Why your cold email lands in spam (and the six fixes that work)

Most cold outreach lands in spam for one of six reasons. Walk through them in order — fix the first one that fails and your inbox-placement number usually moves immediately.

1. Authentication isn't actually working.

SPF, DKIM, and DMARC are foundational, and almost everyone gets them wrong at least once. The most common failures: SPF record references a vendor you stopped using (so receiving servers see authorization that doesn't actually exist), DKIM signatures fail because the public key in DNS doesn't match what the platform is signing with, or DMARC is set to p=reject before SPF/DKIM are clean (so your own legitimate mail bounces).

Fix: run every domain through Google's mail-tester or MXToolbox auth check. Every domain. Don't trust dashboards that say "configured" — trust the receiving end's verdict.

2. The mailbox has no warmup history.

A new mailbox sending 50 emails on day one looks like a botnet to Gmail. There's no reputation data, no engagement history, no signal that this sender is legitimate. The default response is to filter aggressively.

Fix: 21-day warmup ramp before production volume. Real-mailbox warmup peering (BoomSauce uses CheddarInbox) gives you genuine engagement signals — opens, replies, archives — that build reputation faster than synthetic warmup pools.

3. List quality is poor.

Bounce rate is the loudest signal you can send a mailbox provider. Hard bounces above 5% trigger throttling at most providers; above 8% you're effectively blacklisted within a week. The list, not the platform, is the variable that matters most.

Fix: verify every address before upload (Hunter, NeverBounce, ZeroBounce, etc.). Pull the bounce rate down below 2% and most other signals start mattering more.

4. The first email contains links, images, or attachments.

This is the most-violated rule in cold email. Links and images at first touch are a near-certain spam-filter trigger. The pattern is so well-trained that even reputable senders get downgraded for using them on cold outreach.

Fix: first email is plain text. No links. No tracking pixels. No images. No calendar invites. The only thing it asks for is a reply. Subsequent touches can introduce links once a reply has happened.

5. Sending volume per domain is too high.

A single domain can carry maybe 100 cold emails per day before reputation starts compounding negatively. Above that, you need domain rotation — multiple domains absorbing fractions of the volume so no single sender crosses the threshold.

Fix: budget one domain per 100 daily sends, one mailbox per 30–50 daily sends. Send-time enforcement (BoomSauce does this) prevents accidentally over-loading any single source.

6. Content is generic — and the spam filters know it.

Modern spam filters use language models. Generic templates that look like other generic templates get scored down even when they're clean otherwise. Personalization at the {firstName} level is no longer enough.

Fix: every email needs at least one specific, verifiable detail about the recipient or their company that couldn't have been generated. The bar isn't "personal-feeling" — it's "demonstrably not generated by a template engine."

The order matters. Don't optimize content (#6) when your bounce rate is at 8% — fix the list first. Don't crank up volume per domain (#5) when DMARC is misconfigured (#1). The framework is hierarchical: each layer depends on the one above it.