Cold email at scale requires a fundamentally different domain infrastructure strategy than permission-based email marketing. Where marketing email can run entirely from a single, carefully managed primary domain, cold email — by its nature unsolicited — generates complaint rates and engagement patterns that would damage a primary domain's reputation within weeks if sent from it directly. The operational solution is a dedicated cold email domain portfolio: a set of purpose-built sending domains that protect the primary brand domain while providing the infrastructure capacity to run cold outreach at commercial scale. This guide documents the complete 2026 approach to cold email domain strategy.

Never
Use your primary brand domain for cold email — protect it at all costs
50-200/day
Safe per-domain daily cold email volume — above this, reputation risk compounds rapidly
3-5 domains
Minimum domain portfolio for a team sending 200-500 cold emails per day at sustainable scale
60+ days
Minimum domain age before using for cold outreach — new domains face severe inbox placement disadvantage

Why Multiple Domains Are Essential for Cold Email at Scale

Cold email creates reputation risk that permission-based email does not: recipients who did not request contact are more likely to mark cold email as spam, and even well-targeted cold outreach generates complaint rates above the 0.05% operational safety threshold that permission-based marketing maintains. If all cold email volume runs through a single domain, complaint events — which are inevitable at cold email scale — concentrate their reputation damage on that single domain.

The multiple-domain strategy distributes this risk: instead of one domain absorbing all complaint events, each domain in the portfolio absorbs a fraction of the total complaint volume. If one domain's reputation degrades — typically after 3-6 months of active cold email sending — the programme continues on the other domains while the degraded domain is retired or rested. No single domain's health is critical to the programme's continued operation, and no single complaint event can take the entire programme offline.

Volume distribution is the secondary benefit: ISPs rate-limit inbound email per sending IP and per sending domain. Distributing cold email volume across multiple domains — 50-200 per domain per day — stays within the rate limits that produce the most consistent inbox placement. High-volume single-domain cold email (1,000+ per day from one domain) triggers ISP rate limiting and spam filter scrutiny that multi-domain rotation avoids.

The Core Principle: Never Cold Email from Your Main Domain

The primary brand domain — the domain used for the company website, for transactional email, for customer support, for inbound email — must never be used for cold outreach. This is the most important single rule in cold email infrastructure, and its violation is the most common single cause of catastrophic brand email delivery failure.

The mechanism: cold email generates complaint rates that, if accumulated on the primary brand domain, will degrade Gmail's domain reputation for that domain. Once the primary domain reaches Low or Bad reputation at Gmail, all email from that domain suffers — including transactional confirmation emails that customers are waiting for, customer service responses, inbound-requested newsletters, and internal business communications. The reputational damage from cold email conducted on the primary domain affects every email the company sends. Recovery takes 4-8 weeks minimum, and during that recovery period the company's entire email communication is impaired.

Cold email domains are deliberately kept separate — different domain names, not just subdomains — because domain reputation is evaluated at the organisational domain level. A subdomain (cold.brand.com) inherits the reputational context of the parent domain (brand.com) in Gmail's domain reputation system. Using cold.brand.com for cold outreach exposes brand.com to reputation damage through the subdomain. The correct cold email domain is a distinct registered domain (trybrand.com, getbrand.io, brand-sales.com) with no organisational connection to the primary brand domain in the sending infrastructure.

Domain Naming Strategy: What Works and What Raises Flags

Cold email domain naming is a balance between maintaining brand recognisability (so prospects can verify who is contacting them) and avoiding patterns that spam filters or sophisticated recipients associate with cold email domain rotation practices.

Effective naming patterns: Prefix variations (getbrand.com, trybrand.com, hellobrand.com, joinbrand.com), suffix variations (brand.io, brand.co, brandapp.com, brandhq.com), descriptive additions (brandsales.com, brandoutreach.com), and TLD variations of the primary domain (.com → .io, .co, .us) where the primary domain is .com. These patterns maintain brand connection while creating genuinely separate domain registrations.

Patterns that raise red flags with sophisticated recipients and some spam filters: Random character additions to the brand name (br4nd.com, br-a-n-d.com) — these look like phishing or typosquatting domains; generic TLDs with no brand connection (.xyz, .click, .email) — increasingly associated with spam and disposable domains by spam filters; very recently registered domains with no web presence — prospect research will show a domain registered last week with no website, signalling cold email infrastructure.

The legitimacy test: For each cold email domain, build a minimal web presence — at least a one-page website that explains the company and what the outreach is about. Recipients who receive cold email from company.io will often Google company.io before responding. A domain with no web presence creates suspicion; a domain with a simple landing page that looks like a legitimate company sub-brand or product page passes the legitimacy check. This is 30 minutes of work per domain with a single-page site builder and meaningfully improves reply rates from prospects who research the sender.

How Many Domains Do You Need?

The number of domains required is determined by target daily sending volume and per-domain daily volume limits:

Target daily sendsPer-domain limitDomains neededNotes
50-100/day50-1001-2Solo SDR; one primary cold domain, one backup
100-500/day100-1503-5Small team; rotation across 3-5 domains
500-2000/day100-2005-15Growth stage; active portfolio with rotation
2000-5000/day150-20015-30Scale; significant domain management overhead
5000+/day150-20030+Enterprise; dedicated infrastructure team required

The per-domain limits above are conservative — they represent the volumes at which consistent inbox placement is achievable with proper warmup and good personalisation. Pushing beyond 200 cold emails per day per domain is technically possible, but produces progressively worse inbox placement and accelerates domain reputation degradation. The domains are cheap (under $20/year each); maintaining lower per-domain volume and using more domains is the economically correct trade-off.

Build a domain pipeline: at any given time, maintain three cohorts of domains — (1) active sending domains (warmed up and in use), (2) warming domains (purchased 4-8 weeks ago, being warmed up for future use), and (3) retired domains (reputation degraded, resting for 3-6 months before potential reactivation). A healthy domain pipeline means a domain retiring does not reduce sending capacity, because a warming domain is ready to take its place.

DNS and Authentication Setup for Cold Email Domains

Every cold email domain requires the same authentication setup as any commercial sending domain — MAGY compliance is mandatory:

# Required DNS records for each cold email domain:

# 1. MX record (for replies and DMARC reports)
# Use Google Workspace ($6/month) or a forward-to-main-mailbox setup
trybrand.com.  IN  MX  10 mail.google.com.

# 2. SPF record
trybrand.com.  IN  TXT  "v=spf1 include:_spf.google.com ~all"
# Adjust for your sending platform (Instantly.ai, Smartlead, etc.)
# Each platform provides the include: value to add

# 3. DKIM — configure in your sending platform
# Each domain gets its own DKIM keys
# Platform generates public key → add to DNS as TXT record
google._domainkey.trybrand.com.  IN  TXT  "v=DKIM1; k=rsa; p=PUBLIC_KEY..."

# 4. DMARC — monitoring only initially
_dmarc.trybrand.com.  IN  TXT  "v=DMARC1; p=none; rua=mailto:dmarc@brand.com"
# Use a shared DMARC reporting address for all cold domains
# to consolidate reports into a single monitoring inbox

# 5. Domain verification for sending platform
# Each platform requires domain verification (typically DNS TXT record)

# Automate this setup with a bash script when managing many domains:
setup_cold_domain() {
    DOMAIN=$1
    echo "Setting up $DOMAIN..."
    # Add DNS records via your registrar API (Cloudflare, Namecheap, etc.)
    # Configure in sending platform via API
    # Add to monitoring rotation
    echo "$DOMAIN setup complete"
}

Per-Domain Volume Limits: The Safe Thresholds

The 50-200 per-domain daily volume limit is not arbitrary — it reflects the complaint rate mathematics of cold email. At a 0.30% complaint rate (high but realistic for poorly targeted cold email), 200 sends/day generates 0.6 complaints per day. Over 30 days, that is 18 complaints from 6,000 sends — still below the threshold that triggers immediate Gmail enforcement, but accumulating toward the complaint history that degrades domain reputation.

At 500 sends/day from the same domain with a 0.30% complaint rate: 1.5 complaints per day, 45 complaints over 30 days from 15,000 sends. This complaint concentration is what pushes domain reputation from Medium to Low within 6-8 weeks of sustained sending. The volume per domain limit is the primary mechanism for controlling complaint concentration.

Volume consistency matters as much as volume ceiling: erratic sending (500 Monday, 0 Tuesday-Thursday, 800 Friday) looks suspicious to ISP pattern detection systems. Configure daily campaign limits in the cold email platform that enforce consistent daily volumes — ±20% of the target baseline — rather than sending as fast as possible when campaigns are active and zero when they are not.

Warmup and Rotation Schedule

The operational calendar for a cold email domain from acquisition to retirement:

Days 1-7 (Acquisition and setup): Register domain. Set up Google Workspace or email forwarding. Configure DNS records (MX, SPF, DKIM, DMARC). Verify domain in the cold email sending platform. Configure warmup service — start at 10-15 warmup emails per day through the warmup network.

Days 8-30 (Warmup phase 1): Increase warmup to 30-50 emails per day. Monitor for authentication issues (check the received email headers for DKIM pass). No prospect outreach yet. The domain is building its initial sending history with the warmup service's engagement network.

Days 31-60 (Warmup phase 2): Increase warmup to 50-100 emails per day. The domain is approaching the age and reputation foundation for cautious prospect outreach. Still primarily warmup sends.

Day 61+ (Active sending begins): Begin prospect outreach at 10-20 emails per day (not the full target volume). Continue warmup in parallel at 30-50 per day. Gradually increase prospect outreach volume over 2-3 weeks until reaching the per-domain volume target. Continue warmup in parallel throughout the domain's active life — warmup engagement signals counterbalance the lower engagement of cold prospect outreach.

Month 3-6 (Monitor for degradation): Monitor inbox placement rates weekly. When inbox placement drops below 70% consistently, the domain's reputation is degrading — typically from accumulated complaint history. Begin transitioning volume to the next domain in the warming pipeline. Do not push a degrading domain; retire it gracefully by reducing its volume over 2-3 weeks while the replacement ramps up.

Monitoring Domain Health Across a Multi-Domain Portfolio

Managing 10-30 sending domains requires systematic monitoring — individual domain checks are too time-consuming to do manually at scale. Build a monitoring system:

Automated daily checks: Run the Spamhaus ZEN check script (from the Spamhaus delisting guide) for all active domains daily. Any newly listed domain should trigger immediate investigation before it causes prospect outreach failures. Add Barracuda BRBL and SURBL checks to the same daily scan.

Weekly inbox placement tests: Use GlockApps or Instantly.ai's inbox tester to send a test from each active domain weekly to Gmail and Microsoft seed accounts. Track placement rate per domain per week. Domains with declining placement get reduced volume; domains near 70% inbox placement are flagged for rotation out of the active portfolio.

Centralised DMARC reporting: Use a single rua= address for all cold email domains. This creates a single DMARC reporting inbox that aggregates authentication data across the entire portfolio. Review the DMARC reports weekly to catch authentication failures on any domain that the automated daily checks might miss.

The cold email domain portfolio is infrastructure — it requires maintenance, monitoring, and proactive management. Programmes that treat domain acquisition as a one-time setup and do not monitor domain health until delivery failures appear are constantly in reactive mode. Programmes that treat the domain portfolio as living infrastructure — with regular health checks, planned rotation, and a pipeline of warming domains — maintain consistent inbox placement throughout the cold email programme's operation, quarter after quarter.

H
Henrik Larsen

Cold Email Infrastructure Specialist at Cloud Server for Email. Specialising in email deliverability, infrastructure architecture, and high-volume sending operations.