How to Set Up a Cold Email Domain (Step by Step)

Why you need a separate domain for cold email

Your main domain — the one your entire company uses for client communication, support tickets, and invoices — is not the domain you should be sending cold email from.

This is the single most common mistake founders make when starting outbound. They send 200 cold emails from their primary domain, a few recipients mark them as spam, and suddenly their CEO's email to a paying customer lands in the junk folder.

The fix is simple: buy dedicated sending domains, set them up properly, warm them up, and use them exclusively for outbound. If a sending domain gets burned, you rotate to another one. Your primary domain stays untouched.

Step 1: Buy your sending domains

Buy 3–5 domains that look related to your brand but are clearly not your primary. Good patterns:

• tryrocketsdr.ai, getrocketsdr.ai, rocketsdr.co — brand variants
• rocketsdr.io, rocketsdr.dev — alternate TLDs
• Avoid: rocketsdr-outreach.com, rocketsdr-sales.com — these scream 'cold email domain' to spam filters

Where to buy them

Any registrar works. Namecheap, Cloudflare, Google Domains (now Squarespace), GoDaddy — it doesn't matter for deliverability. What matters is the DNS setup.

Budget about $10–15 per domain per year. For 5 domains, that's $50–75/year — trivial compared to the cost of burning your primary domain.

Step 2: Configure SPF, DKIM, and DMARC

These three DNS records are the foundation of email authentication. Without them, inbox providers have no way to verify that your emails are legitimate — and they'll default to treating them as spam.

All three are required. Missing any one of them is enough to tank your deliverability.

SPF (Sender Policy Framework)

SPF tells receiving mail servers which servers are allowed to send email on behalf of your domain. It's a TXT record on your domain's DNS.

For Google Workspace:
v=spf1 include:_spf.google.com ~all

For Microsoft 365: v=spf1 include:spf.protection.outlook.com ~all

You can only have one SPF record per domain. If you use multiple sending services, combine them into one record.

DKIM (DomainKeys Identified Mail)

DKIM cryptographically signs every email you send, letting the receiving server verify the email wasn't tampered with in transit.

Your email provider generates the DKIM key. In Google Workspace: Admin Console → Apps → Google Workspace → Gmail → Authenticate Email. Copy the TXT record and add it to your DNS.

DKIM is the most commonly missed record — and the one that has the biggest impact on deliverability if missing.

DMARC (Domain-based Message Authentication)

DMARC tells inbox providers what to do when SPF or DKIM fails. It also enables you to receive reports about who's sending email using your domain.

Start with a monitoring policy:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Once you're confident your setup is clean, move to quarantine (p=quarantine) and eventually reject (p=reject). Don't start at reject — you'll block legitimate emails if anything is misconfigured.

Step 3: Create mailboxes and connect them

Each sending domain needs 2–3 mailboxes. Google Workspace or Microsoft 365 — both work for cold email, with different tradeoffs.

Google Workspace is generally more forgiving for new domains and has better deliverability to Gmail recipients (which is most of your B2B audience). Microsoft 365 has better deliverability to Outlook/corporate recipients.

Best practice: mix both. 60% Google Workspace, 40% Microsoft 365 across your sending domains. This spreads your risk across ESPs and matches the inbox distribution of your recipients.

Step 4: Warm up the domains (and why it takes time)

A brand-new domain with zero sending history has no reputation. Gmail and Outlook don't know if you're a legitimate sender or a spammer — so they default to skepticism.

Warmup is the process of building sending reputation gradually. You start by sending small volumes (5–10 emails/day), receiving replies, and slowly increasing volume over 2–4 weeks.

Manual warmup works but is tedious. Warmup tools (Lemwarm, Mailflow, Warmup Inbox) automate this by sending emails between a pool of mailboxes and generating automatic replies. They cost $3–15/mailbox/month.

At RocketSDR, we run our own warmup ecosystem — ESP-based warmup that's integrated directly into the sending pipeline. This means your domains warm up while you set up your campaigns, and the system automatically monitors and adjusts if a domain starts drifting toward spam.

How long does warmup take?

2–4 weeks for basic reputation. 6–8 weeks for a domain you can reliably send 50+ emails/day from.

Don't rush it. Sending 500 cold emails from a 3-day-old domain is the fastest way to get it blacklisted. Patience here saves months of deliverability headaches later.

• Week 1–2: 5–15 emails/day. All warmup traffic (automated replies).
• Week 2–3: 15–30 emails/day. Start mixing in a small volume of real outreach.
• Week 3–4: 30–50 emails/day. Gradually shift to real outreach. Monitor bounce rates and spam complaints.
• Week 4+: Scale to your target volume. Keep warmup running at ~20% of total volume to maintain reputation.

Step 5: Monitor and rotate

Setup isn't a one-time thing. Domains degrade. A domain that was clean last month can start hitting spam this month — because of a recipient complaint, a blacklist entry, or a change in your sending pattern.

Monitor inbox placement weekly. Tools like GlockApps and Mail Tester let you test where your emails land (inbox, spam, promotions, missing) before you send a real campaign.

When a domain starts degrading: stop sending from it immediately, increase warmup traffic, and rotate to a backup domain. This is why you buy 3–5 domains, not one. Rotation is how you maintain consistent deliverability at scale.

The 5 mistakes that land you in spam

After setting up hundreds of sending domains for customers, these are the mistakes we see over and over:

• Sending from your primary domain. Already covered — but worth repeating because it's the costliest mistake.
• Skipping DKIM. SPF and DMARC without DKIM is like locking the front door and leaving the window open.
• Sending too much too fast. A 2-week-old domain sending 200 emails/day will get flagged. Every time.
• Not monitoring. You set it up, forget it, and 3 months later discover your entire outreach has been landing in spam.
• Using the same domain for marketing and cold email. Marketing emails (newsletters, product updates) and cold email have different reputations. Keep them separate.

How many domains do you actually need?

It depends on your sending volume.

Rule of thumb: each domain can reliably send 50–80 emails per day across 2–3 mailboxes before deliverability starts degrading. So:

- Sending 100 emails/day → 2 domains (4–6 mailboxes) - Sending 500 emails/day → 7–10 domains (15–25 mailboxes) - Sending 2,000 emails/day → 25–30 domains (60–80 mailboxes)

Yes, this is a lot of infrastructure. This is also why deliverability is a moat, not a checkbox — the teams that do it right compound their advantage over time. The teams that don't spend months wondering why nobody replies to their emails.

TL;DR

Buy 3–5 dedicated sending domains. Configure SPF, DKIM, and DMARC on each. Create 2–3 mailboxes per domain across Google Workspace and Microsoft 365. Warm them up for 2–4 weeks before real outreach. Monitor inbox placement weekly. Rotate when a domain degrades.

It's not glamorous. It's the infrastructure that makes everything else work. Skip it and every campaign you run is building on sand.

Frequently asked questions