ProfitLoopHQ

Cold Email Deliverability Checklist for 2026 (The 18-Point Audit)

Updated June 27, 2026 · 11 min read · By ProfitLoopHQ Editorial

Cold email envelopes flowing past spam filters into an inbox

If your cold email reply rate dropped this year, it probably isn't the copy. Gmail and Yahoo's 2024 bulk-sender rules tightened again in 2026, and roughly 60% of cold programs we audit are silently landing in spam. Here's the 18-point audit we run before any campaign goes live.

The audit

DNS

  • 1. SPF record published and aligned with your sending domain.
    Why: Without alignment, Google and Yahoo route you straight to spam under the 2024 bulk-sender rules.
  • 2. DKIM with 2048-bit key, signed on every send.
    Why: 1024-bit keys are deprecated; unsigned mail is filtered by default at major providers.
  • 3. DMARC at p=quarantine or stricter.
    Why: p=none is no longer accepted as 'enforced' by Gmail/Yahoo for bulk senders.
  • 4. BIMI record + VMC certificate (optional, but lifts open rates 5–10%).
    Why: Your logo in the inbox = visible trust signal.

Infrastructure

  • 1. Dedicated sending domain (not your primary).
    Why: If you burn deliverability, you don't burn your billing domain.
  • 2. Separate IPs for marketing vs cold outbound.
    Why: ESPs reputation-score by IP; one bad list poisons the rest.

Warmup

  • 1. 21+ days of warmup before any cold volume.
    Why: New mailboxes with zero history get filtered hard.
  • 2. Ongoing warmup at 10–20% of daily send volume.
    Why: Reputation is a moving average, not a milestone.

List

  • 1. Every email verified within 72 hours of send.
    Why: Bounce rate over 4% is a hard signal to ESPs that you're spamming.
  • 2. Suppression list updated daily (unsubs, bounces, replies).
    Why: Sending again to a bounced address is the fastest way to a blocklist.
  • 3. Catch-all domains routed through a tighter verifier or skipped.
    Why: Catch-alls accept everything, then silently drop — they tank reply rates.

Content

  • 1. No tracking pixels on cold sends.
    Why: Apple Mail Privacy + Gmail filters flag tracking pixels on first-touch mail.
  • 2. Plain-text or lightly-styled HTML only.
    Why: Image-heavy emails trip spam classifiers — and most cold recipients block images.
  • 3. One link per email, max.
    Why: Two+ links on a first touch is a strong spam predictor in 2026 models.
  • 4. List-Unsubscribe header (RFC 8058 one-click).
    Why: Required by Gmail/Yahoo for any sender over 5K/day.

Volume

  • 1. Max 50/day/mailbox cold, ramp slowly.
    Why: Volume spikes are the #1 cause of overnight reputation drops.

Monitoring

  • 1. Google Postmaster + Yahoo Sender Hub dashboards checked weekly.
    Why: These are the only ground-truth views of how Gmail/Yahoo actually see you.
  • 2. Seed inbox tests (GlockApps or similar) every campaign.
    Why: Reply rate alone doesn't tell you what % hit spam.

If you only fix three things

  1. Move cold off your primary domain to a lookalike, today.
  2. Warm every new mailbox for 21+ days before any volume.
  3. Verify the entire list within 72 hours of send and cap bounces under 2%.

FAQ

Is cold email still allowed in 2026?
Yes — cold B2B email is legal in the US under CAN-SPAM and in the EU under GDPR's legitimate-interest basis, provided you identify yourself, use a real sender address, and honor unsubscribes. The bigger risk is deliverability, not legality.
What bounce rate kills deliverability?
Anything above 4% in a 24-hour window will get you throttled by Gmail. Above 8% and you can land on a blocklist within days. Aim for under 2%.
Do I need a separate domain for cold email?
Yes. Always send cold outreach from a dedicated lookalike domain (e.g. getcompany.com instead of company.com) so deliverability problems don't impact your primary email or product transactional mail.
How long should I warm up a new mailbox?
21–28 days minimum, ramping from 5 sends/day to 40–50/day. Skip warmup and your first campaign lands in spam regardless of how good the copy is.