How many cold emails can you send per day without getting blacklisted?

Send no more than 30-50 cold emails per day per domain. For a campaign targeting 500 sends per day, you need 10-17 domains rotating together. New domains should start at 5-10 emails per day during warmup and increase by 5-10 per day each week until reaching 30-50. Sending more than 50 per day from a single domain, especially a new one, is the fastest way to land in spam or trigger a Google or Microsoft blacklist.

How long does email warmup take before you can send cold email?

Email warmup takes a minimum of 3 weeks, with 4-6 weeks being the safer standard. During warmup, tools like Instantly's Unibox or Smartlead's warmup network exchange emails between accounts, build a reply history, and establish sender reputation. The domain needs to be at least 2 weeks old before starting warmup -- Google ignores warmup activity on brand-new domains.

What DNS records do I need for cold email deliverability?

You need three DNS records: SPF (Sender Policy Framework) authorizes which mail servers can send from your domain, DKIM (DomainKeys Identified Mail) adds a cryptographic signature that proves emails were not tampered with, and DMARC (Domain-based Message Authentication) tells receiving servers what to do with emails that fail SPF or DKIM checks. All three are required. Missing any one of them will significantly reduce inbox placement rates.

What is an acceptable bounce rate for cold email campaigns?

Keep bounce rate below 2%. Above 2% hard bounces signals poor list hygiene to email providers and accelerates domain reputation damage. Above 5% is severe and will get domains flagged quickly. To stay under 2%, verify every email address before sending using a tool like Prospeo, Hunter, or NeverBounce. Remove any email with a 'risky' or 'invalid' status before importing to your sending platform.

What tools do I need to automate cold email in 2026?

The core stack: a domain registrar (Namecheap or Google Domains), Google Workspace or Microsoft 365 for business email hosting, a data tool for list building (Apollo, Clay, or LinkedIn Sales Navigator), an email verification tool (Prospeo or Hunter), and a cold email sending platform (Instantly or Smartlead). Total cost for this stack runs $200-400 per month. Instantly and Smartlead both include built-in warmup networks, which removes the need for a separate warmup tool.

How to Automate Cold Email Without Getting Blacklisted

How cold email automation works (without ruining your domains)

Cold email automation lets you send hundreds of personalized outreach emails per day without writing each one by hand. Get it right and you'll see 3-8% reply rates, spend $200-400/month on tools, and need maybe 2 hours a week to babysit it once it's running. Get it wrong and you'll burn your domain reputation in 2-3 weeks. Worst case, you permanently break your ability to send any business email from that domain.

The whole game is infrastructure. Below are the technical steps in order: domain setup, DNS records, warmup, sending limits, list hygiene, inbox rotation. Don't skip ahead.

Step 1: Domain setup, and why you never send from your main domain

Rule one of cold email: never send cold outreach from your primary business domain.

If your company is acme.com, don't send cold email from hello@acme.com. Buy secondary domains, variations of your company name, and send from those instead.

Why this matters. If a campaign tanks your sender reputation (too many bounces, complaints, spam triggers), the damage is contained to the secondary domain. Your main domain stays clean for the stuff that actually matters: customers, contracts, internal email. Domain naming patterns that work:

Primary Domain	Acceptable Secondary Domains
acme.com	acme.co, acme-hq.com, tryacme.com, getacme.com
stellardigital.io	stellar-digital.com, stellardigitalhq.com, stellardigital.co

Buy at Namecheap ($8-12/year per domain) or Google Domains. Skip GoDaddy. Their bulk pricing is misleading and their DNS panel is genuinely painful for this workflow. How many domains to buy. Divide your daily send target by 30-50 (the max per domain per day) and round up. If you want 300 sends a day, buy 6-10 domains.

Plan for attrition. Even with clean lists, some domains get flagged eventually. Having spares means one flag doesn't kill the campaign.

Step 2: Email hosting, Google Workspace vs Microsoft 365

Each secondary domain needs a business email account. Two options: Google Workspace ($6/user/month) or Microsoft 365 ($6/user/month).

Both work. One nuance: Google's spam filters are aggressive, so Google-to-Google email (which is most B2B email) gets more scrutiny. Microsoft-hosted domains sometimes land in Gmail inboxes better because they're coming from outside Google's ecosystem.

For most campaigns, Google Workspace is fine. If you're hammering Gmail recipients and inbox placement starts dropping, mix in a few Microsoft 365 domains and compare.

Account setup rules:

One email account per domain (e.g., ali@getacme.com)
Add a real profile photo
Set up a simple signature with name, title, company website
Enable IMAP access (your sending tool needs this to connect)

Step 3: DNS records, SPF, DKIM, and DMARC

This is where first-timers cut corners and pay for it. All three DNS records are required. None are optional.

SPF (Sender Policy Framework)

SPF tells receiving mail servers which servers are allowed to send on behalf of your domain. Without it, providers have no way to verify your email is legitimate.

For Google Workspace, add this TXT record to your domain's DNS:

Type: TXT
Name: @
Value: v=spf1 include:_spf.google.com ~all

For Microsoft 365:

Type: TXT
Name: @
Value: v=spf1 include:spf.protection.outlook.com -all

~all is "soft fail" (flag but don't reject). -all is "hard fail" (reject). Start with ~all on Google Workspace. It's more forgiving while your domain is still building reputation.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to every outgoing email. The receiving server checks that signature against a public key in your DNS. If they match, the email wasn't tampered with in transit.

Google Workspace generates your DKIM key in the Admin Console under Apps > Google Workspace > Gmail > Authenticate email. Microsoft 365 does it through the Exchange Admin Center.

The DNS record looks like this (values are unique to your domain):

Type: TXT
Name: google._domainkey
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN... [long key]

Important. After setting up DKIM, wait 24-48 hours for DNS propagation before testing anything. MXToolbox and Mail Tester (mail-tester.com) will tell you if your records are live.

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do when an email fails SPF or DKIM validation. It also reports back to you on who's sending email under your domain name.

Start with a monitoring-only DMARC record:

Type: TXT
Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

p=none means "do nothing, just report." Once SPF and DKIM look healthy (give it 1-2 weeks of monitoring), step up to p=quarantine and eventually p=reject.

Don't start with p=reject. If SPF or DKIM is misconfigured, legitimate email will bounce. That includes mail to your real customers.

Verifying your setup

Free tools to check all three records:

MXToolbox (mxtoolbox.com) checks SPF, DKIM, DMARC, and blacklist status
Mail Tester (mail-tester.com) gives you a 1-10 score from a test email
Google's Email Postmaster Tools shows your domain reputation with Google

Aim for a Mail Tester score of 9/10 or higher before launching.

Step 4: Warmup, the 3-4 week process you cannot skip

A new email domain has no sender reputation. Google, Microsoft, and the big corporate mail servers don't know whether to trust it. Warmup builds that trust by simulating normal email behavior before you start sending cold.

How warmup works. Tools like Instantly and Smartlead connect your accounts into a network of other accounts that exchange emails with each other, reply, mark them "not spam," and build up a history of normal engagement. Over 3-6 weeks, this establishes your domain as a legitimate sender. Warmup timeline:

Week	Daily Sends (Warmup)	Inbox Placement
1	5-10	Building reputation
2	15-20	Improving
3	25-35	Mostly inbox
4-6	35-50	Stable, ready for cold send

Rules during warmup:

Don't send any cold outreach until week 4. Stacking cold sending on top of warmup will overwhelm a new domain's reputation.
Keep the warmup tool running after you start sending. Warmup emails maintain your reputation alongside cold sends.
Ramp cold sending gradually. 10-15/day in week 4, hitting your target by week 6.
Wait until the domain is at least 14 days old before starting warmup. Google ignores warmup signals on domains younger than 2 weeks.

Instantly ($97/month) and Smartlead ($94/month) both include built-in warmup networks. If you use either, you don't need a separate warmup tool.

Step 5: List building and email verification

The cleanest infrastructure on earth won't save you from a dirty list. If 5% of your emails bounce, your domain reputation drops fast regardless of how perfect your SPF/DKIM/DMARC is.

The verification rule. Every email gets verified before it enters a sending sequence. No exceptions. Where to get lists:

Apollo ($49-99/month). Large database, good for volume. Accuracy varies by industry. Expect 15-25% invalid emails before verification.
Clay ($149+/month). AI-powered enrichment, better accuracy, more complex to set up. Worth it for high-value campaigns.
LinkedIn Sales Navigator ($99-179/month). Build precise lists by title, company size, geography. You'll need a separate tool to find emails.
Prospeo. Finds emails from LinkedIn URLs and company domains. High accuracy, $49-99/month.

Verification tools:

Prospeo for real-time verification, high accuracy
Hunter (hunter.io) for individual lookups and domain searches
NeverBounce for bulk verification on existing lists
ZeroBounce for similar bulk work with strong deliverability scoring

Only import "valid" emails. Most tools categorize results as valid, risky, or invalid. Import valid only. Risky means catch-all addresses, role-based stuff like info@ or contact@, and addresses that exist but show low engagement. They inflate bounce rates and generate spam complaints without producing replies. Target bounce rate: under 2% hard bounces. If a campaign opens above 2%, pause immediately and re-clean the list before sending more.

Step 6: Sending limits and inbox rotation

The technical limits for cold email sending in 2026:

Platform	Max per day per inbox	Recommended cold email limit
Google Workspace	2,000	30-50
Microsoft 365	10,000	30-50
Instantly (per inbox)	50 (platform limit)	30-40
Smartlead (per inbox)	50 (platform limit)	30-40

The technical limits are way higher than what you should actually send. Email providers have algorithmic limits well below their stated maximums. They watch for unusual sending patterns even when you stay under the cap. The 30-50 rule. Keep cold sends to 30-50 per inbox per day. Every agency I know running large-scale outbound holds to this. Inbox rotation. Instead of pushing all volume through one inbox, spread it across many. Both Instantly and Smartlead handle this automatically. Add your accounts (from multiple domains), set per-inbox limits, and the platform rotates sending so no inbox gets hammered. Example setup for 200 sends per day:

5 domains, one email account each
40 sends per inbox per day
Instantly or Smartlead handles the rotation

Send timing. Schedule sends during business hours in the recipient's timezone, 9am-5pm Monday through Friday. Sending at 3am trips spam heuristics. Real businesses don't blast email in the middle of the night.

Step 7: Copy and personalization

Even perfect infrastructure fails with bad copy. The email itself has to look human.

Technical requirements for deliverability:

Keep emails under 150 words. Longer emails trigger spam filters and tank reply rates.
Plain text or minimal HTML. Heavy HTML (tables, images, tracking pixels) reads as marketing email, not personal outreach.
One link, max. Multiple links in a cold email is a spam signal.
Skip spam trigger words in subject lines: "free," "guarantee," "limited time," "act now," "earn money," "risk-free." No ALL CAPS either.
One tracking pixel (for open tracking). Multiple tracking elements get flagged.
Personalize the first line. Generic openers get deleted. A specific line about the prospect's company or role lifts reply rates noticeably.

Tools for personalization at scale:

Clay pulls from LinkedIn, Apollo, Clearbit, and dozens of other sources. AI agents write icebreakers based on company news, hires, or job postings.
Instantly's AI Personalization has built-in tokens that pull from your contact data.
Lemlist does dynamic images and multi-channel sequences with personalization built in.

The bar: the first line should mention something specific to the company or person. "I saw you just expanded into Europe" beats "I came across your company." That detail takes 30 seconds to add via automation and meaningfully lifts conversion.

Step 8: Monitoring and maintenance

Once a campaign is live, watch these metrics weekly:

Metric	Healthy Range	Action Threshold
Open rate	40-60%	Below 25% = deliverability problem
Reply rate	3-8%	Below 1% = copy or targeting problem
Bounce rate	Under 2%	Above 2% = pause and re-verify list
Spam complaint rate	Under 0.1%	Above 0.1% = urgent fix needed
Unsubscribe rate	Under 0.5%	Above 1% = messaging mismatch

Monthly domain health checks:

Run all domains against the major blacklists on MXToolbox
Check Google Postmaster Tools for domain reputation score
Verify DKIM and SPF records are still live (DNS records sometimes get deleted by accident)
Confirm warmup is still running on every inbox

If open rates suddenly drop below 30%. You hit a spam filter. Pause cold sending immediately, check MXToolbox for blacklist hits, verify DNS records, run Mail Tester again. Don't send more until you find the cause. If bounce rate spikes above 3%. Stop the campaign. Pull the contact list. Re-verify every email that hasn't been contacted yet. Resume with verified-only contacts.

The short version: cold email automation in 2026

A properly automated cold email system in 2026 runs on three to five secondary domains, each with one or two warmed Google Workspace or Microsoft 365 inboxes sending 30-50 emails a day. SPF, DKIM, and DMARC are configured on every domain. List hygiene keeps bounce rates below 2%. A warmup tool runs continuously in the background. Sending is spread across business hours, sequences run 4-6 steps over 14 days, and copy is personalized via Clay or a similar enrichment tool. Total infrastructure cost: $200-400/month. Setup: 3-4 weeks before the first cold email goes out. With that foundation, campaigns regularly hit 40-60% open rates and 3-8% reply rates at scale.

Common mistakes and how to fix them

Mistake: sending from your main domain. Fix: buy secondary domains today. Move all cold sending there. Never go back. Mistake: skipping warmup because you're in a hurry. Fix: there is no shortcut. A burned domain takes 30-60 days to recover, if it recovers at all. Three weeks of warmup protects months of sending. Mistake: importing Apollo exports without verification. Fix: every list gets verified before import. Set a hard rule: no unverified email enters your sending platform. Mistake: sending 200 emails a day from one domain. Fix: 50 is the cap. Buy more domains and rotate. Mistake: not monitoring deliverability weekly. Fix: a 15-minute weekly check on bounce rate, open rate, and blacklist status. Catching a problem early saves a domain that would otherwise be cooked in two weeks. Mistake: removing the warmup tool once the campaign is live. Fix: keep warmup on indefinitely. It maintains reputation alongside cold sends.

The tools you need

Category	Tool	Cost	Notes
Domain registration	Namecheap	$8-12/year per domain	Buy in bulk when possible
Email hosting	Google Workspace	$6/user/month	Most common for cold email
Email hosting (alternative)	Microsoft 365	$6/user/month	Better for some Google inbox placement
Sending + warmup	Instantly	$97/month	Best for high volume, built-in warmup
Sending + warmup	Smartlead	$94/month	Similar to Instantly, strong analytics
Data + list building	Apollo	$49-99/month	Large database, verify before sending
Enrichment + personalization	Clay	$149+/month	Best for personalized campaigns
Email verification	Prospeo	$49-99/month	High accuracy, LinkedIn-to-email
DNS checking	MXToolbox	Free	Blacklist and DNS verification
Setup testing	Mail Tester	Free	Score your deliverability before launch

For context on the broader outbound strategy this infrastructure supports, see the cold email vs LinkedIn outreach comparison. If you're trying to decide whether to build this in-house or hire an agency, the outsource vs in-house guide walks through the full cost and tradeoffs.