What's the first thing an SDR should do when joining a new company for cold email?

Before writing a single email, verify the infrastructure: check that your sending domain has SPF, DKIM, and DMARC configured correctly using MXToolbox, add the domain to Google Postmaster Tools to check its reputation, and run a blacklist check. If your company is sending from its primary domain, flag this as a risk immediately and advocate for secondary sending domains. An unverified or misconfigured infrastructure means every email you send is potentially wasted effort.

What Mail-Tester score should I aim for before launching my first campaign?

Aim for 9/10 or higher. A score below 9 indicates issues that will actively hurt your inbox placement — authentication failures, blacklisted tracking domains, or spam-trigger content in your templates. The test is free and takes two minutes: send your actual campaign email template to the unique address Mail-Tester generates, then review the results. Fix every issue identified before sending to real prospects.

Should I use my company's primary domain for cold email if that's all that's set up?

No — advocate for secondary domains before sending anything. Sending cold email from the company's primary domain creates risk for every email the company sends: customer support, invoices, investor updates, and sales conversations are all on the same domain. One bad cold email campaign or a few spam complaints can damage the domain's reputation enough to put those business-critical emails in spam. If the company won't prioritize secondary domain setup, document your concern in writing so the risk is understood.

What should I check in my cold email templates before going live?

Every template should include: your real name and company identity in the From field, a non-deceptive subject line that accurately reflects the email content, a clear opt-out option (even "reply 'stop' to unsubscribe" works), your company's physical address in a footer (required by CAN-SPAM), and no spam trigger words in the subject or body. Also verify that personalization variables are correctly configured — a template that sends "Hi {{firstname}}" instead of "Hi Sarah" looks worse than no personalization at all.

Cold email setup checklist for SDRs joining a new company

Q: How do I know if my new inbox needs warmup?

Ask your manager when the inbox was created and whether it has sent emails consistently in the past 2 to 4 weeks. If the inbox is new, has never been used for cold email, or has been dormant for more than 2 weeks, it needs warmup before you use it for cold outreach. A dormant inbox — even one that was previously active — loses its established sending signals during the dormancy period. Push to delay your first campaign by 2 to 4 weeks if warmup hasn't been completed or has lapsed.

The most expensive mistake a new SDR makes is sending cold email before verifying the infrastructure underneath it. A misconfigured DKIM record silently filters every email you send. Here's the 30-day audit-then-send checklist that prevents the burned-domain disaster.

Your first 30 days: infrastructure before outreach

When you join a new company as an SDR or sales rep, the temptation is to start prospecting immediately. Don't. The most expensive mistake a new SDR makes is sending cold email before verifying that the infrastructure underneath it is correct.

A domain sent to spam on your first day generates negative signals that compound for weeks. An inbox that's never been warmed lands in spam regardless of how good the copy is. An authentication record that's misconfigured silently filters every email you send without you knowing.

Spend your first week auditing and, if necessary, fixing the infrastructure before you send a single cold email. Use this checklist. It will prevent the majority of deliverability problems that plague new SDR hires.

Part 1: Infrastructure audit (Week 1)

Step 1: Verify your sending domain setup

The first question to answer: are you going to be sending from your company's primary domain (yourcompany.com) or a dedicated outreach domain? If the answer is the primary domain, flag this immediately. Sending cold email from the primary company domain puts every business communication at risk.

Advocate for secondary sending domains. If the company already has them, great. If not, make the case and push to get them set up before your first campaign. If you're going to use the primary domain regardless, at minimum verify that authentication is fully configured before sending anything.

Step 2: Verify SPF, DKIM, and DMARC

Run your sending domain through MXToolbox (mxtoolbox.com). Check:

SPF: Should show a valid TXT record authorizing your sending servers. If it shows "No SPF Record Found" or a PermError, escalate immediately — this must be fixed before you send anything.
DKIM: Should show a valid public key. If your email tool requires a specific DKIM setup, verify that it's been done through your email hosting provider's admin console.
DMARC: Should show a record at _dmarc.yourdomain.com. At minimum, p=none. If there's no DMARC record, your domain isn't meeting Google and Yahoo's 2024 requirements for bulk senders.

Step 3: Check your domain reputation

Add your sending domain to Google Postmaster Tools (postmaster.google.com). This takes about 5 minutes and shows you the current domain reputation rating (High, Medium, Low, or Bad) and spam rate with Gmail. If you're inheriting a domain that a previous SDR has been using, check whether the reputation is already damaged before you start building on it.

Step 4: Run a blacklist check

Go to mxtoolbox.com/blacklists.aspx and check both your sending domain and your sending IP against major blacklists. If your domain or IP appears on any list, do not start sending until you understand why and have a plan to request delisting.

Step 5: Run a full deliverability test

Send a test email to mail-tester.com and review the results. Aim for a score of 9/10 or higher. Common failures include missing authentication records, blacklisted tracking domains, and spam-trigger content in templates. Fix every issue before launching a campaign.

Part 2: Inbox setup (Week 1–2)

Step 6: Confirm your inbox configuration

Verify that your sending inbox is correctly configured:

Your display name matches the name on your company's website or LinkedIn — not a generic alias
Your reply-to address is correct and monitored — replies should reach you, not a dead inbox
Forwarding is set up correctly if you're using a secondary domain inbox
Your email signature includes your name, title, company, and a physical address (required for CAN-SPAM compliance)

Step 7: Confirm warmup status

Ask your manager: is this inbox already warmed up? When was it created? Has it been sending regularly?

If the inbox is new or hasn't been sending for more than 2 weeks, it needs warmup before you use it for cold outreach. A dormant inbox — one that was active but went silent — also needs warmup to restore the sending history. Push to delay your first campaign by 2 to 4 weeks if warmup hasn't been done or has lapsed.

Step 8: Understand the sending volume limits

Know the safe sending limits before you start:

Safe cold email limit per inbox: 30 to 50 emails per day maximum
If you need to send more than 50 per day, request additional inboxes — don't push one inbox beyond its safe limit
Never hit the technical limit of your email provider (2,000 for Google Workspace, 10,000 for Microsoft 365) — these limits exist for transactional email, not cold outreach

Part 3: Campaign setup (Week 2–3)

Step 9: Verify your sending tool configuration

Before building sequences, confirm your cold email sequencer is correctly configured:

Your inbox is connected with the correct SMTP/IMAP credentials or OAuth
Inbox rotation is enabled if you have multiple inboxes
Daily send limits are set at or below 50 cold emails per inbox
Sending is randomized across business hours — not scheduled to blast at exactly 9:00 AM
A custom tracking domain (not the platform's shared domain) is configured for open and click tracking

Step 10: Verify your list

Before uploading any prospect list to your sending tool:

Run every email address through a verification tool (ZeroBounce, NeverBounce, Hunter, or your platform's built-in verification)
Remove all hard-bounced addresses, role-based addresses (info@, sales@, admin@), and any addresses flagged as high-risk
Confirm your target list matches your ICP — targeting the right people matters as much as infrastructure

Step 11: Review templates for compliance

Every cold email template you plan to use should include:

Your real name and company identity in the From field
A non-deceptive subject line that accurately reflects the email content
A way for recipients to opt out (even a simple "reply 'stop' to unsubscribe" line)
Your company's physical address in a footer (required by CAN-SPAM)

Part 4: Go-live checklist

Check	How to verify	Pass criteria
SPF record exists and passes	MXToolbox SPF Lookup	Green result
DKIM record exists and passes	MXToolbox DKIM Checker	Valid key found
DMARC record exists (`p=none` min)	MXToolbox DMARC Lookup	Record found
Domain not on blacklists	MXToolbox Blacklist Check	0 blacklists
Domain reputation not Low/Bad	Google Postmaster Tools	Medium or High
Mail-Tester score	Send test email to mail-tester.com	9/10 or higher
Inbox warmup completed	Warmup platform dashboard	2–4 weeks completed
Email list verified	Verification tool results	Bounce rate under 2%
Sending volume configured	Sequencer settings	Max 50 cold/inbox/day
Compliance elements in templates	Review email templates	Opt-out + address present

References

Pyrsonalize. SDR Onboarding: The 90-Day Dual Checklist Blueprint (February 2026)
Reply.io. Effective SDR Onboarding Plan: Reply's 2-Month Roadmap for 2025 (September 2025)
OptIf.ai. Cold Email Best Practices: 10-Step Checklist (October 2025)
Copy.ai. Cold Email Best Practices Guide: 2025 Edition (July 2025)
Activated Scale. SDR Cold Email Tips And Templates (November 2025)
Puzzle Inbox. Cold Email Domain Setup: The Complete DNS Configuration Guide (March 2026)
Topo.io. Cold Email Sending Limits: The 2025 Playbook for Not Getting Blacklisted (April 2026)
Mailshake. Cold Email Compliance: The Essential 2026 Guide (April 2026)

At Mailflo, we set up complete cold email infrastructure for SDR teams joining new companies — so you can hit the ground running with proper authentication, warmup, and monitoring in place from day one.