Why you need separate domains and exactly how to set them up.
Proper cold email domain setup starts with one rule: never send cold outreach from your primary business domain. If your company operates on acme.com, your cold emails should go out from a different domain entirely. The reason is risk containment. Cold email, even when done well, carries a chance of blacklisting, spam complaints, or reputation damage. If those problems hit your primary domain, every email your company sends is affected, including transactional emails, customer support, internal communications, and invoices.
A secondary domain for cold email keeps that risk isolated. If a sending domain gets blacklisted, you delist it or replace it. Your primary domain stays clean. This guide walks through the complete cold email domain strategy from choosing and buying domains to DNS configuration, mailbox creation, and warmup.
Pick domains that are clearly related to your brand but distinct from your primary domain. If your company is acme.com, good options include acme.co, tryacme.com, acmehq.com, or getacme.com. Avoid domains that look spammy or unrelated to your business. Recipients who check the domain should immediately understand the connection to your company. Buy two to three domains to start so you can distribute sending volume and have a backup if one develops reputation issues.
Use a reputable registrar like Namecheap, Cloudflare, or Google Domains. Check that the domain has not been previously registered by looking up its history. Previously owned domains may carry existing reputation, positive or negative, that you will inherit. New, never registered domains are the safest starting point. Common TLDs like .com and .co are best for deliverability. Avoid unusual TLDs like .xyz or .info, which are disproportionately used by spammers and carry a negative bias with some email providers.
Before configuring email, put a basic website on each sending domain. This can be a single page with your company name, a brief description, and a link to your main site. Install an SSL certificate so the site loads over HTTPS. A domain for cold email that has no website looks like it exists solely for sending email, which is a negative signal for spam filters. The website does not need to be elaborate. Its purpose is to show that the domain is associated with a real business.
Add an SPF TXT record to your domain's DNS. The record tells receiving servers which mail servers are authorized to send email for your domain. If you are using Google Workspace, the record looks like v=spf1 include:_spf.google.com ~all. For Microsoft 365, use v=spf1 include:spf.protection.outlook.com ~all. If you also send through Amazon SES, add include:amazonses.com to the same record. Your domain should have exactly one SPF record that lists all authorized senders.
DKIM adds a cryptographic signature to your emails that receiving servers verify using a public key in your DNS. Your email provider generates the DKIM records during setup. For Google Workspace, you generate a DKIM key in the admin console and add the provided TXT record to DNS. For Amazon SES, you add three CNAME records that AWS generates when you verify your domain. DKIM configuration is provider specific, so follow your provider's exact instructions and verify the records are resolving correctly before proceeding.
Add a DMARC TXT record at the _dmarc subdomain. A good starting record for secondary domain outreach is v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com. This tells receiving servers to quarantine emails that fail authentication and to send you aggregate reports. Review the reports periodically to confirm your legitimate sends are passing. Once you are confident everything is authenticated correctly, you can optionally tighten the policy to p=reject for maximum protection.
Set up mailboxes through Google Workspace, Microsoft 365, or Zoho on your sending domains. Use real names that match actual people on your team, like sarah@tryacme.com or james@acmehq.com. Fill in the display name and profile photo for each account. Create two to three mailboxes per domain. Each mailbox should handle a maximum of 30 to 50 cold emails per day. If you need more volume, add more mailboxes and domains rather than pushing a single account past safe limits.
Enable warmup on every new mailbox immediately. Start with 5 to 10 warmup emails per day and gradually increase over two to four weeks. Monitor inbox placement throughout warmup. Do not start cold campaigns until warmup shows inbox placement above 90 percent consistently. Continue running warmup alongside your cold campaigns after launch to maintain positive engagement signals.
Using your primary domain for cold email is the most consequential mistake. The potential damage to your entire email infrastructure is not worth the convenience. Always use secondary domains. Another common error is buying domains and starting to send the same day. New domains need time to age, a website to establish legitimacy, DNS records to propagate, and mailboxes to warm up. Plan for at least three to four weeks between domain purchase and first cold campaign.
Concentrating all volume on a single domain is also risky. If that domain gets blacklisted, your outreach stops completely. Spreading across two to three domains means one problem does not shut down your entire operation. Finally, forgetting to set up redirect from the sending domain to your main website means curious recipients who type your sending domain into a browser see nothing, which undermines trust.
EmailQo connects to mailboxes on any domain through Gmail, Outlook, Zoho, or Amazon SES. When you add a sending account, the pre send inbox health checks validate that SPF, DKIM, and DMARC are all correctly configured on that domain. If any record is missing or misconfigured, the check flags it before your first campaign goes out. Built in warmup is included on every plan, so you can start building reputation on new mailboxes immediately after setup.