A fresh domain has zero reputation. Gmail, Outlook, and every major receiving server treat it like a stranger walking into a bank asking for a hundred-thousand-dollar loan. They’re skeptical by default — and they should be. Sending cold email from an unwarmed domain is the fastest way to land in spam before your first reply ever arrives.
Cold email domain warmup is the process of building that reputation from scratch. It’s not optional. Every serious sender does it, and skipping it doesn’t save time — it just means you’ll burn a domain that took weeks to register and configure, then start over.
Here’s how to do it right, from DNS records to day 45.
Why You Send from a Separate Domain
Your main domain — the one on your website and your company email — is too valuable to risk. If you send cold email from company.com and your sender reputation takes a hit, your transactional email goes down with it. Invoices, password resets, onboarding sequences — all of them start landing in spam.
The standard approach is to register one or more sending domains for cold outreach. Common patterns: company.io, usecompany.com, getcompany.com, trycompany.com. These redirect to your main site or not — it doesn’t matter much. Your main domain stays clean.
One sending account on one warmed domain can safely send 30–50 emails per day after a proper warmup period. If you need more volume, add more domains and accounts. Don’t push a single domain past its limit.
DNS Setup for Cold Email: SPF, DKIM, and DMARC
Before you warm anything, get your DNS records right. Sending from a domain without SPF, DKIM, and DMARC configured tells receiving servers you’re either careless or malicious. Either way, you’re going to spam.
These are the three records you need.
SPF: Who Can Send on Your Behalf
SPF (Sender Policy Framework) is a TXT record that declares which mail servers are authorized to send email from your domain. When a receiving server gets an email claiming to be from @yourdomain.com, it checks your SPF record to verify the claim.
A typical SPF record for Google Workspace:
v=spf1 include:_spf.google.com ~allThe ~all at the end means “soft fail” — messages from unauthorized servers are suspicious but not automatically rejected. Some senders prefer -all (hard fail). For cold email DNS setup, ~all is safer while you’re still getting everything configured.
If you use multiple sending tools — Google Workspace plus a warmup service, for example — include both:
v=spf1 include:_spf.google.com include:warmupservice.com ~allOne hard limit: keep your SPF record under 10 DNS lookups. Go over that, and some receivers will fail the check entirely.
DKIM: Proof the Email Wasn’t Tampered With
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The receiving server checks that signature against a public key published in your DNS. If they match, the email is verified as coming from you and unchanged in transit.
For Google Workspace, you generate the DKIM key in your Google Admin console under Apps → Google Workspace → Gmail → Authenticate Email. Then you publish the key as a TXT record:
Name: google._domainkey.yourdomain.com
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA...The p= value is your public key — a long string. Add it exactly as Google provides it. Don’t abbreviate.
DKIM is non-negotiable for cold email domain warmup. Without it, you’re relying on SPF alone, and that’s not enough to build strong sender reputation from scratch.
DMARC: What Happens When Something Fails
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together and tells receiving servers what to do when a check fails. It also sends you aggregate reports on who’s sending email claiming to be from your domain — useful for catching spoofing early.
Start permissive:
v=DMARC1; p=none; rua=mailto:[email protected]p=none means “monitor but don’t reject.” Once you’ve been sending for a few weeks without issues, tighten it to p=quarantine or p=reject.
The rua= address receives weekly digest emails from major providers showing authentication results. Add a real inbox there. These reports are worth reading — they’ll show you if anything unexpected is sending from your domain.
MX Records Matter Too
If your sending domain has no MX records, replies have nowhere to go. Even if you don’t plan to actively use this domain for receiving, add MX records pointing to Google Workspace or wherever you want replies to land. Domains with no MX get flagged as likely spam infrastructure.
The Cold Email Domain Warmup Schedule
DNS configured. Now the warmup begins. Cold email domain warmup takes 4–6 weeks. There’s no shortcut that doesn’t cost you more time later.
The logic: you start with a handful of emails per day — all to known, engaged recipients who will open and reply — and increase volume slowly. Each positive signal tells receiving servers your domain is legitimate. Each negative signal sets you back.
Week 1: 3–5 emails per day
Send only to people you know will engage. Colleagues, friends, other email accounts you control. This isn’t prospecting — it’s reputation engineering. Reply to some of them from the receiving inbox so the domain generates two-way conversation signals.
Week 2: 10–15 emails per day
Continue with engaged recipients. Start sending test emails to personal accounts across Gmail, Outlook, and Yahoo, then check where they land. If you’re hitting spam, don’t panic — check your DMARC report and verify your SPF and DKIM are passing before continuing.
Weeks 3–4: 25–30 emails per day
You can introduce a small batch of real cold email here. Keep volume low and verify every address before it goes out. One hard bounce during warmup undoes a week of positive signals.
Weeks 5–6: 40–50 emails per day
If weeks 3 and 4 went cleanly — inbox placement consistent, no spike in bounces — ramp to your target volume. Fifty emails per day per account is the practical ceiling for sustainable cold outreach. Past that, you’re gambling with domain reputation you spent six weeks building.
Most warmup tools automate this ramp by sending and opening emails within a network of inboxes. They work. But they don’t replace real engagement from real people in weeks 1 and 2. Use both.
What Kills a Warmup Mid-Process
A few mistakes undo weeks of progress faster than you’d expect.
Hard bounces above 2%. During warmup, a high bounce rate signals a bad list. Verify every address — Hunter.io and NeverBounce catch most invalid addresses before they cause damage.
Spam complaints. A single spam complaint during warmup carries more weight than dozens of positive engagements. Don’t send to anyone who has no idea who you are yet. Your warmup sends should feel like emails, not blasts.
Zero engagement. Emails that land and never get touched — no open, no reply, no interaction — degrade domain reputation the same way bounces do. The warmup schedule is built around engineering positive signals, not hitting a send count.
Identical copy across multiple sends. If every email in a batch is word-for-word the same, spam filters notice. Vary your opening lines. Keep it human.
Monitor Reputation Throughout
Don’t guess. Check your domain reputation during cold email domain warmup.
Google Postmaster Tools (free) shows your domain reputation at Google — the most critical datapoint for cold email senders since Gmail handles around 35% of business inboxes. If reputation shows “Bad,” stop sending and diagnose before your next send. Check it weekly at minimum.
Mail-Tester.com lets you send a test email and get a score for your SPF, DKIM, DMARC configuration, and content. Run it before your first send and again after any DNS change.
PitchGale’s deliverability assistant handles this monitoring automatically — it tracks your DNS authentication status, flags configuration problems, and shows sender reputation in the dashboard without you having to cross-reference multiple tools.
When the Warmup Is Done
Here’s how you know cold email domain warmup is complete: your emails land in the inbox — not spam — across Gmail, Outlook, and at least one other major provider. Google Postmaster shows Medium or High domain reputation. SPF, DKIM, and DMARC are all passing clean. You haven’t seen a bounce rate above 1% in two weeks.
That’s the baseline. You did the DNS setup right. You ran the warmup schedule. Now your sending infrastructure can carry a real campaign.
One more thing: start warming your next domain before you need it. By the time your current account shows signs of fatigue — dropping open rates, occasional spam folder appearances — you want a fresh domain ready to rotate in. The senders who run this well don’t treat domain warmup as a one-time setup. They run it continuously, always two or three weeks ahead of their next domain needing to be active.
Infrastructure isn’t glamorous. But it’s the reason your emails get read.