Cold Email Deliverability Checklist 2026

Send from a sending subdomain (go.example.com), not the apex

Isolates a warmup misstep from your main domain reputation

Domain registered at least 30 days before any cold sends

Mailbox providers distrust newly-registered domains

MX records resolve and accept mail back at the sending domain

Receivers reject mail from domains that can't receive replies

PTR (reverse DNS) record matches the sending host

Most providers downgrade or block senders with mismatched PTR

SPF TXT record published at the apex with strict (-all) or soft (~all) qualifier

Authorizes which IPs can send for your domain

SPF stays under the 10-DNS-lookup ceiling (RFC 7208 §4.6.4)

Exceeding triggers PermError and authentication fails

DKIM 2048-bit key published at <selector>._domainkey

Cryptographically signs every message; 1024-bit now flagged as weak by Google

DKIM-Signature header appears on every outgoing message

Required for the receiver to verify the signature

DMARC TXT record at _dmarc with valid rua= reporting address

Required by Google + Yahoo bulk-sender rules (2024)

DMARC policy at p=none for the first 4-8 weeks, then progress to quarantine/reject

Lets you see legitimate sources in reports before enforcing

Aggregate DMARC reports parsed at least weekly

Reveals third-party senders using your domain you forgot about

New domain warmed for 14-28 days before any campaign

Skipping warmup is the #1 cause of new-domain spam-folder placement

Warmup volume starts at 5-10 sends/day, ramps gradually

Sudden spikes from low to high volume look like spam

Warmup recipients reply to warmup messages (engagement signal)

Reply rate moves the needle more than open rate on reputation

Bounce rate stays under 2% throughout warmup

Mailbox providers throttle senders above this threshold

Complaint rate stays under 0.1%

Above this, ESPs may suspend the account regardless of volume

Subject line under 60 characters, no ALL CAPS, no excessive punctuation

Spam filters score on subject-line shape and tone

Body avoids known spam-trigger phrases ("free!!", "act now", "limited time")

Bayesian content filters weight these heavily

Plain-text version exists alongside HTML (multipart/alternative)

Some receivers default-render plain-text; missing it triggers spam scoring

Image-to-text ratio under 40% by area

Image-heavy mail with little text is a classic phishing pattern

Tracking pixel and click-tracking domains aren't on blacklists

Even with a clean main domain, tracker blacklisting kills delivery

List-Unsubscribe header (RFC 8058) present on every send

Required by Gmail/Yahoo bulk-sender rules; absence flags spam

Send rate stays under provider per-second limits (Gmail: published 30/min for Outlook; AWS SES: scaled tier)

Throttling cascades into deferrals which cascade into bounces

Send window respects recipient timezone (typically Tue-Thu, 9am-3pm local)

Engagement rates 2-3x higher in business hours than overnight

Auto-pause follow-ups when a recipient replies

Sending #2 after they replied tanks reputation more than the reply helps

Bounced addresses suppressed permanently after first bounce

Repeated bounces to the same address are the #1 reason ESPs suspend

Postmaster Tools enrolled (Gmail) and SNDS enrolled (Outlook)

Real-time provider-side reputation data, free, irreplaceable

Pre-send check on every campaign (SPF, DKIM, DMARC, blacklist, content)

Catches issues before recipients see them