ReplyLabs
FeaturesPricingCompareFAQUse casesBlogHelpSetup
Sign inGet started free
Get started

Product

  • Features
  • Pricing
  • Compare
  • Roadmap

Resources

  • Use cases
  • Blog
  • Glossary
  • Cost calculator

Support

  • Setup Guide
  • Help Center
  • Contact Support
  • Report an Issue
  • Feature Requests

Company

  • Opt Out of Testing

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie list
  • Subprocessors

Empra Consultancy LTD
hello@replylabs.io

ReplyLabs|PrivacyTermsCookiesSubprocessors

© 2026 Empra Consultancy LTD. All rights reserved.

All articles
Cold email outbound

Cold email deliverability checklist for 2026: the steps that keep you in the inbox

A concrete 2026 cold email deliverability checklist: authentication, domains, volume limits, warm-up, list verification and the monitoring that catches problems early.

By Hugo Dupont · 8 min read

Cold email deliverability is whether your message reaches the inbox at all, and in 2026 it is a mechanical problem: do the setup correctly and your mail arrives, skip a step and it lands in spam or is rejected outright. The checklist below is the working version: authenticate every domain, send from secondary domains, keep per-inbox volume low, warm new inboxes, verify the list, keep the message short, and monitor the signals continuously. Most of these steps live in your sending platform. One of them, list verification, happens before you send, and it is the single preparation step with the biggest effect on whether the rest survives a real list.

What is cold email deliverability?

Deliverability is the probability that your email reaches the recipient's inbox rather than their spam folder, their quarantine, or a rejection at the gateway. It is decided by signals the mailbox provider reads about your sending: whether your domain is authenticated, whether your content looks like bulk mail, how many recipients bounce, and how many mark you as spam. It is distinct from reply rate, which is about who you target and what you say. Deliverability gets you into the inbox; the message earns the reply once you are there.

The reason it matters more than ever is that the major providers tightened their rules through late 2025 and into 2026. Domains without correct authentication are now rejected rather than filtered, and Microsoft in particular shortened ramp-up allowances and added age requirements for new sending domains.

The 2026 cold email deliverability checklist

Work through these in order. The first six live in your sending platform. The seventh, verification, you do before you send, in the spreadsheet where your list is prepared.

1. Authenticate every sending domain with SPF, DKIM and DMARC

All three records are non-negotiable in 2026, and they must be configured so that DMARC alignment passes, not merely present. A few specifics that trip people up:

  • SPF has a hard limit of 10 DNS lookups per RFC 7208. Exceeding it silently breaks the record. Flatten or consolidate includes if you are near the limit.
  • DKIM is the record most commonly missing on cold-email domains, and a DKIM failure is associated with a 10 to 15% drop in inbox placement. Sign every message.
  • DMARC at p=none is barely better than having no DMARC at all, especially for mail bound for Microsoft. Aim for p=quarantine as the safe baseline once your authentication is confirmed passing.

2. Send from secondary domains, never your primary

Use dedicated sending domains (for example a getacme.com or trygetacme.com variant of your main getacme.com) so that any reputation damage stays away from your primary company domain and its transactional mail. If a cold campaign goes wrong, you want to burn a throwaway, not the domain your invoices send from.

3. Keep per-inbox volume low and spread across mailboxes

After the late-2025 crackdown, experienced operators cap at roughly 15 to 25 cold emails per inbox per day, with two to three inboxes per domain. You scale by adding warmed inboxes across several domains, not by sending more from any one mailbox. A clean list that is too large for your inbox capacity is a deliverability problem in waiting, which is one more reason to keep the list tightly targeted.

4. Warm every new inbox before it carries volume

New mailboxes need a ramp-up period building send and reply history before they run at full volume, roughly three weeks as a rule of thumb. Microsoft 365 is now stricter: new domains require around a 14-day minimum age and a 30-day ramp before reaching about 200 emails per day, roughly half the 2025 allowance. Do not point a fresh inbox at a full campaign on day one.

5. Keep the message short and plain

Heavy HTML, tracking pixels, and image-laden templates raise spam scores. Short plain-text messages perform best: the sweet spot in 2026 is around 40 to 60 words, and staying under 80 is a reasonable ceiling. One reported campaign cut length from 141 words to under 56 and saw reply rate double. Short copy helps deliverability and reply rate at the same time.

6. Monitor bounce rate, complaints and engagement continuously

Deliverability is not a one-time setup. Track bounce rate, spam-complaint rate, and engagement, and set alerts so you catch degradation before it tanks a domain. A rising bounce rate is the earliest warning that your list quality has slipped or an inbox has been flagged.

7. Verify the list before you send

This is the step that happens before the send, and it is the one with the largest single effect on the others. Bounces are the loudest negative signal a mailbox provider reads, and a high bounce rate destroys sender reputation fast, undoing all the authentication and warm-up work above. Verification checks whether each address is real and able to receive mail before you ever send to it.

Why verification belongs on a deliverability checklist

Verification is usually framed as a cost-saving step (do not pay to send to dead addresses), but its real value is protecting the sender reputation you built in steps one through six. Every undeliverable address you remove is a bounce that never happens. Because bounces are punished harder than almost any other signal, filtering them out before the send is the cheapest insurance you can buy for a sending domain.

In ReplyLabs you do this in the spreadsheet where the list already lives. You select the email column, run the Verify step, and each address comes back with a verdict (deliverable, undeliverable, risky, or unknown) written into a new column. You filter to deliverable rows and export only those. Verification costs $0.01 per email and you are charged only for rows that return a result. The detailed mechanics are in email verification in Google Sheets, and it sits inside the wider cold email from Google Sheets workflow.

A note on the boundary: ReplyLabs prepares the list, it does not send the mail. Steps one through six happen in your own email service provider or sequencer. Step seven happens in the sheet. The split is deliberate, because list quality is won in the spreadsheet and sending reputation is managed in the sender.

How verification fits the rest of list preparation

Verification is the first filter, not the only one. Once the list is verified, you enrich each row with facts, score against your ideal customer profile, and personalise, so that what reaches your sender is small, clean, relevant, and specific. A smaller verified list is also easier to keep inside the per-inbox volume limits from step three, so good targeting and good deliverability reinforce each other. New accounts get $20 of free credit, enough to verify and prepare a real list end to end; see getting started.

Common questions

Does cold email deliverability still matter in 2026?

More than ever. The major providers now reject unauthenticated mail outright rather than routing it to spam, and Microsoft shortened ramp allowances for new domains. The setup is mechanical, but skipping any part of it means your mail never arrives, no matter how good the copy is.

Is SPF, DKIM and DMARC really required, or just recommended?

Required. In 2026 all three must be published and passing DMARC alignment on every sending domain, or major providers reject the mail. DMARC at p=none is treated as barely better than nothing, especially for Microsoft-bound mail, so move to p=quarantine once your records are confirmed passing.

How many cold emails can I send per inbox per day?

A sustainable 2026 ceiling is roughly 15 to 25 per inbox per day, with two to three inboxes per domain. You scale by adding warmed inboxes across more domains, never by raising the volume on a single mailbox.

Does ReplyLabs improve my deliverability if it does not send?

Indirectly but decisively. The list-side deliverability step is verification: removing addresses that would bounce, which protects the reputation of the domain you send from. Authentication, warm-up, and volume limits live in your sending platform, but a verified list is what keeps that setup from being torched on the first send.

Do I still need to verify if my data provider says the emails are valid?

Yes. Provider data goes stale between the time it was collected and the time you send, and bounces are the single worst signal for sender reputation. Verifying in the sheet at $0.01 per email and filtering to deliverable rows is cheap insurance. See email verification in Google Sheets.

Keep reading: Cold email outbound
Read the full guide: Cold email from Google Sheets
  • Personalised cold email at scale
  • ICP scoring for outbound lists
Definitions
ICP (Ideal Customer Profile)Spintax

Try it on your own list

ReplyLabs runs from a sidebar inside Google Sheets. Start free with $20 credit, no card needed.

Get started free