The Email Deliverability Checklist Practitioners Use

Deliverability Problems Look Like Copy Problems

Your open rate drops from 34% to 18%. You blame the subject line. Then it falls to 11%. You rewrite the offer. Then replies stop coming entirely and you start wondering if cold email is even worth doing.

It was the domain. And it went undetected because nobody was watching.

One operator documented this exact pattern: “You don’t wake up with 0% deliverability. You wake up with 18% open rates instead of 34%. Then 11%. Then you blame the offer. Domain degradation that nobody caught.” Another practitioner lost $30,000 per month in cash due to spam placement with zero visibility into placement. Every decision made on the campaign was, in their words, “being multiplied by zero.”

The purpose of this checklist is to stop that from happening. It is organized in the order you should run it - infrastructure first, sending behavior second, content third, and monitoring last. Skip any section and you are guessing.

Part 1 - Authentication (The Non-Negotiable Foundation)

Authentication is table stakes. Without it, everything else is irrelevant. Gmail, Yahoo, and now Microsoft have all enforced mandatory authentication requirements for bulk senders, and the standards are tightening, not loosening.

SPF Setup

SPF tells receiving mail servers which IP addresses are authorized to send email from your domain. Set it up wrong and even a clean, well-written email gets flagged before a human ever sees it.

What to check:

• Your SPF record exists as a TXT record on your domain's DNS
• It ends in -all or ~all (hard or soft fail for unauthorized senders)
• It contains fewer than 10 DNS lookups total

That last point trips up more senders than almost anything else. If you use multiple tools - say, Google Workspace, a marketing platform, a CRM, and a cold email tool - you can easily exceed the 10-lookup limit. When you do, SPF throws a PermError and authentication fails permanently on every send until you fix it.

The fix is to audit your SPF record and consolidate using SPF flattening or a service that resolves your authorized IPs into a single compact record.

DKIM Setup

DKIM adds a cryptographic signature to your outgoing emails. Receiving servers use it to verify the message has not been altered in transit and that the domain owner authorized it.

What to check:

• DKIM signing is active for every sending source you use
• Key length is at least 1024 bits - 2048 bits is the recommended standard
• The DKIM record is published in DNS and the signature aligns with your From domain

Google requires a DKIM key of at least 1024 bits for delivery to personal Gmail accounts. The recommended key size is 2048 bits. If your setup is using anything shorter, update it immediately.

DMARC Setup

DMARC ties SPF and DKIM together. It tells inbox providers what to do when an email fails those checks - and it generates reports showing you every source sending email on your domain's behalf, including unauthorized ones.

What to check:

• A DMARC record exists at _dmarc.yourdomain.com
• The policy is set to at least p=none (monitoring mode)
• Reporting addresses are configured so you receive reports
• SPF and DKIM alignment is passing

Here is where most senders stop - and where real protection starts. Only about 35% of Fortune 500 companies have their DMARC records set to p=reject, the enforcement level that actually stops spoofing. The other 65% are sitting at p=none or p=quarantine, which means domain spoofing is still possible. That leaves those domains exposed.

Moving from p=none to p=quarantine to p=reject is a process that should take 6-8 weeks with proper monitoring - not a single DNS change you flip overnight. Read your DMARC aggregate reports (the rua address in your record) before escalating policy, otherwise you may be rejecting legitimate email you don't know about.

PTR Records (Reverse DNS)

Your sending IP's PTR record should resolve back to a hostname that matches your sending domain. Inbox providers check this to confirm your sending infrastructure is legitimate. Spammers rarely bother setting up reverse DNS correctly, so providers treat missing PTR records as a red flag.

If you are on a shared IP through an email service provider, this is handled for you. If you are on a dedicated IP or custom SMTP, verify your PTR record is configured correctly at your hosting provider.

The Three-Provider Enforcement Reality

Google and Yahoo enforced mandatory SPF, DKIM, and DMARC requirements for bulk senders sending 5,000 or more emails per day. Microsoft followed with the same enforcement for Outlook, Hotmail, and Live.com addresses. Non-compliant messages from high-volume senders are now outright rejected with a 550 error code - not quietly routed to spam, rejected entirely.

If you are not yet sending 5,000 emails per day, these rules technically do not apply to you as hard requirements. But the filtering algorithms favor authenticated mail for everyone. Skipping authentication on low-volume sends still increases your spam folder rate.

Part 2 - Domain and Inbox Setup

Authentication handles your identity. This section handles your infrastructure - the domains, inboxes, and warmup process that determines how much sending volume your setup can handle without getting burned.

Domain Age and Separation

Never send cold email from your primary business domain. Use sending domains that are variations of your main brand - alternate TLDs, prefixes, or suffixes. If a sending domain gets blacklisted, your main domain stays clean.

What to check:

• Cold email is going out from sending domains, not your primary domain
• Sending domains are at least 14 days old before warmup starts (30+ days before full volume)
• No more than 2 mailboxes per domain
• Domains are split across Google Workspace and Outlook to reduce provider-specific blacklisting risk

The 50/50 Google and Outlook split across your sending infrastructure is worth taking seriously. If all your mailboxes live on one provider and that provider flags your sending pattern, your entire campaign stops. Spreading across both providers creates redundancy.

At scale, practitioners run 50 sending domains with 2 mailboxes each - 100 total mailboxes - as a standard infrastructure setup for one client campaign. That gives you daily capacity while keeping each domain's volume low enough to avoid triggering volume-based filters.

Warmup Period

Every guide I have read calls 14 days of warmup sufficient. Practitioners who have sent 3 million or more cold emails say that is wrong. 21 days is the floor. The ceiling is longer.

The warmup process should ramp gradually - starting at 5-10 emails per day per mailbox and increasing by 5 emails every few days. Never jump straight to full volume.

What to check:

• Warmup tool is active (Instantly, Smartlead, Mailreach, and similar tools all have native warmup features)
• Warmup is running for at least 21 days before you start campaign sends
• Daily send volume does not exceed 25 emails per mailbox, even after warmup completes
• Warmup continues running alongside active campaigns, not just before them

Apollo's default sending limit is 50 emails per mailbox per day. Practitioners who have tested both settings cap at 25. The extra volume is not worth the inbox placement risk when you are running multiple domains.

Domain Rotation Schedule

Domains do not stay healthy forever just because you warmed them up once.

Even healthy domains build what practitioners call “pattern fatigue” - the sending pattern becomes recognizable to spam filters over time. The working practice is to rotate sending domains every 4-5 weeks. That means retiring the current set and bringing in newly warmed domains while the old ones rest.

The rotation does not mean deleting old domains. You can bring them back after a rest period. But keeping any single domain in active rotation for months without a break degrades inbox placement even when all other signals look healthy.

Part 3 - List Quality

Poor list quality will destroy a healthy domain faster than anything else. One practitioner put it plainly: “If your reply rate is under 2%, the problem is almost always list quality, email copy, or domain reputation - in that order.” List quality comes first.

Email Verification

Every contact on your list should be verified before a single send. Hard bounces above 2% damage your sender reputation. At 3%, you should stop and audit your list immediately. At 4%, pause the campaign entirely until the list is clean.

What to check:

• All emails verified within the last 30 days (email addresses go stale fast)
• Bounce rate is under 2% per campaign
• Removed all role addresses (info@, support@, sales@) - these generate complaints, not replies
• No purchased lists without verification

Run the list through one verification tool, then run the uncertain results through a second. Tools frequently cited for this include MillionVerifier, Reoon, and VerifyEmailAI. Each catches different edge cases.

If you need to build a verified list from scratch before running campaigns, Try ScraperCity free - it includes an email finder and email verifier so you can pull and validate contacts in the same workflow.

Segmentation and Targeting

Sending to people with no reason to care about your offer generates spam complaints no matter how clean your authentication is. Tight targeting keeps complaint rates low.

What to check:

• You are sending to a specific, defined ICP - not a broad industry sweep
• List is filtered by company size, job title, and geography
• You are not re-sending to contacts who did not open after 3 or more attempts

Part 4 - Spam Complaint Rate

The official enforcement threshold from Gmail and Yahoo is 0.3% - meaning 3 spam reports per 1,000 emails sent. That number is not a target. It is the line where your domain gets flagged and deliverability collapses.

Target 0.1% or below. That is one complaint per 1,000 sends. If you hit 0.3%, you are ineligible for mitigation with Gmail until your rate stays below that threshold for 7 consecutive days.

Trajectory matters more than the current number. A flat 0.08% rate is healthy. A rate that was 0.04% two weeks ago and is now 0.08% is a warning sign even though both numbers are technically fine. Spam filter algorithms are watching the direction, not just the snapshot.

What to check:

• Google Postmaster Tools is set up and domain is verified
• Microsoft SNDS (Smart Network Data Services) is configured if you send to Outlook addresses
• Spam rate is below 0.1% - not just 0.3%
• Rate trend is flat or decreasing, not rising
• Any contact who reports spam is suppressed immediately from all future sends

Part 5 - Content and Copy Signals

Your email copy sends signals to spam filters before a human reads a single word. These are the content-level factors that are actively contributing to spam placement right now.

The Unsubscribe Link Counter-Intuition

Here is the finding that surprised the most people when it circulated among high-volume senders: adding a formal unsubscribe link to cold emails hurts deliverability. One operator who monitors more than 75,000 inboxes called it “one of the easiest wins most teams miss.”

The reason is behavioral. A formal unsubscribe link signals to filters that this is a bulk marketing email - which triggers promotions-tab and spam routing. For cold email specifically (not newsletter-style sends), replacing the unsubscribe footer with a simple plain-text line like “If this isn’t relevant, just let me know and I’ll drop this” performs better on inbox placement.

Note: For bulk marketing emails and newsletters to opted-in subscribers, one-click unsubscribe is legally and technically required per Gmail, Yahoo, and Microsoft requirements. This tip applies specifically to low-volume cold outreach sends.

AI-Generated Content Detection

This is the most overlooked deliverability variable entering campaigns right now. Gmail and Outlook are detecting AI-generated email bodies not by reading for meaning, but by analyzing statistical patterns - sentence length variance, token distribution, and word-pair frequency.

The problem at scale: when tens of thousands of operators run the same AI tool with similar prompts, they produce emails with nearly identical statistical fingerprints. Spam filters learn that fingerprint and route it accordingly. Clay-generated copy at scale creates this problem across a large portion of the cold email ecosystem simultaneously.

The fix is not to stop using AI. It is to use AI for drafting and then edit the output heavily - varying sentence length manually, breaking up predictable rhythm, and making the copy sound like a real person wrote it for one specific reader. Short emails (4-6 lines) in plain text format consistently outperform longer AI-heavy emails on inbox placement.

What to check:

• Copy does not read like a template - each email should pass a “would a real person write this to one person?” test
• Sentence lengths vary within the email
• No HTML-heavy templates for cold outreach - plain text only
• No spam trigger words: free, guaranteed, limited time, act now, no obligation
• Links are minimized - one at most, and avoid link shorteners entirely
• Images kept to zero or one maximum for cold outreach

The Offer Test

Deliverability fixes do not matter if the offer is unclear. A confused prospect does not reply - they report you as spam. Getting your value statement tight is both a sales issue and a deliverability issue.

One practitioner who coaches hundreds of cold email senders puts it this way: I see it constantly - senders obsessing over the perfect subject line while their offer is garbage. Use this format: “I help [specific niche] [achieve a specific result] with [how you do it].” That format consistently outperforms long-form cold email on both reply rate and spam rate.

Part 6 - Sending Behavior

How you send matters as much as what you send. Volume spikes, irregular timing, and poor sequencing all create patterns that inbox providers mark for filtering.

Volume and Timing

What to check:

• Daily volume per mailbox stays at or below 25 emails
• Sends are spread across business hours - not fired in bulk at 8:00 AM simultaneously from all mailboxes
• Random send delays are active (tools like Instantly and Smartlead have this built in - a 3-8 minute randomized gap between sends mimics human sending behavior)
• Volume ramp after any domain or mailbox change - do not jump back to full volume immediately after any DNS or infrastructure update

Sequence Structure

Long sequences with many follow-ups accumulate negative signals. Every touchpoint that gets no response is a missed engagement opportunity. Inbox providers factor engagement (or the lack of it) into placement decisions.

What to check:

• Sequence length is 3-5 steps maximum for cold outreach
• Follow-up intervals are at least 3-4 days apart
• Contacts who do not open after 2-3 sends are removed from the sequence, not followed up indefinitely
• Each follow-up adds new value - does not just repeat the original ask

One B2B agency running 1,500 sends per day at 95% deliverability tracks positive reply rate as their core health metric, not just reply rate. Their benchmark: above 2% positive reply rate means the infrastructure is healthy. Below 2% triggers a full infrastructure audit before any copy changes are made.

Part 7 - Monitoring and Recovery

Setup is a one-time task. Monitoring is ongoing. Deliverability crashes slowly and stays invisible until the damage is done.

Tools to Have Active

• Google Postmaster Tools - free, tracks domain reputation and spam rate for Gmail sends. Set it up on day one, before any sends.
• Microsoft SNDS - equivalent of Postmaster Tools for Outlook, Hotmail, and Live.com sends. Shows your IP status as green, yellow, or red.
• MxToolbox - blacklist monitoring. Check at least weekly. Catching a blacklist listing early cuts recovery time dramatically.
• Mail-tester.com - run a test before any new campaign to spot authentication issues, content problems, and blacklist flags in one report.

Metrics to Watch Weekly

Recovery Timelines (Set Realistic Expectations)

Authentication fixes take effect within 24-48 hours once DNS changes propagate. That is the fast part. Reputation recovery, blacklist removal, and spam trap hits all run on longer clocks.

Reputation recovery after sustained high spam complaints takes 2-4 weeks of consistent clean sending. Blacklist removal ranges from immediate (some lists auto-delist) to several weeks depending on the specific list. The most serious cases - spam trap hits or sustained complaint spikes - can take 6-12 months to fully recover from. That is not a typo. A spam trap hit is a six-month problem, minimum.

Prevention is not a figure of speech here. The monitoring setup in this section is how you avoid the 6-month recovery window entirely.

Industry Inbox Placement Benchmarks

These numbers give you a baseline to measure against. If your inbox placement rate is below your industry median, something in your infrastructure is underperforming even if no individual metric looks broken.

The cross-industry median is 89% inbox placement. The top-performing senders are pulling further ahead. The bottom tier churns through domains and burns reputation. Infrastructure discipline separates those two groups.

The Full Checklist at a Glance

Run this from top to bottom before every new campaign launch. For ongoing campaigns, run the monitoring section weekly.

Authentication

• SPF record is valid, has under 10 lookups, ends in -all or ~all
• DKIM is active on all sending sources, key is 2048 bits, aligned with From domain
• DMARC record is published, reporting addresses configured, you are reading reports
• PTR reverse DNS record matches sending domain
• From domain aligns with SPF and DKIM domains

Domain and Inbox Setup

• Cold email goes from sending domains, not primary domain
• Maximum 2 mailboxes per sending domain
• Google and Outlook inboxes split 50/50
• Warmup ran for 21+ days before first campaign send
• Warmup is still running alongside active campaigns
• Daily send volume per mailbox is 25 or below
• Domain rotation scheduled every 4-5 weeks

List Quality

• All emails verified within last 30 days
• Bounce rate is under 2% - if above 3%, run list through verification again before continuing
• Role addresses removed
• List is filtered by title, company size, and location
• No purchased lists without verification

Content and Copy

• Plain text format only for cold outreach
• No formal unsubscribe footer on cold outreach sends (replace with plain-text opt-out offer)
• AI-generated copy has been edited for sentence variety and human rhythm
• Zero or one link per email
• No link shorteners
• No spam trigger words
• Offer is clear - one sentence, one outcome, one specific niche

Sending Behavior

• Random send delays active (3-8 minute gaps between sends)
• Sends spread across business hours
• Sequence is 3-5 steps maximum
• Non-openers after 2-3 sends are removed from sequence
• No volume spikes after any infrastructure change

Monitoring

• Google Postmaster Tools active and domain verified
• Microsoft SNDS configured
• Blacklist check run weekly via MxToolbox
• Spam complaint rate below 0.1% and not trending upward
• Reply rate above 2% - if below, stop and audit infrastructure before changing copy

One Last Thing I See Skipped on Checklists

One operator tested cold email with 10 domains and 30 inboxes for 2 months. Handful of positive replies. No closes. The post-mortem showed deliverability issues that had been silently degrading since week three of the campaign. By the time the reply rate dropped low enough to notice, the domains were already burned.

Cold email infrastructure requires active monitoring, not one-time setup. The senders hitting 95%+ deliverability and 6-8% reply rates are not doing anything magical with their copy. They are running a tight infrastructure and catching problems early. The checklist above is how you do that.

For B2B campaigns where coaching on the full system - infrastructure, offer, sequence, and conversion - is worth more than another checklist, Learn about Galadon Gold.