How to Improve Cold Email Deliverability

Start with the domain, not the copy

Cold email deliverability is the chance that a sales email reaches the inbox instead of spam. The fastest reliable gains usually come from proving that your sending domain is authorized, aligned, and stable before you ask Gmail, Outlook, or another mailbox provider to trust your campaign.

Run a free InboxRadar domain scorecard first. It checks SPF, DKIM, DMARC, MX, and common drift signals so you know whether the problem is authentication, routing, or reputation. Then fix the records before changing subject lines, warming more seats, or buying another sending tool.

• Authenticate every domain and subdomain that sends cold email.
• Use a real mailbox setup with working MX records, not only a parked domain.
• Send from one consistent identity, with a clear From domain and reply path.
• Keep volume low until authentication passes and replies are healthy.
• Monitor the domain weekly because DNS records drift when tools are added or removed.

Fix SPF, DKIM, and DMARC in that order

SPF, DKIM, and DMARC answer three different questions. SPF checks whether the SMTP sending server is authorized for the envelope sender domain. DKIM checks whether the message has a valid cryptographic signature from a signing domain. DMARC checks whether SPF or DKIM passes in alignment with the visible From domain, then applies the domain owner's policy when aligned authentication fails.

SPF lives in DNS as a TXT record. Include only services that actually send for the domain, such as your mailbox provider and cold email platform. SPF has a hard 10 DNS lookup limit under RFC 7208, so long chains of include mechanisms can break a domain even when the record looks reasonable. Use ~all while testing so failures are treated as soft failures. Move to -all only when every legitimate sender is included and you want receivers to treat other senders as explicit failures. DMARC, not SPF by itself, is the usual place to tell receivers to quarantine or reject aligned failures.

DKIM is usually the cleanest cold email fix because it signs each message. Your provider gives you a selector, often something like selector1 or google, and a DNS record. Publish the selector record, enable signing in the provider, then send a test message and confirm that DKIM passes. Rotating selectors is normal. Old selector records are not used unless a message signature names them, but keep an inventory so a platform does not sign with a selector you removed.

DMARC is the policy layer from RFC 7489. Start with p=none and a rua aggregate report address so you can see who is sending as your domain. After SPF or DKIM passes in alignment for legitimate mail, move to p=quarantine, then p=reject when you are confident. Do not jump to reject if a CRM, billing system, or inbox provider is still failing alignment.

• SPF: one SPF TXT record for each domain that appears in the envelope sender or HELO identity, no duplicate SPF records at the same name, no more than 10 DNS lookups.
• DKIM: a valid selector record, signing enabled, and passing signatures on real outbound mail.
• DMARC: a record at _dmarc for the visible From domain or its organizational domain, aligned SPF or DKIM, and rua reports you actually review.
• Alignment: under default relaxed DMARC alignment, the SPF or DKIM domain can match the visible From domain or share its organizational domain. Strict alignment requires an exact domain match.

Why Gmail and Outlook put cold email in spam

Mailbox providers do not send mail to spam for one reason. They score a pattern: authentication, alignment, domain and IP reputation, complaint rate, engagement, sending consistency, URLs, content, and whether users treat similar mail as wanted.

Google's current Gmail sender guidelines require SPF or DKIM for all senders to personal Gmail accounts. Senders above Google's bulk threshold also need SPF, DKIM, DMARC, aligned direct mail, low spam rates, and unsubscribe support for marketing and subscribed messages. Microsoft explains that Outlook and Microsoft 365 use SPF, DKIM, DMARC, and other signals to detect spoofing and unwanted mail. The practical rule is simple: unauthenticated or misaligned cold email starts with a trust deficit, and sales-style messages get little benefit of the doubt.

Authentication will not make bad outreach wanted. It removes the technical reasons that good outreach gets blocked before a human can judge it. After that, keep complaint risk low. Send to people who plausibly fit the offer, make the sender identity clear, avoid misleading subject lines, include a working unsubscribe or opt-out path, and stop sending to addresses that bounce or never engage.

• Do not rotate domains to hide complaints. That usually delays the penalty and makes recovery harder.
• Keep links simple. A fresh tracking domain, URL shortener, or mismatched link domain can look riskier than the message itself.
• Separate marketing, product, and cold outbound streams when volume grows so one stream does not damage another.
• Watch bounce patterns. High hard bounces tell providers your list quality is poor.

Check MX, blocklists, and sending setup

Cold email teams often fix SPF and still miss basic routing issues. A domain can pass authentication and still look weak if it has no working mailbox, broken replies, poor DNS hygiene, or a blocklist history.

MX records tell the internet where mail for your domain is received. If you send from sales@example.com, replies should work and the domain should have valid MX. A sending-only domain with no mailbox path is a weak trust signal and a bad buyer experience.

Blocklists matter, but they are not all equal. A listing on a major reputation list can hurt delivery quickly. A listing on an obscure list may not matter at all. Treat blocklists as evidence, not a diagnosis: identify the listed IP or domain, confirm whether your provider owns the sending IP, and fix the behavior that caused the listing before requesting removal.

• Confirm MX exists for the From domain and replies reach a monitored inbox.
• Check whether your sending IP or domain appears on major blocklists.
• Remove abandoned SPF includes for tools you no longer use.
• Keep forwarding rules, aliases, and reply-to addresses simple enough to audit.
• Recheck the scorecard after every DNS change and again after propagation.

A cold email deliverability checklist

Use this sequence before every new campaign. It is boring on purpose. Deliverability improves when the domain sends predictable, authenticated mail to relevant recipients over time.

• Run the free InboxRadar check and save the starting grade.
• Fix SPF first. One record at each relevant name, correct includes, under the 10-lookup limit.
• Enable DKIM signing for every mailbox or sending platform.
• Add DMARC with p=none and rua reports, then tighten the policy after real mail aligns.
• Verify MX and reply handling for every sender address.
• Clean the list before sending. Remove invalid, role-based, and risky addresses.
• Start with small batches, watch bounces and replies, then increase only when the signals stay healthy.
• Document which tool owns each DNS record so the next platform change does not break authentication.

For deeper background, compare your records with the published specs for SPF, DKIM, and DMARC, plus the current Google sender guidelines and Microsoft email authentication guidance. You do not need to memorize the specs, but your DNS should agree with them.