Skip to main content
OA-1 · Outbound Automation · 100 XP · ~18 min
A team came to us with a 2% reply rate. Great copy. Solid targeting. 400 sends per day. The problem: 70% of their email was landing in spam. Three weeks of campaigns, completely wasted. We fixed their authentication records, warmed three new domains, and reply rate went to 8% within two weeks — same copy, same list. Infrastructure is not optional.

Why Email Infrastructure Matters

Every email you send passes through a gauntlet of reputation filters before it reaches an inbox. Gmail, Outlook, and every major email provider scores your sending domain on three dimensions:
  • Authentication — Can they verify you are who you say you are?
  • Reputation — Has this domain sent spam before? What’s the bounce rate?
  • Engagement — Do people open and reply, or mark it as spam?
You control authentication completely. Reputation takes time to build. Engagement comes from quality. This module focuses on authentication and reputation — the things you can get right before sending a single email.

The Three Authentication Records

SPF (Sender Policy Framework)

SPF is a DNS record that lists which servers are authorized to send email on behalf of your domain. If an email claims to be from you@yourcompany.com but comes from a server not in your SPF record, receiving servers can reject it. 
v=spf1 include:_spf.google.com include:sendgrid.net ~all
The ~all is a soft fail — suspicious emails get tagged but not rejected. ~all is recommended over -all (hard fail) for cold outreach domains.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to every email you send. The receiving server checks the signature against a public key in your DNS. If they match, the email is authenticated. DKIM doesn’t prevent spam — it proves the email actually came from you. Combined with DMARC, it creates a strong authentication chain.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC tells receiving servers what to do when an email fails SPF or DKIM:
PolicyBehavior
p=noneMonitor only — log failures but deliver the email
p=quarantineSend failures to spam folder
p=rejectReject failures entirely
For cold outreach, start with p=none to monitor, then move to p=quarantine once you’ve verified your authentication is clean. 
v=DMARC1; p=none; rua=mailto:dmarc@yourcompany.com

Domain Strategy for Cold Outbound

Never use your primary company domain for cold outreach. One spam complaint spike can damage your entire company’s email deliverability — including your transactional and marketing emails. The recommended setup:
  • Register 2–3 “sending domains” similar to your main domain
    • Examples: yourco.io, getyourco.com, tryyourco.com
  • Set up SPF, DKIM, DMARC on each
  • Warm each domain separately (see below)
  • Rotate sending across domains to stay under per-domain limits
Keep your yourcompany.com domain only for replies and transactional email.

Domain Warmup

A brand new domain has zero sending reputation. If you send 500 emails on day one, every major provider will flag it as spam. Warmup is the process of building reputation gradually. Manual warmup schedule:
WeekDaily Volume per Domain
Week 110–20 emails/day
Week 220–40 emails/day
Week 340–75 emails/day
Week 475–150 emails/day
Week 5+150–300 emails/day
Automated warmup tools (Instantly Warmup, Mailreach, Lemwarm) simulate email exchanges to build reputation faster. Use them, but don’t rely on them alone — real replies to real emails are the strongest reputation signal.

Inbox Rotation

Even warmed domains have per-day sending limits before deliverability degrades. The solution is inbox rotation: spread your sends across multiple inboxes and domains. In Instantly, Smartlead, and most modern sequencers, you can add multiple sending accounts and the tool rotates sends automatically. A typical setup:
  • 3 domains × 2 inboxes per domain = 6 inboxes
  • 50 emails/inbox/day × 6 = 300 sends/day total
  • Safely under any single domain’s reputation threshold

Audit Checklist

Before running any campaign, run this checklist:
  • SPF record exists and includes all sending servers
  • DKIM record exists and key is active
  • DMARC record exists (even p=none is fine to start)
  • Domain is at least 2 weeks old
  • Domain has been warmed to your target send volume
  • You are not sending from your primary company domain
  • Reply-to address is monitored (you’ll get replies)
Use MXToolbox to check all three authentication records at once.
Quick Check: What happens if you send 500 cold emails from a brand new domain on day one? What’s the difference between SPF and DKIM in plain English?

OA-1 Challenge: Run an MXToolbox Audit (+100 XP)

Run an MXToolbox audit on your sending domain (or a domain you’re setting up). Screenshot the results showing SPF, DKIM, and DMARC status. If any are missing, document what needs to be added.

Submit OA-1 Challenge →

Share your MXToolbox audit results and any remediation steps needed. +100 XP on approval.

Next: OA-2 Building Sequences →

Infrastructure is set. Now learn how to architect email sequences that generate pipeline — not just opens.