How to Set Up Email Domains for Outbound Campaigns

Most teams stand up one domain, point 500 emails a day at it, and wonder why reply rate craters in week 3. We run AI outbound for 50+ B2B companies, have sent over 8 million cold emails this year, and the data says domain architecture is the single biggest lever on long-term deliverability. Below, the domain setup we run across every client, the DNS records that have to land before send 1, the mailbox math that keeps the per-inbox volume safe, and the warmup timeline that protects your reputation.

Why Domain Setup Is the First Lever on Cold Email

The most expensive mistake in cold email is sending from your primary domain. Your primary domain carries your warm reputation, your internal email, your newsletter, your transactional sends, and every reply you have ever had with a paying customer. Cold outreach carries spam complaints, bounce rates, and engagement patterns that do not look anything like the warm traffic. If you blend the two, the cold pattern drags the warm reputation down with it. Once a primary domain lands on a blocklist, recovery takes weeks, sometimes months, and during that window every internal Slack notification, every contract email, and every warm follow-up routes through a damaged sender score.

The fix is structural. Buy secondary domains that look like your primary, configure them independently, and isolate the cold sending reputation from the rest of your business. The cost is roughly 12 to 15 dollars per domain per year, plus 6 to 10 dollars per mailbox per month at Google Workspace or Microsoft 365. The downside if you skip it is the entire business email function landing in spam.

Secondary Domain

A domain registered specifically for cold outreach, separate from the company's primary domain. The secondary is usually a close lookalike (acmegrowth.com instead of acme.com, or getacme.io instead of acme.com) so the prospect still recognizes the brand on first read. Each secondary holds 2 to 3 mailboxes and sends 60 to 90 emails per day at full ramp. A program sending 15,000 emails a month runs on roughly 5 secondaries.

According to Litmus research on email deliverability, sender reputation drives roughly 80 percent of inbox placement decisions at the major receivers. Content scoring, link reputation, and engagement signals make up the rest. The reputation layer is what domain architecture controls. The other 20 percent only matters once the first 80 is solid.

The 3 Domain Architecture Rules That Hold Across 50+ Campaigns

Every client we run inherits the same 3 rules on domain architecture. They are not industry best practice for every use case. They are the rules that have held up across 50+ B2B campaigns and 8 million emails sent this year.

• Rule 1: Never send cold from the primary. The primary domain is for internal mail, transactional sends, warm replies, and the newsletter. Cold goes on secondaries. If a buyer replies to a cold send and the conversation goes warm, route the follow-ups through the secondary too, not the primary. The reputation isolation only works if the boundary holds.
• Rule 2: Secondaries are close lookalikes, not random TLDs. Buy variants of the primary that a prospect would still recognize: get[brand].com, try[brand].com, [brand]hq.com, [brand]growth.com, [brand].io. Avoid random TLDs (.xyz, .info, .biz) because they carry pre-existing spam scores at most receivers. Avoid hyphens in the domain itself because hyphens correlate with spam at every major filter.
• Rule 3: One mailbox provider per program. Pick Google Workspace or Microsoft 365 and run every secondary on the same one. Mixing providers within a single program produces inconsistent deliverability that is impossible to debug. Google is the default for most B2B cold senders because the spam filtering is more transparent and the warmup pools are larger.

The DNS Records Every Outbound Domain Needs

Four DNS records have to land on every secondary before send 1. Skip any one and the message either goes to spam at major receivers or bounces outright. The records are mechanical, the configuration takes 15 minutes per domain, and the cost is zero.

1. MX record. Points to your mailbox provider's mail server. Google Workspace uses smtp.google.com. Microsoft 365 uses [tenant].mail.protection.outlook.com. Without an MX record, receivers cannot route reply traffic back to you, which kills the conversation before it starts.
2. SPF (Sender Policy Framework). A TXT record that lists which servers are authorized to send mail for your domain. For Google Workspace, the value is v=spf1 include:_spf.google.com ~all. For Microsoft 365, v=spf1 include:spf.protection.outlook.com -all. SPF tells receivers that the IP sending your message is allowed to do so.
3. DKIM (DomainKeys Identified Mail). A cryptographic signature on every outbound message that the receiver verifies against a public key in your DNS. The mailbox provider generates the keypair. You copy the public selector TXT record into your DNS. DKIM is what proves the message actually came from your domain and was not forged.
4. DMARC (Domain-based Message Authentication, Reporting, and Conformance). A TXT record that tells receivers what to do when SPF or DKIM fails. Set p=none for the first 30 days while you confirm everything is configured correctly, then move to p=quarantine and eventually p=reject. DMARC at p=reject is the strongest signal to receivers that you take sender authentication seriously, and it correlates with measurably higher inbox placement.

A fifth record, BIMI (Brand Indicators for Message Identification), is optional but increasingly worth the effort. BIMI displays your brand logo next to the inbox preview at Gmail and Yahoo when SPF, DKIM, and DMARC are all configured at p=reject. It does not directly affect deliverability but it raises open rate by giving the buyer a visual cue that the message is legitimate.

According to Google Postmaster Tools documentation, the receiver flags every message against SPF and DKIM at delivery time. A domain that fails either check more than 5 percent of the time gets reputationally throttled within 7 to 14 days. The DNS records are not optional.

Mailbox Math: How Many Inboxes Per Domain

Domain count is a function of send volume, mailbox count is a function of domain count, and per-mailbox daily volume is the safety governor on the whole stack. The rule of thumb that holds across our client base:

The 30-per-day cap per mailbox is the most important number on this page. The major receivers (Gmail, Outlook, Yahoo) reputationally penalize mailboxes that send more than 50 to 80 messages a day at steady state, especially when the sends carry no prior conversation history. Capping at 30 keeps every mailbox in the safe band with margin to spare.

From there the math is mechanical. A program sending 15,000 emails a month is sending roughly 500 a day on weekdays. At 30 per mailbox per day, that needs 17 active mailboxes. Spread across 2 to 3 mailboxes per domain, that lands at 6 to 8 secondaries depending on how aggressively you load each one. We default to the higher end (3 mailboxes per domain, 5 to 6 domains) because it spreads the per-domain reputation load thinner.

For programs sending less than 3,000 emails a month, 1 secondary with 3 mailboxes is enough. For programs sending 30,000 emails a month, you are looking at 10 to 12 secondaries. The architecture scales linearly with volume. There is no shortcut that lets a single domain carry disproportionate load without paying for it in deliverability.

The Warmup Timeline That Works

A brand new domain has zero sender reputation. Every receiver treats it as suspect by default. Pushing live volume at a cold domain in week 1 lands the messages in spam at roughly 4 times the rate of a fully warmed domain. The fix is automated warmup: 14 to 21 days of synthetic conversations that build positive engagement signals before the first real prospect ever sees a message.

1. Week 1: 5 sends per mailbox per day. The warmup tool sends and receives short conversational messages with other warmup pool participants. Every message gets opened, read, and replied to. The receivers see consistent positive engagement and start building a baseline reputation.
2. Week 2: 10 to 15 sends per mailbox per day. Volume ramps. Engagement stays at 100 percent because every message is still pool-internal. By the end of week 2, the receivers have logged roughly 100 successful conversations per mailbox with no spam complaints.
3. Week 3: 20 to 30 sends per mailbox per day. Volume hits steady state. Warmup continues in parallel with live cold sends, but the warmup ratio drops to roughly 20 percent of total volume. The reputation is now stable enough to carry real prospect traffic.
4. Ongoing: 5 to 10 warmup sends per mailbox per day. Warmup never fully stops. A baseline of pool-internal positive engagement keeps reputation healthy when cold response rates dip during slow weeks. Cutting warmup entirely after launch is one of the most common failure modes we see on existing client campaigns.

Tool selection: Mailreef, Warmy, Lemwarm, and the warmup built into Instantly and Smartlead all work. The differences are marginal. What matters more is that the tool is actively running, the pool is large enough (200+ participants minimum), and the warmup ratio stays above 15 percent of total send volume after launch.

The 4 Setup Mistakes That Cost the Most

Most domain setups we audit fail in one of 4 ways. The fixes are mechanical. The diagnosis is what takes time, because the symptoms (low open rate, high bounce, replies that never arrive) all look the same from the operator's seat.

Mistake 1: Sending live before warmup is complete. Teams under deadline pressure push real prospect traffic at a domain in week 1. The early sends land in spam, the reputation never recovers, and the domain has to be abandoned. Always wait the full 14 days minimum. The cost of waiting is 2 weeks. The cost of skipping is a burned domain that cannot be reused.

Mistake 2: DMARC stuck at p=none. p=none is correct for the first 30 days. After that, every day at p=none signals to receivers that you have not finished configuring the domain. Move to p=quarantine by day 45 and p=reject by day 60. The deliverability lift from full DMARC enforcement is measurable across every campaign we have run.

Mistake 3: Mixing cold and warm on the same secondary. Sales reps using a secondary domain for both cold prospecting and warm reply work pollute the cold reputation with high-engagement warm signals. The blend looks suspicious to receivers and the deliverability degrades unpredictably. Cold goes on cold-only mailboxes. Warm follow-up routes through a different mailbox on the same secondary, or back to the primary if the conversation is fully warm.

Mistake 4: Underestimating the per-mailbox cap. Pushing 80 or 100 sends per mailbox per day to keep the domain count down looks efficient on a spreadsheet. It also lands the mailbox in receiver throttle bands within 30 days. The 30-per-day cap is not a recommendation. It is the boundary between sustainable sending and the slow burn that ends with the program in spam by month 3.

According to Validity research on sender reputation, the median time from misconfiguration to measurable deliverability damage is roughly 21 days. The lag is what makes the diagnosis hard. By the time the operator notices the drop in reply rate, the reputation damage has been compounding for 3 weeks.

The Practitioner Frame on Domain Setup

Domain setup is the part of cold email that no one wants to do and no one can skip. It is mechanical, unglamorous, and the only people who notice when it is done right are the ones whose campaigns it quietly carries for years. The teams that get this layer wrong spend the next 6 months blaming copy, list quality, and subject lines for problems that trace back to a missed DNS record or a domain pushed live in week 1.

The teams that get it right treat the domain layer as a one-time investment with a 2 to 3 week setup window. Buy the secondaries. Land all 4 DNS records at p=reject by day 60. Cap per-mailbox volume at 30. Run warmup in parallel with live sends. Audit reputation quarterly through Google Postmaster Tools and the equivalent at Microsoft. The compound interest on this discipline is measurable inside 90 days and decisive inside 12 months.

The architecture is 1 secondary per 3,000 monthly emails, 2 to 3 mailboxes per secondary, 30 sends per mailbox per day, and 4 DNS records at full enforcement. The warmup is 14 to 21 days before launch and ongoing at 15 percent of total volume after. Set it up that way, audit it quarterly, and the back end of your cold email program stops being the bottleneck on revenue.