ResearchDeliverability

Cold Email Deliverability: What Actually Matters

Everything that helps (and hurts) your emails reaching the inbox. Authentication, infrastructure, content signals, and the data behind every decision we made building HeyLinks.

Sources reviewed
25+
Emails analyzed
50M+across studies
Read time
12 min
In this article
1.What affects deliverability2.Why we don't track opens3.Progressive enrichment4.SPF, DKIM, and DMARC5.SMTP relay vs Google Workspace6.Infrastructure scaling7.What HeyLinks does

What Affects Deliverability

Gmail, Outlook, and Yahoo each run hundreds of signals through their spam filters. But for cold email, a handful of factors account for the vast majority of inbox placement. Here is how they stack up, ranked by impact.

Impact on Inbox Placement
Authentication (SPF + DKIM + DMARC)95%
Sender reputation (domain age, volume)85%
Recipient engagement (replies, opens)75%
Content quality (personalization, length)60%
Sending volume and warmup55%
Links and images in body30%
Tracking pixels25%
Based on analysis of 50M+ cold emails across Lemlist, Woodpecker, Instantly, and Mailshake studies (2023-2026).
Helps deliverability
Authenticated domain (SPF + DKIM + DMARC)
High reply rate (strongest positive signal)
Personalized content (name, page title, context)
Plain text or minimal HTML
Gradual warmup (start 5/day, ramp over 3 weeks)
Dedicated sending domain (not your main)
Hurts deliverability
Tracking pixels (open tracking)
Clickable links in first email
High bounce rate (bad email list)
Spam complaints (mark as spam)
Identical content across recipients
Too many images or heavy HTML

Why We Don't Track Open Rates

Most cold email tools inject a 1x1 transparent image (a tracking pixel) into every email. When the recipient opens the email, their email client loads the image from a tracking server, which records the open. Sounds useful. Here is why it is actually a problem.

How a tracking pixel works
1
You send email
Pixel embedded as <img> tag
2
Recipient opens
Email client loads the image
3
Server records
Tracks timestamp + IP address
4
Problem
Gmail sees the external request
The problem
Gmail, Outlook, and Yahoo all treat external image loads in unsolicited emails as a tracking signal. Since 2024, Google has been proxying images for Gmail users, which masks IP addresses. But the proxy itself flags the email as containing tracking infrastructure. For a cold email from an unknown sender, that flag contributes to spam scoring.
Open tracking accuracy (2025-2026)
Apple Mail users (MPP fakes opens)96% false positives
Gmail users (image proxy)40% unreliable
Outlook users (images blocked by default)65% missed
Actual reliable signal15% of opens are real
Apple Mail Privacy Protection (MPP), launched 2021, pre-fetches all images. ~50% of all email clients now fake opens automatically. Sources: Litmus 2025 Email Client Market Share, Validity 2025 Deliverability Report.
What HeyLinks does instead
We track reply rate as the primary engagement metric. Replies are the strongest positive signal for Gmail (they prove the recipient wanted the email), cannot be faked by privacy software, and directly correlate with link swap success. A 12% reply rate tells you far more than a 45% open rate where half the opens are Apple MPP ghosts.

Progressive Enrichment: When to Add What

The safest first email is plain text with zero images and zero links. Each follow-up in the same thread can safely introduce richer content because Gmail gives threading credit to replies within an existing conversation. Here is the strategy.

1
First Email: Plain Text Only
No images, no clickable links, no tracking pixels. Just personalized text. This gives you the best possible chance of landing in the primary inbox. Lemlist's 2024 study of 10M+ campaigns found plain text emails had 94% inbox placement vs 82% for HTML-heavy emails.
2
Follow-Up 1 (Day 3): Still Plain Text
Short bump in the same thread. The threading credit from your original email gives a slight boost, but you are still cold (no reply yet). Keep it clean.
3
Follow-Up 2 (Day 10): Introduce Screenshot
By now, the recipient has seen two messages from you without marking them as spam. Gmail treats this non-negative signal as mild trust. You can now include an inline screenshot showing exactly where their link is on the page. Lemlist found that a single embedded image in follow-ups increased reply rates by ~20% without meaningful deliverability impact.
4
Follow-Up 3+ (Day 17+): Close Out
Final follow-ups should be short and low-pressure. You can include the screenshot again if it helps, but the email itself should be 2-3 sentences max. After 3 unreplied follow-ups, the value of additional messages drops sharply.
Content by email position
EmailLinksImagesTrackingRisk Level
First emailNoneNoneNoneLowest
Follow-up 1NoneNoneNoneLow
Follow-up 2None1 inlineNoneMedium
Follow-up 3+NoneOptionalNoneMedium
After replySafeSafeN/AVery low
Why not links in follow-ups?
Even in same-thread follow-ups, clickable URLs still trigger link-scanning by Gmail and Outlook. Each link is checked against phishing databases and reputation lists. For cold outreach before the recipient has replied, the safest approach is to mention your site as plain text (e.g. "mysite.com") and let the recipient type it or copy-paste. After they reply, links are safe.

SPF, DKIM, and DMARC Explained

Email authentication is the single most important factor for deliverability. Since February 2024, Gmail and Yahoo require all bulk senders to have SPF, DKIM, and DMARC properly configured. Microsoft followed in 2025. Without all three, your emails will land in spam.

S
SPF
Sender Policy Framework

A DNS TXT record that lists which mail servers are allowed to send email for your domain. When Gmail receives an email from "you@yourdomain.com," it checks the SPF record to verify the sending server is authorized.

D
DKIM
DomainKeys Identified Mail

A cryptographic signature added to each email header. The receiving server uses your public key (published in DNS) to verify the email was not tampered with in transit and actually came from your domain.

D
DMARC
Domain-based Message Authentication

The policy layer that ties SPF and DKIM together. It tells receiving servers what to do if authentication fails (reject, quarantine, or none) and where to send failure reports. Gmail requires at minimum "p=none" but "p=quarantine" or "p=reject" is recommended.

Inbox placement by authentication status
SPF + DKIM + DMARC (all three)96% inbox
SPF + DKIM only (no DMARC)78% inbox
SPF only52% inbox
No authentication18% inbox
Source: Validity Sender Certification, 2025. Based on aggregate data from 1B+ email deliveries.
Quick setup checklist
1. Add an SPF record to your domain's DNS (your email provider gives you the exact value). 2. Enable DKIM signing in your email provider settings and publish the public key in DNS. 3. Add a DMARC record starting with "v=DMARC1; p=none;" then upgrade to "p=quarantine" after monitoring reports for 2 weeks. All three together takes about 15 minutes and is the highest-impact change you can make for deliverability.

SMTP Relay vs Google Workspace

People often ask about using an SMTP relay service (like SendGrid, Amazon SES, or Postmark) for outreach. Here is why that is almost always the wrong choice for cold email, and what to use instead.

Google Workspace / M365
SMTP Relay (SendGrid, SES)
Inbox placement
Good: 94-96% (dedicated IP, Google reputation)
Bad: 30-50% (shared IP, cold email flagged)
ToS for cold email
Good: Allowed (within volume limits)
Bad: Explicitly prohibited by most services
Cost per mailbox
Good: $6-7/month per account
Bad: $0.10-1.00 per 1,000 emails
IP reputation
Good: Your own (clean, not shared)
Bad: Shared pool (other senders affect you)
Daily limit
Good: 500 per account (2,000 for Workspace)
Bad: Unlimited (but spam filtering kicks in)
Best for
Good: Cold outreach, follow-ups, link building
Bad: Transactional email (receipts, notifications)
Why SMTP relays fail for cold email
SendGrid, Amazon SES, and Postmark all prohibit unsolicited email in their Terms of Service. If your cold emails generate spam complaints, these services will suspend your account. Even before that happens, their shared IP pools mean other senders' bad behavior directly impacts your deliverability. Every major cold email platform (Lemlist, Instantly, Smartlead) explicitly recommends Google Workspace or Microsoft 365.
The recommended setup
Use Google Workspace ($7/month) or Microsoft 365 ($6/month) on a dedicated sending domain. Not your primary domain. Buy a new domain like "outreach-yourbrand.com" and set up 2-3 email accounts on it. Warm each account for 2-3 weeks before sending. This keeps your main domain's reputation completely isolated from outreach.

Scaling Your Sending Infrastructure

The biggest mistake in cold email is going too fast. Here is a proven scaling timeline based on data from Instantly (30M+ emails analyzed), Smartlead, and Woodpecker.

Recommended scaling timeline
Week 1-2
5 emails/day per account
Warmup phase
Let warmup tools send and receive between real inboxes. Do not send any cold email yet.
Week 3
10-15 emails/day per account
Soft launch
Start with your highest-quality prospects (Grade A). These are most likely to reply, which builds domain reputation.
Week 4-6
20-30 emails/day per account
Ramp up
Expand to Grade B prospects. Monitor bounce rate (keep under 3%) and spam complaint rate (keep under 0.1%).
Week 7+
30-40 emails/day per account
Steady state
Full volume. Add more accounts to scale further (3-5 accounts per domain, 3-5 domains total). That gives you 270-1,000 emails/day.
Multi-domain infrastructure example
outreach-brand.com
3 accounts · 90-120 emails/day
links-brand.com
3 accounts · 90-120 emails/day
mail-brand.com
3 accounts · 90-120 emails/day
Total: 9 accounts across 3 domains = 270-360 emails/day
Key thresholds to monitor
Bounce rate: Keep under 3%. Above 5% and Gmail starts throttling your domain. Spam complaint rate: Keep under 0.1% (1 complaint per 1,000 emails). Google Postmaster Tools shows this in real time. Reply rate: Healthy outreach sees 8-15%. Below 3% means your targeting or copy needs work.

What HeyLinks Does for Deliverability

Every decision in our email pipeline is built around maximizing inbox placement. Here is the full list.

Built in
No tracking pixels (reply rate as primary metric)
No clickable links in any email before reply
Plain text first emails (minimal HTML)
Progressive enrichment (screenshots in follow-up 2)
Varied template language across template types
AI content hooks for per-prospect personalization
Bounce detection with auto-marking
List-Unsubscribe headers on every email
Opt-out detection with auto-decline
You set up
Dedicated sending domain (not your main site)
SPF + DKIM + DMARC on that domain
Google Workspace or Microsoft 365 account
2-3 week warmup before sending
Volume ramp (start 5/day, grow to 30-40)
Monitor Google Postmaster Tools
Email lifecycle in HeyLinks
1
Prospect scored
Grade A-D
2
Template selected
Based on signals
3
AI personalization
Content hook generated
4
Plain text sent
No images or links
5
Follow-up sequence
Screenshot at step 2
6
Reply detected
Primary metric tracked
Bottom line
The emails that actually get replies are short, personalized, and clean. No tracking infrastructure, no marketing HTML, no clickable links in the first touch. Everything in HeyLinks is built to look like a real person writing a real email, because that is exactly what Gmail rewards.
Sources and further reading
Lemlist, "Cold Email Deliverability Guide 2024" (10M+ campaign analysis)
Woodpecker, "20 Million Cold Emails Study" (cadence and timing data)
Instantly, "Email Warmup and Deliverability Report 2025" (30M+ emails)
Validity, "2025 Email Deliverability Benchmark Report" (1B+ deliveries)
Google, "Email Sender Guidelines" (Feb 2024 authentication requirements)
Litmus, "2025 Email Client Market Share Report" (Apple MPP adoption data)
Mailshake, "HTML vs Plain Text for Cold Email" (A/B test results)
Smartlead, "Infrastructure Scaling Guide for Cold Outreach" (2025)