top of page
Mike Piddock

Optimising your cold email infrastructure


In February 2024 Google updated its Email Sender Guidelines which impacted those companies sending 5,000 or more messages a day to Gmail accounts.


Although this is unlikely to affect B2B marketers and outbound sales teams that will tend to send to non-Gmail accounts, there are lessons to be learned about optimising outbound email generally, to stay the right side of both Google and Microsoft's drive to keep people's inboxes clear of spammy, untargeted outreach.


Google's February 2024 update required email senders to:


  • Authenticate outgoing email

  • Avoid sending unwanted or unsolicited email

  • Make it easy for recipients to unsubscribe

If you are using email in your outbound sales approaches, you need to ask yourself the following questions:


  • Do you send more than 50 emails per day from a single inbox?

  • Are you using your primary domain (Main website) for cold email?

  • Do you only send emails from Microsoft or Google Inboxes?

  • Have you seen a decline in open or reply rates on your email campaigns?

  • Do you track open and click rates on your email campaigns?

If the answer to any of these is YES, then read on...


Tenant, domain and inbox infrastructure


Understanding an alternative infrastructure for cold email will make the difference between your reply rates and open rates dropping off a cliff, to a clear and deliberate plan to scale email with increased and sustainable success.


Note that Google inboxes prioritise emails from Google senders while Microsoft inboxes prioritise emails from other Microsoft senders. As a result, if you send emails to Google from Microsoft accounts (or vice versa) you could be increasing your chances of landing in the spam folder.


Having a diverse and flexible infrastructure will allow you to navigate any of the current and future challenges that Email Service Providers (ESP) send your way.


Let’s keep your primary domain ring-fenced and safe, and build a scalable way to send cold email and mitigate risk.


Tenant Management

Below we've an example set up starting at the 'tenant' level, where tenants are provided by Microsoft 365 and Google Workspace.



In each of the tenants there are multiple domains, and under each domain there are three inboxes (individual users sending outbound email).


This setup means that if any inbox is suspended for ‘spamming’ you can delete it and spin up another user/inbox.


If there are multiple suspensions of inboxes, then the domain reputation may be damaged, in which case you need to close down all inboxes under that domain and replace it with a new one.


You should ensure that whatever domains you use for cold email, they they are NOT the domains used to log in to the main tenant account. In other words, these outbound email tenants should all exist away from the tenant used to run your website and internal email.


Email Sending Volume

Once the inboxes and domains have been warmed up (see below), we recommend sending no more than 50 emails per day from each inbox (this includes the warmup emails).


It's common practice to not use more than 2-3 inboxes per domain. Knowing this, you can then plan for how many domains and inboxes are required to get the email coverage you need.


Web forwarding


Are you who you say you are? If you email from domains that are not pointing to your website, this builds anxiety and distrust with your recipient.


Therefore, when setting up your domains, ensure you set up a web forwarding rule, so that if anyone visits your new emailing domains,they are automatically redirected to your primary domain and website.


This adds trust and ensures consistency of brand across your outreach.


DNS Records


DNS (Domain Name System) records are essentially the roadmap of the internet. They tell the system what to do when someone tries to access your domain.


Here's the key terms to know:


DMARC

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. In simple terms, it's a way to verify that an email sender is who they say they are and prevent spoofing (a fraudulent practice where the sender's address is faked). When you set up a DMARC record, you're helping to protect your domain and the people who receive emails from you from phishing and spam.


DKIM

DKIM, or DomainKeys Identified Mail, is like a digital signature for your emails. When you send an email, the DKIM system adds a special signature to the header of the email. When the email arrives at its destination, the receiving server checks this signature to ensure that the email hasn't been tampered with or changed during transit. It's like a seal of authenticity that reassures the receiver that the email really did come from your domain and isn't spam or malicious content.


SPF

SPF stands for Sender Policy Framework. It's essentially a security measure for your emails. When you send an email, the SPF record tells the receiving server that your domain is authorised to send the email. If the email comes from a domain not listed in the SPF record, the email could be marked as spam or rejected. It's like a VIP list for your emails, ensuring they get delivered to the recipient's inbox and not their spam folder.


Setting up DNS records

These critical steps will help ensure your domain's credibility and improve email deliverability.


While there are multiple providers to help manage this, our preference is to use Cloudflare to manage DNS records and multiple domains. Cloudflare provides a range of services to help manage, secure, and improve the performance of websites and other internet services. It's fast and secure, and used by many businesses to manage their website's DNS records. Hence our instructions are based upon the methodology through Cloudflare.


Setting up DMARC


  • Log in to your Cloudflare account

  • Select your domain: From the list of your domains, click on the domain for which you want to set up the DMARC record.

  • Navigate to DNS settings: Via the menu at the top of the page.

  • Create a new DNS record: Click on the "Add record" button.

  • Configure the DNS record: In the 'Type' dropdown menu, select 'TXT', then:

  • In the 'Name' field, enter '_dmarc'. This is the standard naming convention for DMARC records.

  • In the 'Content' field, you'll need to enter your DMARC policy. This usually looks something like 'v=DMARC1; p=none; rua=mailto:yourname@yourdomain.com', where 'yourname@yourdomain.com' should be replaced with the email address where you want to receive DMARC reports.

  • Leave the TTL (Time to Live) field as 'Auto'.

  • Save your changes: Click on the 'Save' button to apply the changes.

  • Test your DMARC record: It's recommended to test your DMARC record to ensure it's working properly. You can use online DMARC checkers for this purpose.


Setting up a DMARC record is a critical step in protecting your domain from email spoofing and phishing. Always double-check your settings to make sure they're correct.


Setting up SPF


  • Log in to your Cloudflare account

  • Select your domain: From the list of your domains, click on the domain for which you want to set up the DMARC record.

  • Navigate to DNS settings: Via the menu at the top of the page.

  • Create a new DNS record: Click on the "Add record" button.

  • Configure the DNS record: In the 'Type' dropdown menu, select 'TXT'.

  • In the 'Name' field, enter your domain. This should be the domain that you're setting the SPF record for.

  • In the 'Content' field, you'll need to enter your SPF policy. This usually looks something like 'v=spf1 include:_spf.yourprovider.com ~all', where '_spf.yourprovider.com' should be replaced with the SPF record of your email provider. (Usually Google or Microsoft)

  • Leave the TTL (Time to Live) field as 'Auto'.

  • Save your changes: Click on the 'Save' button to apply the changes.

  • Test your SPF record: It's recommended to test your SPF record to ensure it's working properly. You can use online SPF checkers for this purpose.

Setting up an SPF record is an important step in preventing your emails from being marked as spam. Always double-check your settings to make sure they're correct.


Setting up DKIM for Google Users


  • Log in to your Google Admin console: You'll need to log in using an account that has super administrator privileges.

  • Go to Apps > Google Workspace > Gmail > Authenticate Email: You can find these options in the left-hand menu.

  • Select the domain where you want to generate the DKIM key: If you've only got one domain, there won't be a selection to make.

  • Click on the 'Generate new record' button: This will start the process of creating a new DKIM key.

  • Configure the DKIM key settings: You'll need to choose the key bit length. Google recommends using 2048 bits for better security. However, some older systems may only support 1024 bits. Make sure to check with your DNS provider.

  • Click on the 'Generate' button: This creates the DKIM key.

  • Copy the DKIM key: You'll need to add this to your domain's DNS records. The DKIM key will be a long string of characters.

  • Log in to your DNS hosting provider: This is the website where your domain's DNS records are managed. You'll need to add the DKIM key to these records.

  • Create a new TXT record: The exact steps may vary depending on your DNS provider.

  • In the 'Name' or 'Host' field, enter 'google._domainkey'. This is the standard naming convention for Google's DKIM records.

  • In the 'Value' or 'TXT Value' field, paste the DKIM key you copied from the Google Admin console.

  • Save your changes: The new TXT record will be added to your DNS records. It may take some time for the changes to take effect.

  • Verify the DKIM key: Go back to the Google Admin console and click on the 'Start authentication' button. Google will check to see if the DKIM key is correctly set up in your DNS records.

It's important to periodically check your DKIM settings to make sure they're still valid, especially if you make changes to your email system.


Setting up DKIM for Microsoft Users


  • Log in to the Microsoft Admin Center: You'll need to log in using an account that has administrator privileges.

  • Go to Settings > Services & add-ins > DKIM: You can find these options in the left-hand menu.

  • Select the domain where you want to generate the DKIM key: If you've only got one domain, there won't be a selection to make.

  • Click on the 'Enable DKIM' button: This will start the process of creating a new DKIM key. If you do not see the 'Enable DKIM' button, you might see 'Default' instead. Click on it.

  • Click on 'Rotate' under Actions: This will generate a new DKIM key for the selected domain.

  • Copy the CNAME record values: You'll need to add this to your domain's DNS records. You will see two CNAME record values. Each one will be a long string of characters.


Adding CNAME records to your DNS settings in Cloudflare


  • Log in to your Cloudflare account

  • Select your domain: From the list of your domains, click on the domain for which you want to set up the DMARC record.

  • Navigate to DNS settings: Via the menu at the top of the page.

  • Create a new DNS record: Click on the "Add record" button.

  • Configure the DNS record: In the 'Type' dropdown menu, select 'CNAME'.

  • In the 'Name' field, enter the Host value of the CNAME record you copied from the Microsoft Admin Center.

  • In the 'Target' field, paste the Points to address or value of the CNAME record you copied from the Microsoft Admin Center.

  • Leave the TTL (Time to Live) field as 'Auto'.

  • Save your changes: Click on the 'Save' button to apply the changes.

  • Repeat steps 10 to 12 for the second CNAME record: You have two CNAME records generated from Microsoft that need to be added to Cloudflare.

It's important to periodically check your DKIM settings to make sure they're still valid, especially if you make changes to your email system.


Email warmup


Don’t be in a rush to start emailing. Inbox and domain warmup are a crucial step in the process before launching your cold email campaigns.


If you start sending hundreds of emails from a ‘cold’ domain or inbox, then it sends signals to Microsoft and Google that you are using their services for reasons that are not organic day-to-day use of email.


Google ‘inbox warmup’ and there are many providers that will offer this service.

We're fans of Smartlead.ai as both a warmup tool and email outreach platform, as it allows you to warmup and manage unlimited number of inboxes and campaigns.


Want us to help?

We appreciate that this document includes a lot of information, so if you have any questions, want us to talk through anything, or just need a bit more clarification, don't hesitate to get in touch - we're happy to help...😀

bottom of page