The Cold Email Infrastructure Setup Checklist (2026)
A cold email infrastructure setup checklist covers seven stages in order: register dedicated sending domains, provision an isolated mailbox tenant per domain, configure SPF, DKIM, and DMARC, create distinct human-named mailboxes, run automated warmup before any campaign, connect to a sequencer, and start sending at low volume with monitoring in place. Done in this sequence, the technical foundation is sound; skip a step and deliverability suffers.
Why the order matters
Cold email setup fails most often not because a single record is wrong, but because the steps run out of sequence. Warmup before authentication is configured wastes the ramp. Sending before warmup torches a new domain. Each stage depends on the one before it.
This checklist assumes Microsoft 365 mailboxes, the more common choice for cold outreach on dedicated infrastructure. If you are weighing platforms first, see Microsoft 365 vs Google Workspace for cold email.
The seven-stage checklist
| Stage | What you do | Why it matters |
|---|---|---|
| 1. Domains | Register dedicated secondary sending domains | Protects your primary brand domain |
| 2. Tenants | One isolated tenant per sending domain | Stops reputation bleed between domains |
| 3. Authentication | SPF, DKIM, DMARC on every domain | Receivers can verify the sender |
| 4. Mailboxes | Distinct human sender names, conservative limits | Avoids look-alike, bulk-sender signals |
| 5. Warmup | Automated ramp before any campaign | Builds reputation gradually |
| 6. Sequencer | Connect real mailboxes to your tool | Sending happens through your platform |
| 7. Monitor & rotate | Watch reputation, replace worn assets | Sustains volume over months |
Stage 1: Domains
Buy secondary sending domains rather than sending cold mail from your primary brand domain. If a sending domain’s reputation gets damaged, it should never touch the inbox you rely on for real business. Choose clean, professional domains — see how to choose cold email domains and secondary domains for cold email for selection criteria.
Set up forwarding and a basic landing page so the domains look legitimate, and give them time before they carry full volume.
Stage 2: Tenants and isolation
Provision a separate Microsoft 365 tenant for each sending domain. This is the isolation step. When domains share a tenant or an IP pool, a complaint problem on one can pull down the rest. Dedicated, isolated infrastructure keeps that blast radius to a single domain. For background, read what mailbox provisioning is and the Microsoft 365 tenant explained.
Stage 3: Authentication (SPF, DKIM, DMARC)
Three DNS records let receiving servers verify that mail genuinely comes from your domain:
- SPF authorises which servers may send for the domain.
- DKIM cryptographically signs each message.
- DMARC tells receivers how to handle messages that fail the first two.
All three are non-negotiable in 2026. Google and Yahoo’s bulk-sender requirements, effective February 2024, require SPF, DKIM, and DMARC, one-click unsubscribe, and a spam complaint rate kept low (commonly cited as under roughly 0.3%). Work through the SPF/DKIM/DMARC setup checklist record by record before sending anything.
Stage 4: Mailboxes
Create mailboxes with distinct human sender names — real-sounding people, not info@ or sales@ aliases that look automated. Keep per-mailbox daily sending conservative; spreading volume across more mailboxes is safer than pushing any single one hard. Microsoft Exchange Online enforces its own platform sending limits per mailbox (check current Microsoft documentation for the exact figures on your plan), but those ceilings sit far above what cold outreach should ever approach. See how many mailboxes per domain and how many cold emails per day for sizing.
Stage 5: Warmup
Warmup is the gradual ramp that builds a new mailbox’s reputation through low-volume, engaged sending before real campaigns begin. Skipping it is the fastest route to the spam folder. Run automated warmup on every new mailbox and domain, and do not point campaign volume at them until the ramp is done. Expect this to take weeks, not days — details in what email warmup is and how long email warmup takes.
Stage 6: Connect the sequencer
Connect your warmed, real mailboxes to your sequencer — the tool that schedules and sends sequences. Use native OAuth connections where possible; Microsoft has been retiring basic authentication and pushing modern auth/OAuth, so check current Microsoft announcements for exact timelines. OAuth-native setups are already prepared for that shift. More on the sending tool itself in the cold email sequencer explained.
Stage 7: Monitor and rotate
Setup is not a one-time event. Sending domains wear out under sustained volume, often within a few months, so the final stage runs continuously:
- Monitor reputation, bounce rates, and complaint signals.
- Pull underperforming mailboxes out of rotation.
- Replace worn domains and mailboxes as they degrade.
- Keep authentication records current.
Plan for domain rotation from the start, and read why cold email domains burn out so the wear pattern does not surprise you.
A note on legality
Completing every technical step does not make cold email legal. Authentication and infrastructure govern deliverability, not permission. Consent rules vary by the recipient’s jurisdiction — Germany’s UWG §7(2) generally requires prior opt-in for advertising email, including B2B — and responsibility sits with you as the sender. See the cold email GDPR guide. This is not legal advice.
How Mailionaire approaches this
We run the whole checklist as a managed service: an isolated Microsoft 365 tenant per sending domain, SPF, DKIM, and DMARC configured automatically, distinct human sender names, warmup set up for you, and ongoing monitoring that replaces mailboxes and domains as they wear out. Pricing is a flat $50 per active domain per month, with EU/Swiss data residency available as an optional add-on. See how it works for the full flow.
FAQ
What is the correct order for setting up cold email infrastructure?
Register sending domains first, then provision an isolated mailbox tenant per domain, configure SPF, DKIM, and DMARC, create distinct human-named mailboxes, run warmup before any campaign, connect to your sequencer, and only then start at low volume. Skipping warmup or sharing infrastructure is the most common cause of early spam folder placement.
How many mailboxes and domains do I need to start?
It depends on target volume. Work backwards: decide your total daily sends, keep each mailbox's share low, and you get the mailbox count. Then group those mailboxes onto domains rather than loading one domain heavily. Many operators run a handful of secondary domains, each with a few mailboxes. More domains spread risk but add management overhead.
Do I need a separate tenant for each sending domain?
Isolation is the safest pattern. When each sending domain sits in its own Microsoft 365 tenant, reputation problems on one domain cannot contaminate the others. Shared tenants and shared IP pools mean one bad sender can drag down everyone else, which is why dedicated, isolated infrastructure is preferred for cold outreach.
Does completing this checklist make my cold email legal?
No. A correct technical setup affects deliverability, not legality. Consent and local law remain your responsibility as the sender. Germany's UWG §7(2) generally requires prior opt-in for advertising email, including B2B, and other jurisdictions impose their own rules. This is operational guidance, not legal advice.
Mailionaire provisions real, isolated Microsoft 365 mailboxes for cold email — built in Switzerland, with optional EU/Swiss data residency — then monitors and replaces them as they wear out. One flat price per domain. See how it works →