Email Authentication Setup for Outbound Teams

I thought great copy was the secret to cold email. Then I realized 80% of my emails were landing in spam. Here’s what we found: 1️⃣ Domain protection is the #1 lever for deliverability → Most teams burn their main domain without realising it. Once a domain is flagged, everything gets filtered (even normal emails). We run 100+ secondary domains to protect our brand and reduce risk. Tool stack: Google Workspace, Namecheap, Warmup tools Next step: Move every outbound sequence off your primary domain. 2️⃣ Safe volume beats high volume → Sending 500 emails/day from one domain is the fastest path to spam. Deliverability collapses instantly. We spread volume across hundreds of mailboxes and stay under 40/day for each. Impact: Fewer red flags, higher trust, better inbox placement. Next step: Audit how many sends each domain is doing right now. 3️⃣ Authentication is non-negotiable → SPF, DKIM, and DMARC are the foundation ESPs check before letting anything through. Without proper authentication, you look suspicious by default. Tools: dmarcian, Google Admin, Cloudflare Next step: Run a deliverability test and fix whatever shows up in red. 4️⃣ Warm-up → Most domains get burned because people start sending too early. ESPs need time to trust you. We warm each domain for two full weeks before sending anything. Why it works: Slow ramp-up = better deliverability. If you just bought a domain, don’t touch it for 14 days. 5️⃣ Natural variation reduces spam triggers → Sending the same message repeatedly creates patterns that ESPs flag. You need micro-variation to look human. We use subtle spintax + a few message versions per campaign. Tools: Instantly.ai, Smartlead Next step: Add small variations to your first lines and CTAs. 6️⃣ Clean tracking protects your domain reputation → Tracking links are an instant red flag. Most agencies don’t realize this. We use custom tracking domains or disable tracking entirely for key campaigns. Next step: Replace all generic tracking links. The results: → 500,000+ emails/month reaching real decision-makers → Higher inbox placement across every ESP → Predictable revenue for ColdIQ clients → Stable domain health across all mailboxes Deliverability isn’t the flashy part of outbound, but it’s the part everything else depends on. If you want our 7-day GTM deliverability setup (domains, warm-up, templates, monitoring tools)... drop me a message, happy to help.

I built outbound systems for 30+ teams. The top performers all did ONE thing first. They built infrastructure before writing a single cold email. This usually looks like: Phase 1: Infrastructure (Weeks 1-2) → Buy 10-15 domains, all close variations of your brand → Set 2-3 mailboxes per domain, never more → Add SPF, DKIM, DMARC on every domain → Use custom tracking domains, never shared ones → Split 50/50 between Google Workspace and Microsoft 365 → Plug everything into Instantly, SmartLead, or Lemlist → Turn on mailbox rotation and start warmup for 6-8 weeks Then. Phase 2: Data and Targeting (Weeks 2-4) → Define ICP with painful detail → Build your TAM and TAL from that ICP → Tier accounts into T1, T2, T3 → Run Clay waterfalls with 3+ providers → Use Apollo, Lima Data, Proxycurl, FullEnrich → Verify every email with SMTP before a sequence → Add intent: hiring, funding, tech changes, job posts → Score accounts so reps know where to focus Finally. Phase 3: Copywriting (Weeks 4-6) → Pick pain or gain angle before writing → Build one framework you can tailor at scale → Open with a real detail, not a fake compliment → Use 3-4 step sequences with new angles each time → Plain text only, under 120 words → One clear CTA in every email → Breakup on step 4 and add LinkedIn between steps If you follow this order, your outbound will start feeling like an actual system. A lot of teams stop giving outbound a try after deliverability starts tanking, but when done right outbound can really start being a growth channel. 

Before copy, before offers, before personalization… your emails need to land in the inbox If you're doing [X] - sending emails straight from a fresh domain without setup Switch to warming and proper infrastructure first, because inbox providers will flag you immediately. 1. Disable Tracking Links Tracking pixels and link tracking often trigger spam filters. They add extra redirects → suspicious behavior They signal “mass outreach tool” What works: Use plain links or no links at all in the first email. Focus on getting a reply, not a click. 2. Use Multiple Mailboxes per Domain One inbox blasting emails = high risk. Spread volume across 2–3 inboxes per domain Example: john@ mike@ Why it matters: Lower activity per inbox = more natural sending pattern. 3. Mix Google and Outlook Accounts Email providers watch patterns. If all your emails come from one ecosystem, it’s easier to detect. Better approach: 50% Google Workspace 50% Outlook This creates diversity and reduces risk signals. 4. Warm Up Your Domains (Minimum 2 Weeks) New domains have zero trust. If you're doing [X] sending emails immediately after setup - switch to warming first, because cold domains get flagged fast. Simple process: Start with 5–10 emails/day Gradually increase Use real conversations or warm-up tools Goal: build history that looks human. 5. Use Separate Domains for Outreach Never send cold emails from your main domain. Why: Protect your brand domain reputation Avoid affecting your core business emails Example: Main: yourcompany.com Outreach: yourcompany.co / getyourcompany.com 6. Set Up SPF, DKIM, and DMARC Properly Skip this and your emails won’t be trusted. These are your authentication signals: SPF → confirms sender DKIM → verifies message integrity DMARC → tells servers how to handle failures No setup = low deliverability, even with great copy 7. Keep Volume Low (Max ~20 Emails/Day per Inbox) More volume doesn’t mean more results. Among outbound campaigns, accounts sending lower daily volume tend to last longer and perform better. What works: 10–20 emails per inbox per day Scale by adding inboxes, not volume That's it!

Here’s what I’d do if I wanted to get more replies from outbound. ↳ Fix your setup first. Sure, messaging matters. But if your technical setup sucks, nobody sees your emails. Start here: 1️⃣ Get off your main domain Cold outreach from company domain = reputation suicide. Buy a few lookalike domains and rotate. 2️⃣ Set up SPF, DKIM, and DMARC properly If you don’t know what those are, stop sending until you do. 3️⃣ Warm up before you go out Start with 10–20 emails / day. Simulate real conversations. Ramp-up volume. Keep warming even after you start sending. 4️⃣ Verify every lead Unverified = bounce. Bounce = Spam. Clean lists. Always. Aim for <2% bounce rate. 5️⃣ Monitor your sending reputation Bounce rate > 2%? Fix your data. Spam rate going up? Pull the brakes. Focus on warm-up. 7️⃣ Plain text > pretty HTML No buttons. No banners. No fancy fonts. Text-only feels human - and inboxes like that. 8️⃣ Warm-up is forever relationship Sending cold? Then you’re warming too. 1:1 ratio. Even if your campaigns pause - warm-up shouldn’t. Once all that’s dialed in - work on your copy and value proposition. Because no one will reply to an email they never receive. Would you add anything?

Every sales team doing outbound needs to know this about email deliverability in 2024: No EXCEPTIONS. Email deliverability is a “death by a thousands paper cuts” type of situation. Stop stacking paper cuts. ✅ Set up secondary domains. If you are still cold emailing off your primary email domain you may be in big trouble. The last thing you want (especially if you aren’t a reputable company) is to burn your primary domain. This doesn’t just affect your sales team. It affects everybody at your company. ✅ Set up your DNS (DMARC, SPF & DKIM) records for ALL of your secondary domains. ✅ Secondary domains should link to your primary. You want to make sure your prospects are being directed to your actual company domain if they are curious and click. ✅ Instantly.ai recommends limiting yourself to 3 email addresses per domain. ✅. Email Warmup - Domains should be “warmed up” for 14 days before cold emailing. Send at least 20-40 warm up emails per day per email account, with a 40% reply rate. This builds your domain reputation. NEVER switch off email warm-up. ✅ Email Volume - do NOT send more than 30 emails per day per email account. ✅ Keep your email signature plain text. No Links. AT ALL. Add your address in your signature and make sure you put a picture in your Outlook or Gmail profile. ✅ Vary your cold email copy. Sending the same template to every prospect signals that you are a spammer. Take the time to personalize emails. For emails further in your sequence, use Spintax. Use alternate phrases “Hi, Hey, Hello”. ✅ Understand that your domain gets TORCHED when people mark your email as spam. Good and relevant copy matter. Also, don’t run 7+ email step sequences. It’s okay to have sequences that are 15 steps. But make them multi-channel (Calls, LinkedIn, Email). ✅ Constantly monitor your email deliverability. Highly recommend using Instantly.ai to make this all easier. Maintaining good deliverability over time is key in the success of outbound. Curious - what else should I have mentioned here?

Starting from February 1st, Gmail and Yahoo are making some big changes to their policy. But the no.1 requirement is one too technical for most marketers: “Authenticate outgoing emails setting up SPF, DKIM, and DMARC” Here’s what all those terms means, and what you need to do to make sure your emails continue to reach your users: What email clients want is for a way to check the “authenticity” of your emails. So they ask you to set up these authentication techniques: 1. SPF allows a domain to specify which IP addresses can send that mail. It’s like specifying which ‘postman’ is allowed to deliver the mail. 2. DKIM is like a digital signature. Imagine a seal on the envelope telling you its contents were not altered. 3. DMARC is a policy that decides what to do with the mail if both SPF and DKIM fail. *** How can you check if your email is authenticated as a sender?  1. Open an email in your desktop  2. Click the three dots on top right  3. Click “Show original”  4. Should show PASS for SPF/DKIM/DMARC *** Besides having these in place, here are some other recommendations in the recent updates by Gmail & Yahoo: 1. DMARC policy of p=none is enough for now. DMARC policies can be of different types. In ‘p=none’, you don’t take any action against emails that have failing SPF/DKIM. But you receive reports to keep an eye. But if your brand has already seen phishing emails being sent in your name, it’s better to switch to p=reject/quarantine.  2. Separate email types by IP or DKIM domain I.e., don’t send marketing emails and transactional emails from the same source. It ensures that any negative response to a marketing campaign doesn’t also lead to your important transactional emails to land in spam. *** None of these requirements are new. They were just more often called ‘best practices.’ If you need any other questions about these changes, ask away in the comments below

🚨 Salesforce is requiring all outbound email domains to be verified or your emails will be silently dropped. No bounce. No error. Just gone. Deadlines: 📅 Sandboxes: March 30 📅 Production: April 27 What to do: ✅ Audit your sending domains in Setup ✅ Set up DKIM keys (recommended, also improves deliverability) ✅ Or use Authorized Email Domains as a fallback ✅ Get DNS records published ASAP, propagation alone can take 72 hours This affects Apex email, Flow-triggered emails, Workflow alerts, and Process automations, not just manual sends. Don't let broken customer communications sneak up on you. Verify your domains now. https://lnkd.in/e3cqP34r #Salesforce

We book 15-20 qualified meetings/mo with cold email. Here’s how we make sure our emails hit inboxes: Deliverability fell off a cliff this summer. Anyone who sends cold emails knows that. You have two choices for reaction: 1. Give up 2. Figure out how to land in primary If you choose number 2 – read on. 3 critical setups most miss: 1) Authentication You need all 3: → SPF Records → DMARC policy → DKIM signatures Without these, the providers won’t trust your domain. And you’ll be left wondering why your emails land in spam. 2) Domain Warming A huge (and common) cold email mistake: Blasting 1000s of emails from day one. Our approach: → Start with 2/day → Increase steadily until 8-10/day → Make sure bounce rate stays below <1.5% It may seem like a slow crawl, but it will save you time in the long run. Nothing delays a campaign like a burnt domain. 3) Infrastructure THIS is the game-changer that nobody talks aboutL → Proper DNS setup → Splitting inboxes among Google/MS → Keeping extra inboxes warming-up → Properly cleaning our lead lists → Using dedicated sending domains The thing that most people miss: The best copy in the world means nothing if you’re hitting spam. Dial in your technical setup first.