Here's the most expensive mistake in outbound: sending cold email from your main company domain. It works fine for a month or two. Then reply rates dip, then your sales team's one-to-one emails start landing in spam, and then you discover that domain reputation doesn't have an undo button.

Every serious outbound program runs on a multi-domain architecture. That's a fleet of secondary domains that carry all cold volume, isolate risk, and keep your primary domain pristine. This is the exact setup we deploy, with the numbers we use.

The core principle: isolation

Your primary domain (say, omniticshq.com) is sacred. It carries your website's search authority, your team's daily email, your transactional messages. None of that should ever share a reputation with cold outreach, because cold outreach, even done well, generates spam complaints at some baseline rate.

So we buy lookalike domains and let them take the risk instead:

  • tryomnitics.com
  • getomnitics.com
  • omniticshq.io
  • omniticsteam.com

Each redirects to your real website (so curious prospects land somewhere legitimate), but their email reputation lives and dies independently. If one domain gets tired, you rest it. Your brand never feels it.

The math: how much infrastructure you need

Work backwards from your target volume. The safe sending rules in 2026 are conservative, because Google and Microsoft tightened bulk-sender thresholds hard:

  • 20 to 30 cold emails per mailbox per day. Beyond that, pattern detection gets twitchy
  • 2 to 3 mailboxes per domain. More than that concentrates risk for no gain
  • Keep spam complaints under 0.3% and bounces under 2 to 3% at all times
Daily targetMailboxesDomains
~250 emails/day104 to 5
~500 emails/day208 to 10
~1,000 emails/day4014 to 20
~2,000 emails/day8028 to 40

Yes, that's real money, roughly $10 to $15 per domain per year plus mailbox costs. It's also a rounding error against the cost of one burned brand domain or a quarter of missing pipeline.

Authentication: the non-negotiables

Every sending domain gets the full treatment before it sends a single message:

  1. SPF authorises your sending platform's servers. One record per domain, no more (multiple SPF records invalidate each other).
  2. DKIM cryptographically signs each message so providers can verify it wasn't tampered with.
  3. DMARC tells receivers what to do when SPF/DKIM fail, and protects you from spoofing. Start at p=none for monitoring, then tighten.
  4. Custom tracking domain. Open/click tracking on a subdomain you control, instead of a shared tracker thousands of spammers also use.
  5. MX + redirect. Working inbound mail (replies must land somewhere monitored) and a 301 redirect to your main site.
Since Google and Yahoo's bulk-sender rules, authentication isn't best practice. It's the entry fee. Unauthenticated mail at volume simply doesn't get delivered anymore.

Warm-up: the part everyone rushes

New domains have no reputation, and mailbox providers treat no reputation as suspicious. The fix is patience on a schedule:

  • Weeks 1 to 2: warm-up tool only. Mailboxes exchange and reply to messages within a warm-up network, building positive engagement signals.
  • Weeks 3 to 4: warm-up continues; trickle of real sends begins (5 to 8/day per mailbox) to your most relevant, most-likely-to-reply segments.
  • Weeks 5 to 8: ramp toward full volume in ~20% weekly increments, watching bounce and spam rates at every step.
  • Forever: warm-up stays on at low volume in the background. Engagement signals are a diet, not a course of antibiotics.

Rotation and monitoring: the part everyone skips

Infrastructure isn't "set and forget." A healthy program runs three ongoing loops:

Daily: placement and blacklist checks

Automated inbox-placement tests (does a seeded send land in inbox, promotions, or spam across Google/Microsoft?) and blacklist monitoring on every domain. We pipe alerts into Slack via n8n so a degrading domain gets caught in hours, not weeks.

Weekly: capacity rebalancing

Domains showing fatigue (rising soft bounces, falling reply rates) get volume reduced or paused for a two-week rest. Fresh domains (we always keep a few warmed and benched) rotate in so total capacity never dips.

Monthly: list hygiene review

Deliverability problems are often list problems wearing a disguise. Triple-verify emails before sending, suppress catch-alls you can't validate, and watch bounce rates by data source, because one bad provider can poison an otherwise healthy program.

The copy still matters (just differently than you think)

Infrastructure gets you to the inbox; copy decides what happens there. But copy also feeds back into deliverability: messages that get replies build reputation, and messages that get deleted unread erode it. Three rules we hold:

  • Plain text, short, specific. No images, no five links, no HTML templates. Cold email should look like email from a person, because it is.
  • Personalisation that proves research. One specific, true observation about the account beats six mail-merge fields.
  • Ask a small question. Interest-based CTAs ("worth a look?") outperform calendar grabs ("got 15 minutes Tuesday?") early in a thread.
Checklist to audit your current setup: Is cold volume on your primary domain? Are SPF, DKIM, and DMARC all passing? Are mailboxes under 30 sends/day? Is anything monitoring placement daily? If any answer is "no" or "not sure," your pipeline is standing on a trapdoor.

The payoff

Done right, this architecture is boring, and boring is the goal. Domains rotate, placement stays high, volume scales linearly with infrastructure, and your brand domain never takes a scratch. Outbound stops being a gamble on one domain's reputation and becomes what it should be: a system with redundancy, monitoring, and predictable output.

OM
The Omnitics Team We build and run cold email systems end to end. Want yours tested? Get a free deliverability audit.