How to Set Up a Sending Domain for Cold Email

Most cold email campaigns don’t fail because of bad copy. They fail because the sending domain was never set up correctly in the first place.

If your domain is missing authentication records, landing in spam, or slowly killing your sender reputation without you realizing it, the problem almost always traces back to infrastructure. Specifically: how the sending domain was configured before a single email went out.

This guide covers everything you need to know about how to set up a sending domain for cold email, from domain selection and DNS records to inbox creation and warming. Whether you are setting up your first sending domain or building out infrastructure for a high-volume campaign, this is the right starting point.

Why You Need a Separate Sending Domain for Cold Email

Before getting into steps, this point is worth making clearly: you should never send cold email from your primary business domain.

Your primary domain carries your entire business reputation. Your website lives on it. Your transactional emails (invoices, contracts, onboarding flows) run through it. If a cold email campaign causes that domain to get flagged or blacklisted, the damage extends far beyond your outbound efforts.

Instead, cold email teams register separate sending domains that are similar to but distinct from the main domain. These are sometimes called “sending domains” or “outbound domains.”

Examples:

• Primary domain: yourcompany.com
• Sending domains: getyourcompany.com, tryyourcompany.com, yourcompany.io, yourcompanyhq.com

The goal is to maintain deliverability risk on domains that are isolated from your core business. If one burns, you replace it without touching your main domain.

What You Need Before You Start

Before registering domains and configuring DNS, make sure you have:

• Access to a domain registrar (Namecheap, Cloudflare, GoDaddy, or similar)
• An inbox provider account ready to set up (Google Workspace or Microsoft 365)
• Access to the DNS settings for whatever domain you register
• A clear understanding of how many inboxes you intend to run per domain

A common rule of thumb used by experienced cold email operators: run 2 to 3 inboxes per domain maximum. More than that increases risk if a domain gets flagged.

Step 1: Register Your Sending Domain

Pick a domain that looks legitimate and is closely associated with your brand. Avoid hyphens, numbers, or anything that looks spammy on sight.

Good patterns:

• get[yourbrand].com
• [yourbrand]hq.com
• try[yourbrand].com
• [yourbrand].io (if your primary is .com)

Register through any standard registrar. There is no meaningful deliverability difference between registrars.

One practical note: buy multiple domains at once if you plan to scale. New domains need time to warm up, so getting them registered early gives you a runway.

Step 2: Set Up Your Inbox Provider

The two primary providers used for cold email infrastructure are Google Workspace and Microsoft 365 (Azure).

Both are viable. Most high-volume teams run a mix of both to diversify risk. If Google’s filtering tightens up on one provider, Microsoft inboxes continue sending, and vice versa.

When creating inboxes:

• Use a real-looking first and last name format (firstname@yourdomain.com or firstname.lastname@yourdomain.com)
• Avoid generic inboxes like info@, hello@, or contact@
• Create 2 to 3 inboxes per domain, not more

For a detailed walkthrough of the Google Workspace configuration specifically, Peeker’s Google Workspace Setup guide covers the full process including forwarding configuration and sequencer connection.

Step 3: Configure DNS Authentication Records

This is the most technically important step. Missing or misconfigured DNS records are one of the most common reasons cold emails land in spam.

You need to configure three records: SPF, DKIM, and DMARC. Here is what each one does and how to set them up.

SPF (Sender Policy Framework)

SPF tells receiving mail servers which IP addresses are authorized to send email on behalf of your domain. Without SPF, your emails have no verified sender authorization and are far more likely to be filtered.

How to add it:

• Go to your domain’s DNS settings at your registrar
• Add a TXT record on the root domain (@)
• For Google Workspace, the value is: v=spf1 include:_spf.google.com ~all
• For Microsoft 365, the value is: v=spf1 include:spf.protection.outlook.com ~all

Only one SPF record is allowed per domain. If you already have one, you need to merge rather than add a second record.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your outbound emails, allowing receiving servers to verify that the message was actually sent by your domain and has not been tampered with in transit.

How to add it for Google Workspace:

• In your Google Admin console, go to Apps > Google Workspace > Gmail > Authenticate Email
• Generate a DKIM key for your domain
• Copy the TXT record value provided and add it to your DNS

For Microsoft 365:

• Go to Microsoft Defender > Email and Collaboration > Policies > DomainKeys Identified Mail
• Enable DKIM signing for your domain and follow the CNAME record instructions

DKIM records can take up to 48 hours to propagate, so add them early in your setup process.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC builds on SPF and DKIM. It tells receiving servers what to do with emails that fail authentication checks, and it gives you reporting visibility on authentication failures.

How to add it:

• Add a TXT record at _dmarc.yourdomain.com
• Start with a policy of none so you can monitor without blocking: v=DMARC1; p=none; rua=mailto:youremail@yourdomain.com

The rua tag tells receiving servers where to send aggregate reports. Point this at an inbox you actually check (or use a DMARC monitoring tool) so you can see if anything looks off.

As your domain matures and you confirm authentication is clean, you can tighten the policy to quarantine or reject.

Step 4: Verify Your Records Are Live

Once you have added all three records, verify them before sending anything.

Free tools for this:

• MXToolbox (mxtoolbox.com): check SPF, DKIM, and DMARC records
• Google Admin Toolbox: useful specifically for Gmail/Workspace setups
• Mail-Tester (mail-tester.com): send a test email and get a score showing authentication status

A properly configured domain should show:

• SPF: Pass
• DKIM: Pass
• DMARC: Record present (even if policy is none for now)

Do not move forward to inbox warmup until all three records verify cleanly.

Step 5: Set Up a Custom Tracking Domain (Redirect Domain)

If you plan to track link clicks or open rates in your cold email campaigns, most sequencers inject their own tracking URLs into your emails. By default, these tracking links use the sequencer’s own domain, which can be flagged by spam filters.

Setting up a custom tracking domain routes those tracking links through your own domain instead.

How it works:

• Create a subdomain like track.yourdomain.com or click.yourdomain.com
• Add a CNAME record in your DNS pointing that subdomain to your sequencer’s tracking server
• Configure your sequencer to use this custom domain for tracking

This is a small step that meaningfully reduces the chance of spam filters flagging your emails based on a shared tracking domain.

Step 6: Warm Up the Domain Before Sending

A brand new domain has zero reputation. Sending cold emails immediately from a fresh domain is one of the fastest ways to get it flagged or blacklisted.

Domain warming is the process of gradually building up sending volume over time to establish a positive sender reputation.

The basic pattern:

• Week 1: Send 10 to 20 emails per inbox per day
• Week 2: 20 to 30 per inbox per day
• Week 3: 30 to 40 per inbox per day
• Week 4 and beyond: 40 to 50 per inbox per day (standard cold email volume)

During warmup:

• Use a dedicated warmup tool or your sequencer’s built-in warmup feature
• Send to highly engaged addresses (warmup network accounts respond to each other to simulate genuine engagement)
• Avoid high-risk content (no “click here,” no spam trigger words) during the early stages

Most teams treat 4 weeks as the minimum warmup period before using a domain for real outreach.

Step 7: Monitor Deliverability After Launch

Setup is not a one-time event. A domain that is healthy today can start degrading within weeks if campaign targeting is poor, bounce rates are high, or reply rates collapse.

The signals to watch:

• Spam complaint rates (Google Postmaster Tools shows this for Gmail traffic)
• Bounce rates (hard bounces above 2 to 3% are a warning sign)
• Open rates (a sudden drop often means you have moved to spam folders)
• Blacklist status (check MXToolbox regularly against major blacklists)

This is the point where many cold email teams fall behind. Manual monitoring across multiple domains and inboxes quickly becomes unmanageable.

Where Peeker Fits

The setup steps above represent what every cold email practitioner needs to do before sending. But maintaining healthy infrastructure at scale is a separate and ongoing problem.

Peeker is built specifically for that second problem. Once your domains are configured and live, Peeker monitors deliverability in real time across all your inboxes, flags when a domain or inbox is showing early signs of burning, and automatically swaps out compromised infrastructure before it affects campaign performance.

Instead of checking Google Postmaster manually, auditing DNS records periodically, and manually replacing burned inboxes inside your sequencer, Peeker handles that entire layer automatically.

For teams running multiple domains across multiple clients or campaigns, Peeker’s Burn Detection and Deliverability Analytics make it possible to stop babysitting your email infrastructure and focus on campaign strategy instead.

Common Mistakes to Avoid

Sending from your primary domain. The most expensive mistake you can make. Separate your outbound infrastructure before you send a single cold email.

Skipping DMARC. A lot of guides stop at SPF and DKIM. DMARC is increasingly important for inbox placement at Gmail and Outlook. Add it from day one, even if the policy is just none to start.

Using a shared tracking domain. If your sequencer’s default tracking domain shows up in hundreds of thousands of cold emails, spam filters notice. Set up a custom redirect domain.

Warming up too fast. There is no shortcut here. Jumping to high send volumes before reputation is established is how domains get burned in week two.

Setting it and forgetting it. Domain health changes. Campaigns with poor targeting, high unsubscribe requests, or low reply rates will degrade reputation over time. Monitoring is part of the job.

Creating too many inboxes per domain. Two to three inboxes per domain is the standard. Stacking five or six per domain concentrates risk and accelerates burnout.

FAQ

How many inboxes can I run per sending domain for cold email? Most experienced practitioners run 2 to 3 inboxes per domain. This keeps the sending volume per domain within a range that inbox providers tolerate, and limits the blast radius if a domain starts to degrade. Running more inboxes per domain increases the risk that a spike in complaints or bounces on one inbox pulls the entire domain’s reputation down faster.

Do I need both SPF and DKIM for cold email deliverability? Yes. Both records serve different functions and are independently evaluated by receiving mail servers. SPF verifies that the sending IP is authorized. DKIM verifies the message content and sender identity via cryptographic signature. Missing either one reduces your authentication score and hurts inbox placement. DMARC layers on top of both and is increasingly required for reliable delivery to Gmail and Outlook recipients.

How long does a sending domain need to warm up before cold email campaigns? Plan for a minimum of 4 weeks of warmup before running real cold outreach from a new domain. Some operators extend this to 6 to 8 weeks for domains that will carry high volume. Rushing the warmup is one of the most common reasons new domains get flagged early in a campaign.

How does Peeker help after a sending domain is set up? Once your domains are live and configured, Peeker monitors their deliverability in real time. If an inbox starts showing spam placement, blacklist hits, or engagement drops, Peeker’s Burn Detection flags the problem immediately and can automatically swap in a replacement inbox so your campaigns continue running without interruption. It is the infrastructure layer that handles what happens after setup.

What is the difference between a sending domain and a tracking domain? Your sending domain is what appears in the From address of your cold emails and carries your sender reputation. Your tracking domain is a separate subdomain used to redirect click-tracking links in your emails. They serve different purposes. Using a custom tracking domain (rather than your sequencer’s default shared domain) keeps your click-tracking links from triggering spam filters that flag known bulk-sending tracking URLs.

Conclusion

Setting up a sending domain correctly is foundational to any cold email program. Register a domain that is separate from your primary business domain, configure SPF, DKIM, and DMARC before sending anything, warm up steadily, and monitor performance once campaigns are live.

The setup itself is straightforward once you know the sequence. The harder part is maintaining healthy infrastructure over time as you scale across more domains, more inboxes, and more campaigns simultaneously.

That is exactly what Peeker is built for. Start tracking your deliverability in minutes. Try Peeker free  ↗ and see how self-healing inboxes work in practice. Or Pricing to find the plan that fits your volume.