Cold email deliverability checklist for 2026
34 items across DNS, sender reputation, content, list hygiene, warmup, and monitoring. Tick them off before you ship a cold campaign — or keep this open while you triage one that already broke.
Skimmable on purpose. Every item is a single line you can verify in under five minutes, with a one-paragraph explanation if you want the why. If something here is unfamiliar, the linked guides below each section go deeper.
Of cold-email campaigns we audit fail at least 5 of the items below before they even send. Most teams overestimate how warm their sender is and underestimate how cold their content is.
DNS & authentication
TXT at the apex of every sending domain. Use ~all or -all. No more than one SPF record per domain.
Flatten if you are nesting includes. SPF will softfail silently if you blow the limit.
2048-bit key in 2026. Rotate annually. Verify the selector is published and resolvable.
p=reject is the goal but quarantine + alignment is the floor. pct=100.
Forensic reports go somewhere a human reads. Otherwise you will not catch a spoof until placement craters.
Single MX provider. No stale Google records lingering after a Microsoft migration.
Never use the platform's shared redirect. CNAME a subdomain like links.yourdomain.com to your ESP.
Only worth it if you have DMARC at p=reject. Otherwise it does nothing.
Deeper reading: the DKIM glossary and the auth section of the 2026 warmup guide.
Sender reputation
See the full warmup ramp in our guide.
send.yourdomain.com keeps your primary domain's reputation insulated from any cold-email mishap.
Spread across more domains rather than pushing one mailbox harder.
Each IP has its own reputation curve at every provider.
Free, takes 5 minutes, gives you the reputation bucket directly from Google.
Equivalent visibility for Outlook senders. Most teams skip this.
Never send password resets and cold outreach from the same address. Different reputation profiles, different risk.
Content fingerprint
Mail Tester, GlockApps, or equivalent. Score 9+ before you ship.
Multipart MIME with text/plain matching the HTML. Filters penalize HTML-only.
Three or more in a cold message is a near-instant Promotions placement.
bit.ly, t.co, etc. are immediate flags. Always use a branded redirect.
If {{first_name}} is blank, the message must still read naturally. Otherwise you ship literal {{}} tokens.
Filters dislike a low text-to-image ratio. 60% text minimum.
Mobile truncation matters more than spam-trigger words at this point.
List-Unsubscribe header is required by the 2024 bulk-sender rules. Even cold.
The body itself accumulates reputation. See template-based warmup.
The biggest leverage item here is #24. We explain why in why cold emails go to spam and define the category in template-based warmup.
List hygiene
Bounces above 4% damage reputation faster than any content issue. Verify in batches.
Catch-alls accept everything, including invalid addresses. Send to them only when desperate.
info@, support@, sales@ — high complaint rates, low engagement, often spam traps.
Across every domain and sequencer. Re-sending to an unsub is a complaint waiting to happen.
Old lists go stale. Warm a fresh template for them and ramp volume slowly.
Monitoring loop
Seed list across Gmail, Outlook, Yahoo, M365. If primary drops below 70%, rotate.
The 2024 bulk-sender threshold. Above this and Gmail throttles silently.
Above this, pause the campaign and re-verify the segment.
Look for unauthorized senders. Catch a spoof early or pay for it later.
Gmail Postmaster bucket, Microsoft SNDS color, complaint rate, bounce rate. 10 minutes a week saves a domain.
Deliverability is not a one-time setup. It is a weekly review cadence. The teams who treat it as set-and-forget are the teams whose domains get retired every quarter.
The fastest sequence to fix a broken campaign
If you are mid-incident and need a triage order, run the list in this sequence:
- Check Postmaster Tools / SNDS — what does the provider say?
- Run the auth check (items 1–7). One broken record kills everything downstream.
- Pull bounce and complaint rates from the last 7 days. Above threshold means pause and verify.
- Seed-test the live template (item 30). If placement is bad on a good sender, the content is the problem.
- If content, warm the template before resuming. See how NeverSpam handles this.
- Rotate volume off the affected sender for 48 hours while it recovers.
What this checklist is not
It is not a substitute for measurement. Every item above moves a dial, but none of them tells you where placement is today. Put a seed-test loop in front of every campaign and read the results before you scale volume.
It is also not exhaustive — there are vertical-specific items (healthcare opt-in rules, EU PECR, etc.) that we did not include because they apply to subsets of senders. If you are in a regulated space, add those on top.
Keep reading
All posts ↗- Cold Email Subject Lines That Get Replies (Without Triggering Spam)Cold email subject lines that get replies without triggering spam filters — 30+ tested patterns, what mailbox providers flag, and what to avoid in 2026.
- DKIM, SPF, and DMARC: The Complete Cold Email Setup Guide for 2026The complete DKIM + SPF + DMARC setup guide for cold email in 2026 — DNS records, alignment, policy progression, and the order to implement them.
- Microsoft 365 / Outlook Email Warmup: A Complete 2026 GuideMicrosoft 365 and Outlook email warmup guide for 2026 — the SmartScreen quirks, Defender for Office 365 thresholds, and the day-by-day ramp that works.
- How Many Cold Emails Per Day Can You Send Safely? (Real Limits)How many cold emails per day can you send safely in 2026? Gmail, Outlook, and Workspace hard limits, the practical reputation limits, and the ramp math.