You spent hours writing the perfect cold email sequence, enriched your list with verified contacts, and hit send. Two weeks later, your reply rate is 0.3%. Not because your messaging was bad or your targeting was off, but because 40% of your emails never reached the inbox. They are sitting in spam folders or got silently rejected by mail servers before anyone could read them.
Email deliverability is the unsexy foundation that determines whether your outbound and email marketing efforts produce results or waste money. Here is everything you need to understand and fix.
How Email Deliverability Actually Works
When you send an email, it does not just go directly from your inbox to the recipient. It passes through a series of checks performed by the receiving mail server (Gmail, Outlook, or whatever the recipient uses). These checks happen in milliseconds and determine whether your email lands in the primary inbox, the promotions tab, the spam folder, or gets rejected entirely.
The receiving server evaluates several factors: Is the sending domain authenticated? Does the sending IP have a history of spam? Is the content similar to known spam patterns? Has the recipient previously engaged with emails from this sender? Does the email contain suspicious links or attachments?
Each email provider weights these factors differently. Gmail is particularly aggressive about filtering, while some corporate Outlook setups are more permissive. The goal is to pass every check consistently so that your emails reliably reach the primary inbox.
Authentication: SPF, DKIM, and DMARC
These three acronyms are the foundation of email deliverability, and getting them right is non-negotiable. If you skip this section, nothing else in this article matters because your emails will fail before any other factor comes into play.
SPF (Sender Policy Framework) tells receiving servers which IP addresses are authorized to send email on behalf of your domain. It is a DNS TXT record that lists your approved sending sources. Without SPF, any server in the world could send emails pretending to be from your domain, so mail servers treat emails from domains without SPF records as suspicious.
Setting up SPF: Add a TXT record to your domain DNS that looks like this: v=spf1 include:_spf.google.com include:sendgrid.net -all. The include statements list authorized senders, and the -all at the end tells receiving servers to reject emails from any other source. Common mistake: using ~all (soft fail) instead of -all (hard fail). Soft fail is less strict and does not help your reputation as much.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to your emails that proves they were not tampered with in transit. When you send an email, your mail server signs it with a private key. The receiving server checks this signature against a public key published in your DNS records. If the signatures match, the email passes DKIM. If not, it is flagged.
Most email service providers (Google Workspace, Microsoft 365, SendGrid) handle DKIM key generation automatically. You just need to add the provided DNS records to your domain. The common mistake here is forgetting to set up DKIM for every sending service you use. If you send from both Google Workspace and a cold email tool like Instantly or Smartlead, each one needs its own DKIM record.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together and tells receiving servers what to do when authentication fails. A DMARC policy can instruct servers to monitor (p=none), quarantine (p=quarantine), or reject (p=reject) emails that fail authentication.
Start with p=none to monitor without affecting delivery. After 2-4 weeks of reviewing DMARC reports to make sure legitimate emails are passing, move to p=quarantine, then eventually to p=reject. Jumping straight to p=reject without monitoring can block your own legitimate emails if you missed a sending source in your SPF record.
Domain and IP Reputation
Even with perfect authentication, your emails can still land in spam if your domain or sending IP has a poor reputation. Reputation is built over time based on how recipients interact with your emails.
Positive signals: Recipients opening your emails, replying, clicking links, moving emails from spam to inbox, adding you to contacts. These tell mail servers that your emails are wanted.
Negative signals: Recipients marking your emails as spam, emails bouncing (invalid addresses), low open rates, high unsubscribe rates. These tell mail servers your emails are unwanted.
For new domains, you have no reputation at all, which is almost as bad as having a poor one. Mail servers are skeptical of unknown senders. This is why domain warmup is critical if you are starting fresh.
Domain Warmup: The Process
Domain warmup is the process of gradually increasing your sending volume on a new domain to build positive reputation. Think of it like a credit score for email: you need to establish a track record before servers trust you.
Here is a practical warmup schedule for a new domain used for cold outbound:
Week 1-2: Send 5-10 emails per day to engaged contacts (people likely to open and reply). These can be colleagues, friends, existing customers, or anyone who will interact with your emails. Have them reply and move your emails to their primary inbox if they land elsewhere.
Week 3-4: Increase to 15-25 emails per day. Mix in some cold prospects, but keep the ratio weighted toward warm contacts who will engage.
Week 5-6: Scale to 30-50 emails per day. You can now send mostly cold emails, but monitor your bounce rate and spam complaint rate closely.
Week 7-8: Reach your target volume of 50-100 emails per day per mailbox. Most cold email experts recommend capping at 50-75 per mailbox per day for sustained campaigns.
Automated warmup tools like Warmbox, Mailreach, or the built-in warmup features in tools like Instantly handle this process by exchanging emails between pools of accounts and generating artificial engagement signals. They are effective but should supplement, not replace, real human engagement during the warmup period.
Content and Formatting Factors
Once your technical setup is solid, the content of your emails becomes the next big deliverability factor. Spam filters analyze email content using machine learning models trained on billions of messages.
Things that trigger spam filters: Excessive use of capital letters or exclamation marks. Spam-trigger words like free, guaranteed, act now, limited time. Large images with little text (a common email marketing mistake). Too many links, especially to different domains. HTML-heavy emails with complex formatting. Tracking pixels from unknown or low-reputation domains.
Things that help deliverability: Plain text or minimal HTML formatting. Short, conversational emails (under 150 words for cold outreach). Personalized content that varies between recipients. A clear, professional signature with real contact information. One link at most, and preferably to your own domain.
For cold email specifically, plain text outperforms HTML every time. Removing all formatting, images, and tracking links improves inbox placement rates by 10-20% in most cases. Yes, you lose open tracking. But you gain actual inbox placement, which is far more valuable than knowing your open rate on emails nobody received.
List Hygiene and Bounce Management
Sending to invalid email addresses is one of the fastest ways to destroy your sender reputation. A bounce rate above 3% on any given campaign is a red flag. Above 5% and you are actively damaging your domain reputation.
Before any email campaign, run your list through an email verification service. NeverBounce, ZeroBounce, Bouncer, and MillionVerifier are popular options that cost $3-10 per 1,000 verifications. Remove any email that comes back as invalid, unknown, or disposable. Only send to emails verified as deliverable or accept-all (and treat accept-all with caution because they still bounce at higher rates).
For ongoing campaigns, implement bounce handling: automatically remove hard bounces (permanent failures) after the first occurrence. For soft bounces (temporary failures like full mailbox), retry twice and then remove. Monitor your bounce rate by campaign and investigate any spike immediately.
Inbox Placement Testing
The only way to know where your emails actually land is to test. Tools like GlockApps, Mail-Tester, and Inbox Spy send test emails to seed accounts across Gmail, Outlook, Yahoo, and other providers, then report where each email landed.
Run placement tests before launching any new campaign or after making changes to your email infrastructure. A good target is 80%+ primary inbox placement across providers. If you are below 70%, pause sending and fix the underlying issues before continuing.
Common placement test findings: emails land in spam only on Gmail (often a content issue), emails land in spam across all providers (usually an authentication or reputation issue), emails land in the Promotions tab on Gmail (content is too marketing-like, add more personalization).
Ongoing Monitoring and Maintenance
Deliverability is not a set-and-forget thing. Reputation can degrade quickly if you are not monitoring it. Here are the key things to track weekly:
Bounce rate by campaign: Should stay below 2%. Any spike means list quality issues.
Spam complaint rate: Google publishes this in Postmaster Tools. Stay below 0.1%. Above 0.3% is a serious problem.
Open rates: While not a perfect metric (especially with Apple Mail Privacy Protection inflating opens), a sudden drop in open rates across campaigns usually indicates deliverability issues.
Reply rates: The best indicator of inbox placement. If replies drop while everything else stays constant, your emails are likely landing in spam or promotions.
Set up Google Postmaster Tools for every domain you send from. It is free and provides direct data from Google about your domain reputation, authentication pass rates, and spam complaint rates. For Microsoft, use Smart Network Data Services (SNDS) for similar insights on Outlook deliverability.
Recovery: What to Do When You End Up in Spam
If your domain reputation has already taken a hit, recovery is possible but takes time. Here is the process:
First, stop all bulk sending immediately. Continuing to send while your reputation is damaged makes it worse. Second, identify what caused the damage: high bounce rates, spam complaints, authentication failures, or some combination. Third, fix the root cause completely before resuming. Fourth, restart your warmup process from scratch, treating your domain as if it were brand new.
Recovery typically takes 4-8 weeks of clean sending behavior. During this time, only send to your most engaged contacts and keep volumes very low. Gradually increase as your reputation recovers. Monitor Google Postmaster Tools daily during recovery to track your progress.
For severe cases where the domain is essentially blacklisted, it may be faster to set up a new sending domain and warm it up from scratch rather than trying to rehabilitate a burned domain. Keep the old domain for your website and branded communications, but use a fresh domain (like outreach.yourdomain.com) for outbound campaigns.
Deliverability problems are almost always preventable. Invest the 2-3 hours it takes to set up authentication, warmup, and monitoring correctly, and you avoid the weeks of recovery time that come from getting it wrong.