Cold email infrastructure guide

Most cold emailers start with copy. They write sequences, build lists, and set up campaigns — and then treat infrastructure as the thing they configure quickly before hitting send.

The result is predictable: deliverability problems that show up mid-campaign, domains that burn faster than expected, mailboxes that stop performing without obvious cause, and results that plateau no matter how much copy and targeting get refined.

Infrastructure isn't a setup task you complete once. It's an ongoing operational discipline that determines the ceiling of everything else you do. The operators generating consistent pipeline from cold email at serious volume have almost always gotten this right before they optimized anything else.

Outbound runs on four layers: infrastructure, list quality, offer and market relevance, and copywriting and targeting execution. If one layer breaks, the system breaks. When they align, inbox placement becomes more stable and replies become more predictable.

Every cold email campaign sends from dedicated sending domains — domains registered specifically for outbound, completely separate from your primary business domain.

Your primary domain is the one your website lives on, your business email runs through, and your brand identity is attached to. It should never appear in a cold email send path. If it ends up on SURBL, Spamhaus, or any major blacklist from campaign activity, the damage extends far beyond cold email — your transactional emails, your client communications, everything that domain touches becomes less reliable to deliver.

Sending domains absorb the reputation signals from your campaigns. They can be replaced if they get burned. Your primary domain cannot.

• Register domains that look like they belong to real businesses — readable, professional, plausibly related to the brand
• Prefer .com. Use .co, .net, and .info as alternative options. Avoid .xyz, .pro, .biz, and low-trust extensions
• Age domains for a minimum of 30 days before warmup — 60–90 days is better when you can plan ahead
• Never use your primary business domain as a sending domain
• Maintain a pipeline of new domains aging quietly in the background — domain burning is not an edge case, it happens, and the operators who stay consistent plan for it

A proxy domain sits between your sending domains and your primary website, handling all link redirects from your cold email campaigns. When a prospect clicks a link in your email, that click goes to the proxy domain first, which then redirects them to the final destination — your website, a landing page, a calendar booking link, wherever.

The purpose is isolation. Your primary domain never appears in the send path, never gets tracked by spam monitoring systems, and never accumulates blacklist exposure from campaign activity.

One proxy domain per primary domain you're protecting. Agencies need one per client — not just to keep campaign signals isolated, but for a more fundamental reason. The proxy domain is what your sending domains redirect to. If multiple clients share the same proxy domain, a recipient who types a sending domain into their browser could land on the wrong client's website entirely. A prospect researching a financial services firm ends up on a marketing agency's homepage. That's not a deliverability problem — it's a credibility problem that reflects directly on your agency and on the client whose infrastructure caused it.

At InfraSuite, the proxy domain redirect layer is handled using Cloudflare Workers — fast, lightweight, and clean without adding complexity to your main web stack.

Authentication records are what tell receiving mail servers that your email is legitimate. Without all three correctly configured on every sending domain, your mail starts every send at a deliverability deficit regardless of how good everything else is.

SPF — Sender Policy Framework. Specifies which mail servers are authorized to send email on behalf of your domain. One common mistake: SPF records that chain too many includes and exceed the 10 DNS lookup limit — they fail silently and cause authentication failures that are difficult to diagnose.

DKIM — DomainKeys Identified Mail. Adds a cryptographic signature to every outgoing email, proving the message wasn't tampered with in transit. A valid DKIM signature is one of the strongest trust signals inbox providers use to evaluate incoming mail.

DMARC — Domain-based Message Authentication Reporting and Conformance. The policy layer that ties SPF and DKIM together. Tells receiving servers what to do when SPF or DKIM fails and enables reporting so you can see what's being sent on your domain's behalf. Start with p=none to monitor without blocking, then move to p=quarantine or p=reject as your setup stabilizes.

All three records need to be configured on every sending domain before warmup begins. Run them on your primary domain too — not for cold email, but to protect your business email reputation and prevent spoofing.

Mailboxes are the sending accounts that live on your sending domains. For B2B cold email, enterprise-grade Microsoft 365 inboxes are the right infrastructure choice — and the reasoning is structural, not just preferential.

Most businesses you're targeting run on Microsoft. Their teams use Outlook. When your outreach arrives from M365 infrastructure, it's arriving from within the same ecosystem your prospects work in every day. Outlook to Outlook deliverability has historically been one of the most consistent advantages in cold email infrastructure.

The distinction between enterprise-grade M365 inboxes and cheaper alternatives matters significantly. Shared IP infrastructure — where your mailboxes send from IP pools shared across hundreds or thousands of other senders — means your deliverability is partly determined by what those other senders do. You have no control over it. Enterprise M365 accounts give you reputation independence: your results are determined by your own behavior.

Google Workspace is the better fit for B2C outreach or campaigns targeting audiences that skew heavily toward Gmail. For B2B targeting corporate buyers, M365 is the standard.

New domains and mailboxes have no sending history. Sending cold campaigns from fresh infrastructure immediately is one of the fastest ways to burn domains — you're exhibiting exactly the behavior pattern that spam operations use, and inbox providers flag it accordingly.

Warmup builds sender reputation gradually by sending low volumes of mail through a warmup pool — a network of mailboxes that engage with your warmup emails through opens and replies, creating a positive engagement history that inbox providers use to evaluate your sending identity.

Warmup is handled through your sending tool — Instantly, Smartlead, Emailbison, Plusvibe, and similar platforms all include warmup functionality. This is not something your infrastructure provider manages.

• Minimum 14 days of warmup before sending any cold outreach — no exceptions
• Keep warmup volume conservative: 10 warmup emails per day per mailbox is the sweet spot
• Start at 1 email per day and increment by 1 daily if you want the cleanest possible reputation signal
• Never disable warmup, even when you're not actively running a campaign — warmup should stay on continuously to maintain mailbox health
• Don't start warmup for all mailboxes on a domain on the same day — stagger start dates so engagement patterns build gradually
• Monitor warmup activity throughout — don't assume it's running correctly, verify it

Each component of cold email infrastructure is interdependent. Your sending domains carry the reputation signals from your campaigns and protect your primary domain from exposure. Your proxy domain handles the link redirect layer and keeps your primary domain out of the send path entirely. Your DNS authentication records establish the technical legitimacy of your mail before inbox providers evaluate anything else. Your mailboxes are the sending accounts campaigns run through — provisioned on infrastructure that determines whether they send from a position of institutional trust or shared reputation risk. And warmup builds the sending history that transforms a fresh mailbox into one that inbox providers treat as a legitimate, established sender.

Remove any one of these layers and the others are weaker for it. Strong infrastructure with a dirty list produces the same outcome as weak infrastructure — because list quality is the variable that interacts most directly with deliverability signals.

Dirty lists — sending to invalid addresses, spam traps, and heavily outdated contacts drives bounce rates up and triggers blacklist monitoring systems fast. Verify every list before it enters your sending infrastructure. Remove invalids, catch-alls, unknowns, and spam traps. Randomize the order before importing so you're not hitting multiple people at the same company sequentially. After verification, sort your list by MX provider to identify recipients behind secure email gateways — Mimecast, Proofpoint, Barracuda — and treat them as higher friction.

No hyperlinks on the first cold email — keep your initial outreach plaintext. Links in first-touch emails contribute to spam filter scoring and reduce the chance of landing in the primary inbox. If you need to share a link, do it in a follow-up after you've established initial engagement.

Rushed warmup — skipping warmup or compressing it below 14 days sends fresh domains into campaigns before they have any reputation to protect them. They get flagged fast and the damage compounds quickly.

Excessive warmup volume — more warmup emails per mailbox per day is not better. High warmup volume creates the same bulk sending signal as high campaign volume. Ten warmup emails per day per mailbox is the conservative sweet spot.

Authentication gaps — broken or missing SPF, DKIM, or DMARC records cause authentication failures that inbox providers use to filter or flag your mail before content or reputation even factor in.

High complaint rates — spam complaints are one of the most damaging signals in cold email. A complaint rate above 0.1% starts causing problems. List quality, ICP precision, and copy relevance are the variables that determine complaint rates.

Single-provider dependency — running all infrastructure through one provider creates a single point of failure. Distribute across two or three providers so that platform-level issues with one don't stop your entire operation.

When campaigns underperform, most operators look at reply rate first. That's usually the wrong starting point.

The two strongest indicators of whether your emails are actually reaching inboxes are out-of-office rate and bounce rate. If your out-of-office rate is running at 1–2% or above and your bounce rate is at or below 2%, you are generally inboxing. The problem is likely copy, offer, targeting, or list relevance — not infrastructure.

If your out-of-office rate is 0%, your bounce rate is 0%, and your reply rate is below roughly 0.75%, that combination warrants a closer look at deliverability specifically.

This framework helps you avoid fixing the wrong layer. Low reply rate by itself does not prove an infrastructure problem.

One additional thing worth checking: Instantly and Smartlead route some replies into an "Others" or "Untracked" bucket rather than your main inbox. This is normal platform behavior. Most of what lands there is warmup traffic, but genuine prospect replies can end up there too — especially when someone replies from a new thread or a forwarded email. Check it regularly. Interested replies get missed when operators assume every response lands in the primary inbox.

Good infrastructure gets stronger with use. Domains that have been sending clean traffic consistently for months develop reputation that provides meaningful protection against occasional imperfections. The infrastructure becomes more resilient, not less.

Poor infrastructure degrades. Problems accumulate. Domain burnout accelerates. Recovery takes longer each time. The operational cost of managing degraded infrastructure compounds against your results in ways that are difficult to recover from without rebuilding from scratch.

The operators with the most durable cold email results got infrastructure right first — and maintained it with the same discipline they applied to copy and targeting.