Why cold email runs on secondary domains
Cold email never sends from your main company domain. It runs on secondary domains — close variants of your brand bought specifically for outbound — because cold outreach always carries some reputational risk, and a secondary domain contains that risk. If a campaign damages the domain, you retire it and buy another; your invoices, proposals and client correspondence are untouched.
What is the actual risk being contained?
Every domain carries a reputation score with mailbox providers, built from its sending history. Cold email, done properly, keeps that reputation healthy — but "properly" has many failure points: a batch of unverified addresses, a spike in volume, a run of spam complaints. Reputation damage is also asymmetric. It takes six to ten weeks of warm-up to build trust and days of bad sending to destroy it, and a damaged domain can take months to recover, if it recovers at all. Domain reputation sits at the centre of the practical guide to cold email deliverability, and the secondary-domain structure is the insurance policy wrapped around it.
Now imagine that damage landing on your primary domain. Proposals going to spam. Invoices unseen. Replies to existing clients quarantined. The cost of that failure is unbounded, while the cost of a secondary domain is roughly the price of a takeaway. The asymmetry decides the question.
Why not just send carefully from the main domain?
Because careful is not the same as immune. Even a well-run campaign meets circumstances it does not control — a prospect's server misclassifying a send, an address that turned into a spam trap since verification, a blacklist operator with a broad brush. Careful sending lowers the probability of damage; it cannot make the damage survivable. Separation does.
There is also a structural reason: volume. One mailbox sends 25–40 cold emails a day, and providers watch volume per domain, not just per mailbox. Scaling means more mailboxes across more secondary domains, a structure your primary domain could never host without looking like exactly what filters are trained to catch.
How do you set up a secondary domain properly?
The mechanism, in order:
- Buy a close variant of your brand. For tformat.co.uk that might be tformat.com or try-tformat.co.uk. When a prospect glances at the sender, then the name should still read unmistakably as you.
- Redirect the bare domain to your main website. When a suspicious prospect types the domain into a browser, then they land on your real site, not a parking page.
- Set up authentication before anything sends. SPF, DKIM and DMARC, configured per domain — the plain-English version is in SPF, DKIM and DMARC explained. An unauthenticated secondary domain is dead on arrival.
- Create one to three mailboxes on it, with a real person's name and a proper signature.
- Warm the mailboxes for six to ten weeks before any live sending, then hold each at 25–40 cold emails a day.
When each step happens in that order, then the domain enters service with a clean identity, a credible history, and a firewall between your outbound and your business.
What do prospects see, and does it look odd?
Almost nothing, and no. The from-name is a real colleague, the signature is your company's, and the domain differs by a word or a suffix — a detail most recipients never register, because plenty of legitimate firms separate transactional, marketing and personal mail across domains anyway. What matters commercially is that replies work and the sender is truthfully identified, which UK rules on B2B email expect in any case.
The one visible failure mode is choosing a domain that looks nothing like your brand. A cheap unrelated domain reads as evasive. A close variant reads as infrastructure.
When does a secondary domain get retired?
When diagnosis says the domain itself is the problem — persistent spam placement that survives list fixes and volume fixes, or a major blacklist entry that will not clear. The spam diagnosis walks through how to tell a domain problem from a list or content problem; the short version is that if warmed mailboxes on a clean list still miss the inbox, the domain's file is the remaining suspect.
Retiring it is undramatic: stop sending, keep the redirect live, and move campaigns to the next domain in the queue — which is why the queue exists. We stand up and warm spare domains before they are needed, since the six-to-ten-week warm-up cannot be compressed on demand. This is bounded, definable work with a known checklist, which is also why it should be bought as a fixed scope rather than an open meter — the argument generalises, as covered in why hourly automation billing is a trap.
Next step: the Growth System Audit — £450, seven days, credited against any build — maps where your growth system leaks and what to build first.
Total Format builds the systems UK B2B service firms grow on — AI-powered outbound, automation, and reporting — so growth stops depending on the founder's time.
Map your growth system. The £450 audit takes seven days and is credited against any build.
BOOK THE AUDIT