Sign inStart free
← BlogEmail Deliverability

Cold Email Deliverability Checklist: 15 Things to Check Before Every Campaign

Run through this 15-point checklist before every cold email campaign. Miss any item and your emails risk landing in spam, bouncing, or getting your domain blacklisted.

YOG.io Team··9 min read

Bad deliverability is usually not one problem — it's several small problems compounding into a campaign that lands in spam. This checklist covers every layer of deliverability from DNS configuration through to content and sending behaviour. Work through it before your first send and again before each new campaign on a domain or sender you haven't used recently.

Authentication Layer (DNS Configuration)

✅ 1. SPF record is configured and passes

Your domain must have a single SPF TXT record at its root that lists all authorised sending servers. Check it at MXToolbox.com (SPF Lookup). It should return "SPF record found" with no errors. Common failures: duplicate SPF records, missing your cold email platform's include, exceeding the 10-lookup limit.

Quick check: Send a test email to mail-tester.com. It will flag SPF failure immediately.

✅ 2. DKIM is enabled and key is published

Every sending platform (Google Workspace, Outlook, custom SMTP) needs a DKIM key pair. The public key lives in your DNS as a TXT record at selector._domainkey.yourdomain.com. If you use multiple sending platforms, you need a DKIM record for each one. Check: MXToolbox DKIM Lookup with your domain and selector (e.g., "google").

Important: DKIM on the platform side is not enough. The DNS record must be published and propagated.

✅ 3. DMARC policy is in place

DMARC is required by Google and Yahoo for anyone sending 5,000+ emails/day. Even at lower volume, a missing DMARC record is a negative signal. The minimum is v=DMARC1; p=none; rua=mailto:[email protected] at _dmarc.yourdomain.com. This reporting-only mode won't reject any emails but tells ISPs you're managing your domain correctly.

Goal over 8–12 weeks: Progress from p=none → p=quarantine → p=reject.

✅ 4. Sending domain is separate from your primary business domain

Never run cold email campaigns from the same domain you use for internal email and customer communication. A blacklisted campaign domain is recoverable. A blacklisted primary domain — the one on your website and in every customer contract — is catastrophic. Use getcompany.com or company-mail.com as a cold sending domain.

Domain & Sender Reputation

✅ 5. Sending domain is warmed up before hitting full volume

New domains have zero sending history. Mail servers use history as a trust signal — a domain that suddenly sends 500 emails on day 1 looks like a spam operation. A properly warmed domain ramps gradually:

  • Days 1–7: 10–20 emails/day
  • Days 8–14: 25–50 emails/day
  • Days 15–21: 50–100 emails/day
  • Days 22–30: 100–200 emails/day
  • Day 31+: Up to 500 emails/day per domain (conservative safe limit)

Most cold email platforms include a warmup tool that sends and exchanges emails with a warmup pool to build reputation. Enable it on day 1 and leave it running throughout your campaigns.

✅ 6. Domain is not on any blacklists

Check MXToolbox Blacklist Check with your sending domain and sending IP. It checks against 100+ blacklists simultaneously. If you find a listing, check the specific blacklist's delisting process — most have a self-service request if your spam rate has dropped. Common culprits: Spamhaus SBL, SORBS, SpamCop.

✅ 7. Spam rate in Google Postmaster Tools is below 0.10%

Google Postmaster Tools (postmaster.google.com) shows your domain's spam rate as reported by Gmail users marking your emails as spam. Keep it below 0.10%. Above 0.30% triggers automatic sending restrictions. If you don't have Postmaster Tools set up for your sending domain: add it now and verify the domain. It's free and the data is not available anywhere else.

List Quality

✅ 8. Your email list is MX-validated

Before sending, every email address in your list should be MX-validated — confirming that the recipient domain has active mail exchange records and can receive email. This eliminates obviously invalid addresses without sending a test email. Hard bounce rates above 2% are a strong spam signal to receiving mail servers.

Never guess email formats. Generating addresses using name patterns ([email protected], [email protected]) produces high bounce rates. Only use verified addresses from web-discoverable sources.

✅ 9. Suppressions are applied — no re-contacting opt-outs or bounces

Anyone who has opted out, replied to stop, or hard-bounced must be permanently suppressed. Re-sending to them will increase your spam rate and may violate GDPR (EU), CAN-SPAM (US), CASL (Canada), or PECR (UK) depending on the recipient's location. Your sending platform should maintain this suppression list automatically and apply it to every new campaign.

✅ 10. No purchased or scraped email lists

Purchased lists are almost always heavily recycled, contain spam traps (email addresses maintained by ISPs specifically to catch bulk senders), and include contacts who have never heard of you. A single spam trap hit can blacklist your domain within hours. Spam traps look like valid email addresses — they cannot be identified by MX validation alone. The only protection is sourcing contacts from public, consent-rich, first-party channels.

Email Content

✅ 11. Subject line contains no spam trigger words

Spam filters analyse subject lines for trigger patterns. The highest-risk phrases: "FREE", "Make money", "Click here", "You've been selected", "Guaranteed", "No risk", "Act now", excessive exclamation marks, and ALL CAPS words. Use plain, direct subject lines that match what a human would write. Personalised subjects ("[First name], quick question about [Company]") outperform generic ones in both deliverability and reply rate.

✅ 12. Email body has no tracking pixel issues and no broken links

Open tracking pixels add a tiny invisible image to your email — some spam filters flag emails with excessive image-to-text ratios. Limit tracking pixels to one, and include plain text content that is at least as long as your HTML. Check all links before sending — broken links and URL shorteners (bit.ly, tinyurl.com) are both spam signals. Use full URLs with your sending domain's subdomain for tracking links (not a third-party shortener).

✅ 13. One-click unsubscribe is present

Google and Yahoo require a List-Unsubscribe header in all bulk email, with a one-click unsubscribe process that takes effect within 2 days. For cold email sequences, include a plain-text opt-out line in every email: "If this isn't relevant, reply 'unsubscribe' and I'll remove you immediately." This handles GDPR legitimate interest requirements and Google/Yahoo bulk sender rules simultaneously.

Sending Behaviour

✅ 14. Sending volume matches your warmup stage and domain age

Even a well-established domain has limits. Industry guidelines for safe per-domain daily volumes:

  • Under 30 days old: maximum 50 cold emails/day
  • 30–60 days old: maximum 100–150 cold emails/day
  • 60–90 days old: maximum 200–300 cold emails/day
  • 90+ days, healthy reputation: up to 500 cold emails/day

If you need more volume, use multiple warmed sending domains — not more volume per domain. Rotating between 3 warmed domains gives you 1,500 cold emails/day with a healthier reputation per domain than pushing one domain to 1,500.

✅ 15. Sending times are distributed, not burst-scheduled

Sending 500 emails in a 2-minute window looks like a mass marketing blast. Sending 500 emails distributed randomly across 6 hours looks like a human working through their outbox. Most platforms have a "throttle" or "send over X hours" setting. Enable it. Industry best practice: 50–100 emails per hour maximum, with randomised delays between sends.

Final Pre-Campaign Check: mail-tester.com

Before any new campaign or after any configuration change, send a test to mail-tester.com. It returns a score from 1–10 and breaks down every issue found:

  • Score 10/10: You're in excellent shape
  • Score 8–9: Minor issues — review what it flags
  • Score 6–7: Significant issues — resolve before sending
  • Score below 6: Don't send until fixed

The most common score-reducers: missing DKIM, SPF misconfig, blacklisted IP, spam words in subject, no plain text version, missing unsubscribe link.

What to Do If You're Already Seeing Deliverability Problems

If your open rates have dropped significantly (under 15% for a previously healthy domain), you may already have a reputation issue:

  1. Stop sending campaigns immediately on the affected domain
  2. Check blacklists (MXToolbox) and request delisting if listed
  3. Check Google Postmaster Tools for spam rate trends
  4. Review your last 3 campaigns for the root cause (bad list, content issues, volume spike)
  5. Run warmup-only for 4–6 weeks on the domain before resuming campaigns
  6. Resume at low volume (20 emails/day) and scale back up over 4 weeks

Domain reputation recovery takes time — there is no shortcut. A domain that was heavily blacklisted is sometimes better retired in favour of a new sending domain with a clean record.

For a comprehensive deliverability setup with built-in warmup, suppression management, and per-domain health monitoring, see how YOG.io handles sender reputation. The SPF, DKIM, and DMARC setup guide covers the DNS configuration in detail.

Related reading

Email Deliverability

SPF, DKIM, and DMARC for Cold Email: The Non-Technical Setup Guide

12 min readEmail Deliverability

Cold Email Deliverability in 2025: Why Your Emails Land in Spam and How to Fix It

10 min readEmail Deliverability

Email Warmup: What It Is, How Long It Takes, and What Destroys It

9 min read
Ready?

Run your next outbound or marketing campaign from one governed system.

Import an audience, let AI prepare the message, approve the work, send from the right identity, and measure what happens next. One contact memory underneath every campaign.

Start free todayTalk to a human

No credit card · 14-day free trial · Governed by design