Blog ·How-to ·April 23, 2026 ·9 min read

How to run a cold email campaign without getting flagged as spam

The deliverability playbook. Dedicated domains, authenticated DNS, 14-day warm-up, real personalization. Primary inbox or bust.

TL;DR

Dedicated sending domains. SPF, DKIM, DMARC on all of them. 14-day warm-up. Cap at 60-80 sends/mailbox/day. Personalize beyond first name. Keep bounce <3%, spam <0.1%. Monitor weekly.

What you'll learn

Why your primary domain must never send cold email
The 3 DNS records that keep you out of spam
Send volumes that stay under Gmail's spam thresholds
Metrics to monitor weekly so you catch a burning domain early

What you need

2-3 domains (~$27 total, Porkbun)
Google Workspace or equivalent ($6/user/mo × number of mailboxes)
Instantly.ai or Smartlead for warm-up + sending ($97/mo)
14 days before your first cold send

Step 1: Buy dedicated sending domains

Never send cold email from your primary domain. Buy 2-3 variations (getyourcompany.com, yourcompany.io, tryyourcompany.com) on Porkbun or Cloudflare Registrar. $9/each/yr. The 2-3 variations let you rotate sends and isolate blast radius if one gets flagged.

Step 2: Set SPF, DKIM, DMARC for each

In Cloudflare DNS: add SPF TXT ("v=spf1 include:_spf.google.com ~all"), DKIM from your email provider, DMARC TXT ("v=DMARC1; p=quarantine; rua=mailto:you@yourcompany.com"). Non-negotiable — skip and you're in Gmail spam day 1. Verify with mxtoolbox.com/SuperTool.aspx before you send anything. A missing DMARC is a 3x spam rate.

Step 3: Warm up every mailbox 14 days

In Instantly.ai or Smartlead, enable warm-up on each mailbox. Let it run for 14 full days before your first cold send. It simulates natural conversations with the warm-up network. Don't skip. Don't shorten. A warm-up that starts and stops builds worse trust than one that runs continuously.

Step 4: Set conservative send limits

40 emails/day/mailbox for week 1. 60/day week 2. Cap at 80/day long-term. Three mailboxes = 240 sends/day safely. Higher and Gmail flags the domain. Gmail publicly states they flag high-volume cold senders. 40-80/day keeps you well below the line.

Step 5: Personalize beyond {{first_name}}

Use at least one custom field per email that references real, public info about the lead: recent hire, recent funding, recent post. Clay or Apify + GPT generates these at scale. The filter models detect templates by repetition. One real custom sentence per email is the anti-filter.

Step 6: Write short, plain-text-looking emails

Max 90 words. No images. No fancy HTML. No tracking pixels (open tracking trains spam filters). A link in email 1 is optional; no link is safer. Pretend you typed it in the Gmail compose box. That's the target aesthetic.

Step 7: Include a one-line unsubscribe

"Reply STOP and I won't email again." Satisfies CAN-SPAM, humanizes the email, shows confidence. Put it in your signature, not as a big footer. Honor it within 24h. One ignored unsubscribe + one spam report = a permanently burned mailbox.

Step 8: Monitor reply rate, bounce rate, spam rate

Healthy: 5-10% reply, <3% bounce, <0.1% spam complaints. If bounce >5%, pause and re-verify the list with NeverBounce ($10 per 2K emails). If spam >0.3%, pause the mailbox, re-warm 7 days. Use Google Postmaster Tools (free) to see your actual Gmail spam rate — Instantly's numbers lag by a day.

Concrete example: a B2B SaaS outbound campaign

3 domains (outreach-acme.com, try-acme.com, hi-acme.com), 3 mailboxes each, 14-day warm-up complete. Week 1: 40/mailbox/day = 1,080/week. Reply rate 7.2%, bounce 2.1%, spam 0.03%. Sequence: 1 open, 1 follow-up, 1 breakup. Result: 78 replies, 31 meetings booked, 4 closed at avg $8K ACV in 30 days. Tool spend: $97 + $54 mailboxes = $151/mo.

Common pitfalls + how to avoid them

Using the primary domain. Never. The recovery cost is 10-100x the "convenience."
Skipping warm-up. A cold mailbox sending 40/day lands in spam immediately.
Images or heavy HTML. Filter models weight these as promotional.
Not cleaning the list. High bounce > 3% burns reputation faster than high volume.
Ignoring spam complaints. 0.3% = immediate Gmail penalty. Watch Postmaster daily.

Key takeaways

Dedicated domains are $9 insurance on a priceless asset.
SPF + DKIM + DMARC is table stakes. Verify in MXToolbox.
Warm-up 14 days. No shortcut exists.
One real custom sentence per email beats every clever template.
Monitor Gmail Postmaster Tools weekly. It's free and authoritative.

FAQ

Is cold email legal?

In the US: yes under CAN-SPAM with a physical address and unsubscribe option. In the EU: legitimate interest is defensible for B2B, but document it and honor unsubscribes immediately. Canada CASL is stricter — stick to express consent or public business contact info.

What's a good reply rate?

5-10% qualified reply rate is the benchmark. Under 3% means your ICP or copy is off. Over 15% usually means you're being too broad and getting "not a fit" replies.

How many mailboxes do I need?

Start with 3. That's 240 sends/day, about 5,000/month. Add mailboxes before volume, not after — each needs 14 days to warm up.

Should I use Gmail or Outlook?

Google Workspace ($6/user/mo) has the best deliverability in 2026. Outlook is workable but stricter. Avoid SMTP relays for cold email — they're blacklisted fast.

Can one bad campaign burn my domain?

Yes. That's why you use dedicated domains, not your primary. A burned cold-email domain is an $18 loss; a burned primary is a business-ending loss.