers like Gmail and Outlook. They decide, message by message, whether you look like a real person or a spammer. That decision rests on three things: your authentication, your sending behavior, and how recipients react.
Get all three right and you land. Get sloppy on one and you sink.
The numbers vary by provider. Gmail places around 87% of legitimate mail in the inbox, Yahoo around 86%, and Microsoft Outlook trails badly at roughly 76%. So the same campaign can crush it on Gmail and faceplant on Outlook.
That is why deliverability is a system, not a setting. If you are wiring outbound from scratch, our go-to-market playbooks show the full four-tool stack this fits into.
◢Why do cold emails land in spam?
Cold emails land in spam for three reasons: weak authentication, bad sending behavior, and dirty lists. Filters score every message, and any one of those three can tank you. Most founders fail on more than one at once.
Authentication is the first gate. If your domain has no SPF, DKIM, or DMARC, you look like a forger, and you get filtered before anyone reads a word. Sending behavior is the second: blast 200 emails on a brand-new inbox and you scream "spambot."
The third is your list. Email a pile of dead addresses and your bounce rate spikes, which signals you bought a list and never cleaned it.
Then there are the self-inflicted wounds. Spammy subject lines, a wall of links, big images, and "free" energy all trip filters. So does hitting a spam trap, which is a dead address that providers watch to catch lazy senders. One trap hit can torch your reputation.
The fix is not a magic tool. It is doing the unglamorous parts in the right order, which is exactly what the rest of this guide covers.
◢The 2024 rules that changed everything
In February 2024, Google and Yahoo stopped suggesting and started requiring. Any sender pushing more than 5,000 messages a day to their users now has to clear a hard bar, or get filtered. These are the Yahoogle bulk sender requirements, and they reset the floor for everyone, cold senders included.
The official Google rules are specific. You must set up SPF and DKIM, then add DMARC, even at the lowest policy (p=none). You also need valid forward and reverse DNS (PTR) records, a TLS connection, and messages formatted to the RFC 5322 standard.
Two more apply to outreach. Marketing mail needs one-click unsubscribe via the List-Unsubscribe header (RFC 8058). And your spam complaint rate must stay below 0.30%, ideally below 0.10%.
Here is why this matters even if you send 50 a day, well under the bulk threshold. Filters now treat these signals as the baseline for everyone. The "bulk" cutoff is just when enforcement gets strict. Starting November 2025, Gmail ramped up enforcement with temporary and permanent rejections for senders who ignore the rules.
So authenticated mail is no longer a nice-to-have. It is the price of entry. Microsoft and Apple are tightening the same screws, so this only goes one direction.
◢How do you set up SPF, DKIM, and DMARC?
You set up SPF, DKIM, and DMARC by adding three DNS records to each sending domain. SPF lists who is allowed to send for you. DKIM signs your mail so it cannot be forged.
DMARC tells providers what to do if a message fails the first two. Together, the three records prove you are real.
The good news: you are copying values, not inventing them. Your email host (Google Workspace, for example) and your sequencer both generate the exact records to paste. The whole job is about 15 minutes of DNS edits per domain.
Do not skip it and do not fat-finger it. A typo here quietly kills every campaign you run.
Run them in order. First, add the SPF TXT record from your email provider. Second, enable DKIM in your provider's admin panel and paste the key it gives you. Third, add a DMARC record, starting at p=none so you can monitor without blocking.
This sequence is not optional anymore. Fully authenticated domains that pass DMARC checks are far more likely to hit the inbox than unauthenticated ones. If DNS makes your eyes glaze, do it once and never touch it again. For the deeper weeds, Smartlead's email deliverability guide is a solid free reference.
◢Warmup and volume: the boring moat
This is the part founders hate, and it is the part that wins. You do not send cold email from a fresh inbox. You warm it first.
Warmup means slowly ramping sends from a new mailbox, mostly to friendly addresses that reply and mark you "not spam." That way providers learn you are a real human before you ever pitch a stranger.
The standard ramp: start new inboxes at 5 to 10 sends a day and climb gradually over four to six weeks. Most sequencers automate this, so it runs in the background while you do literally anything else. Plan for two to three weeks of warmup before your first real cold send.
We have watched founders skip this to "save time" and land in spam by Friday. Then they spend a month digging out. The shortcut is the slow way.
Two rules carry the rest. First, never send cold from your main domain. Buy one or two lookalike sending domains and keep your real one clean, because a torched company domain breaks your invoices and your actual inbox, not just outreach. Second, cap each inbox around 30 to 40 sends a day and let your sequencer rotate across mailboxes.
That is how you scale volume without any single inbox looking like a firehose. None of this is clever. It is just discipline, run on schedule. The same logic powers our founder-led sales playbook.
◢How do you monitor cold email deliverability?
You monitor deliverability with three free signals: Google Postmaster Tools, your bounce rate, and your spam complaint rate. Postmaster shows your domain reputation and spam rate straight from Google. Your bounce and complaint rates live inside your sequencer. Watch all three weekly, not when something already broke.
Set hard lines and respect them. Keep your bounce rate under 2%, because 2 to 5% is a warning and above 5% does real damage. Keep your spam complaint rate under 0.1%, and never let it touch 0.3%.
The cleanest way to protect both is list hygiene: verify every address before it touches a sending inbox. It is wild, but 39% of senders rarely or never clean their lists, then wonder why they are in spam.
Reply rate is your real-world canary. The 2026 cold email benchmark, built on data from 700,000-plus businesses, pegs the average reply rate around 3.4%, with strong senders clearing 5.5%. If your replies suddenly crater, do not rewrite your copy first.
Check deliverability instead. Nine times out of ten, you stopped landing in the inbox, and no subject line fixes that. A simple analytics setup makes these dips obvious before they cost you a month of pipeline.
◢The deliverability tools to cut
Here comes the cheeky part, the reason this site exists. The "deliverability stack" being sold to you is mostly air. Once your authentication, warmup, and list hygiene are handled, the marginal tool adds almost nothing but a bill. Here is what we tell every founder to cut.
Cut the standalone warmup subscription. Your sequencer (Smartlead, Instantly, lemlist, take your pick) already runs warmup, rotation, and reply detection. Paying a second tool to warm inboxes is paying twice for one feature.
Cut open tracking, too. That invisible pixel loads from an external domain and reads as a spam signal to filters, and shared tracking domains can get blacklisted by someone else's spam. Apple Mail Privacy Protection fakes opens anyway, so the data is garbage. Turn it off and chase replies instead.
Cut the four-figure "sales engagement suite," the AI SDR that writes worse than you, and the instinct to buy a 50,000-lead list. A clean list of 300 people who actually fit beats 10,000 strangers who bounce and brick your domain.
We love Clay, genuinely, and it is overkill until you have proven the motion. Same for a paid HubSpot seat before you have a single reply to manage. Cut the spend that does not change whether you land in the inbox. That short list is the whole game.
◢Conclusion
Cold email deliverability is not a dark art, and it is definitely not a shopping problem. It is four boring habits done in order: authenticate every domain, send from throwaways, warm your inboxes, and keep your list clean. Do those and you clear the bouncer. Skip one and the best copy on earth dies in spam.
The takeaways are simple. One, the infrastructure is cheap and the discipline is the moat. Two, most of the "deliverability stack" is bloat you can cut today, starting with standalone warmup and open tracking. Three, watch your bounce rate, spam rate, and replies like a hawk, because they warn you before the damage is done.
Want the turn-by-turn version, with copy-paste DNS records and a domain-rotation calendar? Grab our cold outbound recipe, then subscribe to the newsletter for the next teardown. We cut the SaaS so you can keep the runway.
◢FAQ
What is a good cold email deliverability rate?
Aim for inbox placement above 80%, since the global average sits around 84% and roughly one in six emails never reaches the inbox. North America runs higher near 88%. Keep your bounce rate under 2% and your spam complaint rate under 0.1%. Those two numbers protect everything downstream. If your replies suddenly dry up, deliverability is almost always the first thing to check, not your copy.
Do I need SPF, DKIM, and DMARC for cold email?
Yes, and it is no longer optional. Since February 2024, Google and Yahoo require SPF, DKIM, and DMARC for anyone sending bulk email to their users. Fully authenticated domains are far more likely to reach the inbox. Setup takes about 15 minutes of DNS edits per domain. Your sequencer or email host usually generates the exact records to paste, so you are copying values, not writing them from scratch.
Should I use my main domain for cold email?
No. Never send cold email from your primary domain. Buy one or two lookalike sending domains instead, then point them at your real site. If a cold campaign tanks your sender reputation, you want that damage contained to a throwaway, not your company domain that runs payroll, invoices, and your actual inbox. Domains cost a few dollars a year. A burned main domain costs you every email you send for months.
How long should I warm up a cold email domain?
Plan for two to three weeks before you send a single cold email. Start new inboxes at 5 to 10 sends a day and ramp slowly over four to six weeks. Most sequencers run warmup automatically, so it happens in the background while inboxes build reputation. Skipping warmup is the single fastest way to land in spam. Blast 100 a day on a fresh inbox and you are filtered by Friday.
Does open tracking hurt cold email deliverability?
Often, yes. Open tracking adds an invisible pixel that loads from an external domain, and spam filters read that as a promotional or sales signal. Shared tracking domains are worse, because one spammer on the platform can get the whole domain blacklisted. Apple Mail Privacy Protection also fakes opens, so the data is junk anyway. For cold outreach, turn open tracking off. The only metric that matters is positive replies.