Cold Email Deliverability: The Practical Guide
Deliverability is whether your email reaches the inbox rather than the spam folder, and for cold email it is decided before you press send. Mailbox providers judge senders on domain reputation, authentication, volume patterns, engagement, and list quality — so the work is warming domains, verifying addresses, and holding volume to 25–40 emails per day per inbox. This guide covers the full mechanism, the setup, the discipline, and the mistakes that burn a domain in a week.
What is deliverability, exactly?
Deliverability is the percentage of your sent emails that land in the recipient's inbox. It is distinct from delivery: an email can be accepted by the receiving server (delivered) and still be filed straight into spam (not deliverable in any useful sense). For a cold campaign the distinction is everything — copy in the spam folder has a reply rate of zero, however good it is.
Deliverability is not a setting you switch on. It is a reputation you accumulate, which is why every stage of the UK B2B outbound playbook is arranged to protect it.
How do spam filters judge a sender?
Mailbox providers score every incoming email against the sender's history. The exact algorithms are private, but the inputs are well understood, and they reduce to five questions:
- Domain reputation. Has this domain sent email before, and how did recipients treat it? A domain with months of clean history is trusted; a new or damaged one is not.
- Authentication. Do SPF, DKIM, and DMARC records confirm the sender is who they claim to be? Failing these is close to disqualifying.
- Volume patterns. Does the sending pattern look human? Thirty emails a day, every weekday, looks like a person. Five hundred on a Monday after weeks of silence looks like a spammer, and is treated as one.
- Engagement. Do recipients open, reply to, and file these emails — or delete and report them? Replies are the strongest positive signal there is.
- List quality. Do the addresses exist? A rising bounce rate tells the filter the sender is guessing, and when bounces rise, then the filter downgrades everything else from that domain.
Every practice in this guide exists to give the right answer to one of those five questions.
Why send from secondary domains?
Because cold outreach carries inherent reputation risk, and your main domain carries your invoices, proposals, and client correspondence. If a campaign misfires, you want the damage confined to an expendable asset.
The standard arrangement: register one or more secondary domains close to your brand (for example, a .co.uk variant or a slightly modified name), set up one or two mailboxes on each, authenticate them fully, and warm them before any campaign. Your main domain never sends a single cold email.
What does warm-up do, and what does a 91/100 score mean?
A new domain has no sending history, so filters extend it no trust. Warm-up manufactures that history deliberately: over roughly six to ten weeks, the mailbox exchanges a gradually increasing volume of emails with a network of real mailboxes that open, reply, and rescue messages from spam. Filters observe a sender whose volume grows steadily and whose mail gets engaged with — the exact profile of a legitimate correspondent.
Warm-up tools summarise this in a health score. A score of 91/100 is what a fully warmed mailbox looks like: nearly all test emails landing in the primary inbox, engagement signals strong, authentication passing. We treat roughly 90+ as ready for live sending, and anything materially below it as not ready. The full mechanics — what the score measures and why warming continues after launch — are in what a 91/100 warm-up score actually means.
What are SPF, DKIM, and DMARC in plain English?
Three DNS records that prove your email is not forged. You set them once per domain, and they answer the filter's authentication question.
- SPF is the guest list. It names the servers allowed to send email for your domain. When an email arrives from a server not on the list, then the filter treats it as suspect.
- DKIM is the wax seal. Your sending server signs each email cryptographically; the recipient checks the seal is intact. When the signature fails, then the email was tampered with or forged.
- DMARC is the standing instruction. It tells receiving servers what to do when SPF or DKIM fails — quarantine it, reject it — and sends you reports on who is sending as your domain.
All three, correctly configured, are the price of entry. They do not make you trusted; they make you eligible to earn trust.
Why must you verify addresses before sending?
Because bounce rate is one of the fastest ways to destroy a domain reputation. Purchased or scraped lists commonly contain 10–20% dead addresses, and every bounce tells the filter you are guessing.
Catch-all domains complicate matters: they accept mail for any address, so a verifier cannot confirm the recipient exists, and the bounce arrives only after you send. The working rule is that every list passes through a verification step before it is loaded into a sending tool, and risky addresses are excluded or segmented rather than sent to on hope. The full treatment — catch-alls, bounce mechanics, and what to do with the greys — is in why you verify before you send. The verification step itself sits inside the wider data process described in the B2B database building guide.
How much should each inbox send?
25–40 cold emails per day per inbox. Not 100, not 200, whatever the sending tool permits. The ceiling exists for two reasons:
- It keeps the volume pattern human. Filters trust senders that behave like people, and no person sends 300 individual emails a day.
- It caps the blast radius. If a campaign has a problem — a bad list segment, a message that draws complaints — you find out after 30 sends, not 3,000.
Scaling happens by adding warmed inboxes in parallel, one campaign per mailbox, never by pushing one inbox harder. This is the parallel-campaign model, and it is the only durable way to increase volume.
What should you monitor weekly?
A working deliverability review takes fifteen minutes a week per campaign:
- Bounce rate. Should stay very low on a verified list. A rise means the list source or verification step has slipped.
- Positive-reply rate. Our working expectation is around 4%; below 3% means the campaign needs fixing. A sudden fall on a previously healthy campaign is often a deliverability symptom, not a copy problem.
- Warm-up and placement scores. Warming runs continuously in the background; a falling score is an early warning that arrives before the reply rate collapses.
- Spam complaints. Even a handful matters at cold-email volumes.
The habit matters more than the dashboard. Deliverability failures are gradual and then sudden; weekly review catches them in the gradual phase, when they are still cheap to fix.
What burns a domain in a week?
The same short list, over and over:
- Sending cold email from a brand-new domain with no warm-up.
- Loading an unverified list and absorbing a double-digit bounce rate.
- Volume spikes — hundreds of sends in a day from an inbox that usually sends dozens.
- Skipping SPF, DKIM, or DMARC, so authentication fails from the first send.
- Images, attachments, and link-heavy templates that pattern-match to spam.
- Ignoring opt-outs, which converts mild disinterest into complaints — and complaints are the signal filters weight most heavily.
A burned domain is rarely worth rehabilitating. In practice you retire it, register a fresh one, and lose six weeks to warm-up — which is why prevention is the entire game.
What does UK compliance require?
In brief, and not as legal advice: UK cold email to business recipients can typically rely on legitimate interest under UK GDPR and PECR, provided the outreach is relevant to the recipient's role, you identify yourself honestly, and every email carries a working opt-out that is honoured immediately. Corporate addresses (a named person at a company) are treated differently from consumer addresses, which is one reason B2B cold email remains workable in the UK where B2C is not.
Compliance and deliverability point the same way: relevant targeting, honest sending, easy opt-outs. The law and the filters are, in effect, asking for the same behaviour.
What does this look like installed?
All of the above — secondary domains, authentication, warm-up, verification, volume discipline, weekly monitoring — is infrastructure, and it is the part of outbound most firms get wrong first. It is also the first thing we build in the Outbound Engine: the sending system goes in before a single line of copy is written, because copy cannot outperform the infrastructure carrying it.
Next step: the Growth System Audit — £450, seven days, credited against any build — maps where your growth system leaks and what to build first.
Total Format builds the systems UK B2B service firms grow on — AI-powered outbound, automation, and reporting — so growth stops depending on the founder's time.
Map your growth system. The £450 audit takes seven days and is credited against any build.
BOOK THE AUDIT