Why a Pre-Send Checklist Matters
The fastest way to burn a domain is to skip setup steps and launch anyway. Every broken SPF record, every unwarm mailbox, every missing DMARC policy compounds into deliverability problems that are expensive to fix later.
This checklist is the same audit flow ColdRelay runs automatically. You can use it to audit any cold email setup — ColdRelay or not — before your first real send. If something here fails, pause and fix it before scaling volume.
Run through every section. Skipping any of these is how teams end up with 40% inbox placement and a 2-week recovery arc.
Domains
Buy separate sending domains. Never send cold email from your primary brand domain. Use variants like yourbrand.co, yourbrand.io, getbrand.com — minor permutations that protect your root domain's reputation.
Use 3–10 domains per campaign. Distribute send volume across multiple domains. One domain maxing out daily limits has far worse deliverability than three domains at 33% each.
Domain age matters. Newly-registered domains (under 30 days) are flagged by spam filters. Buy aged domains when possible, or budget 2 weeks of warmup before real sends.
Check domain history. Use Wayback Machine and Spamhaus to check if a domain has been used for spam previously. Bad history carries forward.
DNS Authentication
SPF record published. v=spf1 include:[your-sender] ~all. Exactly one SPF record per domain. Multiple SPF records = broken authentication.
DKIM signing enabled. Generate a 2048-bit DKIM key. Publish the selector's TXT record. Verify with dig or MXToolbox that the public key resolves.
DMARC policy set. Start with v=DMARC1; p=none; rua=mailto:reports@yourdomain.com. Monitor reports for 2 weeks. Move to p=quarantine once clean, then p=reject for production.
MX records pointing to the right mail server. No stale records from previous providers.
Reverse DNS (PTR) configured. Your sending IP should PTR back to a hostname on your sending domain. Missing PTR = instant spam flag at Gmail and Outlook.
Mailboxes
One sending name per mailbox. john@ ≠ john.doe@. Multiple names per mailbox confuses authentication and hurts deliverability.
Real-looking display names. John Smith > J Smith > Sales Team. Use first-last names that match the mailbox local-part.
Populate basic mailbox metadata. Calendar access, signature, profile photo. Empty mailboxes look like bot accounts.
Per-mailbox daily limits. 20–30 sends/day max. Above that, even warm mailboxes get throttled or flagged.
Warmup before real sends. 2 weeks minimum for new mailboxes. 4 weeks for new domains. No exceptions — skip warmup and you're burning the infrastructure.
Deliverability Testing
Inbox placement test before launch. Use a seed list (Glock Apps, mail-tester.com, Inboxally) to see where your test emails land. Target 90%+ inbox placement before scaling.
Check all major providers. Gmail, Outlook, Office 365, Yahoo, Apple Mail, and common corporate setups. 95% inbox at Gmail means nothing if you're landing in spam at Outlook.
Spam score under 3.0. Mail-tester.com gives a 0–10 spam score. Below 8.0 means authentication issues. Below 9.0 means content issues. Both need fixing.
Content audit. No spam-trigger words in subject lines. No excessive links. No image-only emails. Plain text > HTML for cold.
Monitoring
Google Postmaster Tools connected. Verify your domain. Monitor domain reputation, spam rate, and authentication pass rates at Gmail specifically.
Microsoft SNDS connected. For Outlook/Microsoft 365 reputation. Monitor IP reputation daily once sending volume is live.
Blacklist monitoring automated. Hetrix Tools or equivalent checks your domains and IPs against major blacklists every hour. Alerts to Slack or email when listings appear.
Bounce and complaint tracking. Bounces above 5% or complaints above 0.1% = pause and investigate. Your sending tool should track these automatically.
DMARC report aggregation. Use Postmark DMARC (free) or DMARCian to aggregate weekly DMARC reports. Catch authentication drift before it hurts deliverability.
List Hygiene
Every email verified before sending. Run through ZeroBounce, NeverBounce, or MillionVerifier. Remove invalid, catch-all, disposable, and role-based addresses.
Spam trap filtering. Paid verification services detect known spam traps. One spam trap hit can blacklist a domain — worth the cost.
Re-verify lists older than 30 days. Email addresses decay at 2–3% per month. An old list is a blacklist trap waiting to happen.
Suppression lists maintained. Past unsubscribes, bounces, and complaints should be permanently blocked across all campaigns and domains.
How to Use This Checklist
Before first send. Run through every section. Anything failing is a hard stop — fix it, re-verify, then proceed.
Weekly audits. Pick two sections per week and re-audit. DNS drifts. Mailboxes get suspended. Monitoring breaks. Catch issues before they become outages.
After every incident. Any deliverability drop, any blacklisting, any bounce spike — start the audit from the top. The root cause is almost always in one of the six sections above.
On ColdRelay. This entire checklist is automated — domain vetting, DNS setup, warmup, monitoring, and alerting all run without manual intervention. The audit still matters, but the fix is usually just a dashboard toggle.
Frequently Asked Questions
How long does a full infrastructure audit take?
1–2 hours for a single domain setup. 4–8 hours for a multi-domain campaign with 20+ mailboxes. Plan a half-day before launch — it's cheaper than a 2-week recovery from poor deliverability.
What's the single most important item?
DMARC policy. Without DMARC, SPF and DKIM failures don't actively protect you — they just log. DMARC at `p=quarantine` or `p=reject` is what actually stops spoofing and signals sender legitimacy.
How often should I re-run this checklist?
Full audit quarterly. Partial audit (DNS, monitoring, list hygiene) weekly. After any deliverability issue, run the full checklist before resuming sends.
Does ColdRelay handle all of this automatically?
Yes. Domain selection, DNS configuration, mailbox provisioning, warmup, monitoring, and alerting are all automated. The audit still matters — but issues that show up in the audit are usually fixed with a dashboard action, not a 2-week rebuild.