How long does it take to set up a cold email domain from scratch?

The technical setup — domain registration, DNS configuration, email hosting, and authentication records — takes approximately 2 hours for an experienced person and 4 to 6 hours for someone doing it for the first time. DNS propagation adds another 15 minutes to 2 hours before records are verifiable globally. After setup, you still need 2 to 4 weeks of inbox warmup before launching any cold email campaigns. Total time from domain purchase to first campaign: roughly 3 to 5 weeks.

Do I need a separate cold email domain or can I use my company's main domain?

You need a separate domain. Never send cold email from your primary company domain. If a cold email campaign generates spam complaints or high bounces, the damage attaches to your sending domain — and if that's your main domain, your customer support replies, invoices, and investor emails land in spam alongside your cold outreach. Register a brand-adjacent secondary domain (like getacme.com if your company is acmecorp.com) and use that exclusively for cold outreach.

Why does DMARC have to start at p=none? Can I start stricter?

Starting at p=none (monitoring mode) is strongly recommended because it lets you verify that all your legitimate sending sources are correctly passing authentication before enforcement begins. If you start with p=quarantine or p=reject and any legitimate sender — your sequencer, your email marketing tool, or a team member using a different service — isn't covered by your SPF or signed with your DKIM key, those emails get blocked. Monitor at p=none for 2 to 4 weeks, confirm all legitimate mail passes, then graduate to stricter policies.

What TLD should I use for my cold email sending domain?

Stick to .com, .co, or .io. Analysis of over 30 million cold emails showed that less common TLDs like .biz, .info, .online, and .xyz get fewer replies and face more spam filter scrutiny. Cold email from an .info domain raises an immediate credibility flag — recipients and spam filters alike are conditioned to be skeptical of those extensions because they're disproportionately used by bad actors.

How do I verify my domain is correctly set up before I start sending?

Run three checks in order: first, check SPF, DKIM, and DMARC records with MXToolbox — all three should pass. Second, send a test email to mail-tester.com from your configured inbox and confirm you score 9/10 or higher. Third, verify your MX records are live so replies have somewhere to go. Only proceed to warmup — and never to cold campaigns — until all three checks pass clean.

How to set up a cold email domain from scratch (step-by-step)

Most cold email guides start with copy. This one starts with DNS — because seventy percent of deliverability problems trace back to incorrect or missing DNS records, not bad subject lines. Here's the complete two-hour setup that protects every campaign you'll ever run.

Why domain setup is the most important step you'll take

Most cold email guides start with copy. This one starts with DNS. Because the brutal truth is: no amount of great writing, smart targeting, or clever sequencing will save you if your domain is misconfigured. Seventy percent of deliverability problems trace back to incorrect or missing DNS records — not bad subject lines.

Setting up a cold email domain correctly is a one-time investment of about two hours that protects every campaign you run for months afterward. Skip or rush it and you'll spend far more time debugging spam placement issues, recovering burned domains, and rebuilding sender reputation from scratch.

This is the complete, step-by-step process for setting up a cold email domain from zero. Follow it in order. Every step matters.

Step 1: Register a dedicated sending domain

Before anything else: do not use your primary company domain for cold email. Ever. Register a new domain specifically for outreach.

Choosing the right domain name

Your sending domain should be brand-adjacent — recognizable as a variant of your company, but clearly separate from your main domain. If your company is acmecorp.com, good sending domain options include:

getacme.com
tryacmecorp.com
acme-sales.com
hiacmecorp.com
acmehq.com

Avoid domains with multiple hyphens, numbers, or generic keywords stuffed in. These carry a slight spam signal because bad actors disproportionately use them. Stick to .com, .co, or .io — an analysis of over 30 million cold emails showed that less common TLDs like .biz, .info, and .online get fewer replies and face more spam filter scrutiny.

Where to register

Domain registration costs $8 to $15 per year for a .com at registrars like Namecheap, Cloudflare (near-wholesale pricing), or GoDaddy. If possible, check the domain's history before purchasing using MXToolbox or Talos to confirm it hasn't been previously blacklisted or used for spam.

Set up a redirect

Once registered, set up a 301 redirect from your sending domain to your main company website. When prospects Google the sending domain after receiving your email, they should land on your real site — not a parked page or a 404. A domain that resolves to nothing looks suspicious to both spam filters and recipients.

Step 2: Choose your email hosting provider

Your sending domain needs an email hosting provider — the service that actually manages your inboxes and routes your email. The two standard options for cold email are Google Workspace and Microsoft 365.

Factor	Google Workspace	Microsoft 365
Trust level	Very high — broadly trusted	High — Outlook trusted
Daily technical limit	2,000 emails/day per account	10,000 emails/day per account
Safe sending limit (cold)	30–50 cold emails/inbox/day	30–50 cold emails/inbox/day
Cost	~$6–$14/user/month	~$6–$22/user/month
DKIM setup	Google Admin Console	Microsoft 365 Defender Portal
Practitioner preference	Most preferred for cold email	Good alternative; diversification benefit

Most experienced cold email practitioners recommend Google Workspace for new setups, primarily because of its trust level across all inbox providers. However, using a mix of Google Workspace and Microsoft 365 inboxes across your sending domains provides diversification and can improve overall deliverability at scale.

Step 3: Configure MX records

MX (Mail Exchange) records tell the internet where to deliver incoming email for your domain. Without properly configured MX records, your domain cannot receive replies — and many spam filters are suspicious of sending domains that cannot receive mail.

For Google Workspace, your MX records should point to Google's mail servers. Google provides these exact values in your Admin Console when you add a domain. For Microsoft 365, your MX record points to a Microsoft-provided address specific to your domain.

Add MX records in your DNS provider's control panel (GoDaddy, Namecheap, Cloudflare, etc.). DNS propagation typically takes 15 minutes to 2 hours, though full global propagation can take up to 48 hours. Verify your MX records are live using MXToolbox's MX Lookup before proceeding.

Step 4: Configure SPF

SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorized to send email on behalf of your domain. When a receiving mail server gets an email from your domain, it checks your SPF record to verify the sending server is on the approved list.

For Google Workspace, your SPF record looks like this:

v=spf1 include:_spf.google.com ~all

For Microsoft 365:

v=spf1 include:spf.protection.outlook.com ~all

If you use both Google Workspace and Microsoft 365, or additional sending services, combine them in a single SPF record:

v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all

Critical rules for SPF:

You can only have one SPF record per domain. Having two causes a PermError that makes SPF fail entirely.
Keep your DNS lookup count under 10. Each include: statement counts as one lookup. Exceeding 10 causes SPF to fail regardless of the record content.
Never use +all — this allows any server to send on your behalf, effectively disabling SPF protection.

The ~all (soft fail) at the end means servers not on your list are flagged but not outright rejected. Use -all (hard fail) only after you're confident your SPF covers all legitimate senders.

Step 5: Configure DKIM

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The signature proves the email came from an authorized server and wasn't modified in transit. Unlike SPF, DKIM survives email forwarding — which is why deliverability experts recommend a DKIM-first approach.

DKIM setup is done through your email hosting provider:

Google Workspace: Admin Console → Apps → Google Workspace → Gmail → Authenticate Email. Generate a new record (use 2048-bit key length). Google provides a TXT record value to add to your DNS.
Microsoft 365: Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → DKIM. Enable DKIM signing and add the provided CNAME records to your DNS.

After adding the DKIM record to DNS, return to your email provider's console and enable DKIM signing. The record typically propagates within 30 minutes to an hour. Verify it's working using MXToolbox's DKIM checker or Mail-Tester.

Use a 2048-bit DKIM key, not 1024-bit. Yahoo in particular has been known to reject email from domains using shorter key lengths, and the stronger key is the current standard for professional cold email.

Step 6: Configure DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the policy layer that tells receiving servers what to do when an email fails SPF or DKIM, and sends you reports on who is sending email using your domain.

Add a TXT record at _dmarc.yourdomain.com. Start with a monitoring-only policy:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; fo=1

The fields:

p=none — monitor only, take no action on failures. Start here.
rua= — where aggregate DMARC reports are sent. Use a real inbox you'll actually check.
fo=1 — generate forensic reports on any failure, not just full failures.

After 2 to 4 weeks of monitoring, review your DMARC reports. If all legitimate sending sources are passing, upgrade to p=quarantine (failing emails go to spam). After another clean period, upgrade to p=reject (failing emails blocked entirely). Never skip this graduated rollout — jumping straight to p=reject before verifying your setup can block legitimate email.

Step 7: Set up a custom tracking domain (optional but recommended)

If your cold email tool tracks opens and clicks, it inserts tracking links into your emails. By default these links use the platform's own tracking domain — shared with every other user of that platform. A shared tracking domain used by thousands of senders is a known deliverability risk.

Set up a custom tracking subdomain on your sending domain (e.g., track.yoursendingdomain.com) and point it to your cold email tool's tracking server using a CNAME record. Your sending platform will provide the exact CNAME value in its settings.

Step 8: Create your email accounts

With DNS fully configured and verified, create your email inboxes on the sending domain. Best practices:

Use real human names, not generic addresses: john@sendingdomain.com, not sales@ or info@
Create 2 to 3 inboxes per sending domain — enough to distribute volume without concentrating risk
Set up forwarding from each inbox to your main business email so replies reach your team
Verify login credentials and test that each inbox can send and receive before warmup

Step 9: Verify your full setup

Before you start warmup and before you send a single cold email, verify your entire configuration:

MXToolbox.com — check MX, SPF, DKIM, and DMARC records. Confirm all pass.
Mail-tester.com — send a test email and score your setup. Aim for 9/10 or higher.
Google Admin Toolbox (toolbox.googleapps.com) — checks SPF and DKIM for Google Workspace domains.

Only proceed to warmup after your setup scores clean across all verification tools.

Step 10: Warm up before you send

A technically perfect setup is not the same as a sending-ready setup. New domains have zero reputation. Without warmup, your first cold email campaign will land in spam regardless of how well your DNS is configured.

Start warmup immediately after verifying your DNS setup. Most cold email platforms include built-in warmup tools that automate this process. Run warmup for at least 2 to 4 weeks, gradually increasing sending volume from 10 to 20 emails per day up to your target volume before launching any cold outreach.

Keep warmup running continuously — even after you launch campaigns. Warmup is ongoing maintenance, not a one-time step.

Quick setup checklist

Step	Action	Verify with
1	Register sending domain (brand-adjacent .com)	Whois lookup
2	Set up domain redirect to main website	Browser check
3	Choose email hosting (Google Workspace or Microsoft 365)	Account setup
4	Add MX records	MXToolbox MX Lookup
5	Add SPF TXT record	MXToolbox SPF Lookup
6	Add DKIM record (2048-bit)	MXToolbox DKIM Checker
7	Add DMARC record (start `p=none`)	MXToolbox DMARC Lookup
8	Set up custom tracking domain (CNAME)	Sending tool dashboard
9	Create email inboxes (human names, 2–3 per domain)	Login test
10	Run full verification (Mail-Tester: 9/10+)	Mail-Tester.com
11	Start warmup (minimum 2–4 weeks)	Warmup tool dashboard

References

Mailforge. Cold Email DNS Setup: Step-by-Step Instructions
Puzzle Inbox. Cold Email Domain Setup: The Complete DNS Configuration Guide (March 2026)
Mailforge. How to Set Up Custom Domains for Cold Email
Instantly. How to Set Up an Email Domain for Cold Outreach (June 2024)
Sparkle.io. Cold Email Domain Setup: The Repeatable 10-Step Process We Trust (April 2026)
Salesforge. How to Set Up Domain & Mailbox for Cold Email?
Talmore+. How to Set Up a Domain and Mailbox for Cold Email Outreach
Microsoft Learn. Connect your domain by adding DNS records — Microsoft 365 (April 2026)
Cloudflare. Set up email records — Cloudflare DNS docs (April 2026)
Mailforge. Automated DNS Setup for Cold Email Domains

Domain setup done right is time-consuming when you're managing multiple sending domains. Mailflo automates the entire process — domain registration, DNS configuration, inbox creation, and warmup — so your team can skip straight to sending.