What Is Cold Email Infrastructure? A Plain-Language Guide
Cold email infrastructure is the set of domains, mailboxes, and DNS settings a sender uses to send outbound email at scale without sending it from their main company domain. It is the plumbing underneath a cold-email campaign: where the messages originate, how mailbox providers verify them, and how the sender protects their primary brand domain from reputation damage.
This guide defines each part from scratch, in plain language. It is meant for agencies, founders, and operators who are setting up outbound for the first time, and for anyone who wants a clear, factual reference. Nothing here is a trick. It is the standard architecture that experienced senders use.
The core building blocks
Three things make up cold email infrastructure: domains, mailboxes, and authentication. Everything else is detail on top of these.
Domains
A domain is the part of an email address after the @ sign, for example yourcompany.com. For cold email, senders usually buy separate, dedicated domains rather than sending from their main one. A common pattern is to register close variants of the brand name, such as getyourcompany.com or yourcompany.io, and use those for outbound only.
The reason is reputation. Every domain carries a sending reputation that mailbox providers (Gmail, Outlook, and others) build up over time. Cold email, by its nature, draws more spam complaints and bounces than normal business mail. If those signals land on your main domain, they can hurt the deliverability of your everyday email, including invoices, support replies, and internal mail. A separate domain isolates that risk.
Mailboxes
A mailbox is a single sending account on a domain, such as john@getyourcompany.com. One domain can host many mailboxes — for cold email, a domain commonly holds a few dozen up to around 100, and each mailbox sends a small, deliberately limited number of messages per day.
Spreading volume across many mailboxes, each sending a little, looks more like normal human email than one mailbox sending thousands of messages. This is the single most important behavioural difference between deliverable cold email and obvious bulk blasting.
Authentication records (DNS)
DNS (Domain Name System) is the public directory that maps domains to servers and stores configuration records. Three DNS records prove that your mail is legitimately sent on behalf of your domain. They are covered in detail below.
Mailbox providers: Microsoft 365 vs Google vs SMTP
A mailbox provider is the service that actually hosts and sends from your mailboxes. There are three broad approaches.
Microsoft 365. Real, individually provisioned Microsoft mailboxes inside a Microsoft 365 tenant. A tenant is an isolated Microsoft 365 organisation with its own users and settings. These are standard, fully functional inboxes. They send over Microsoft’s infrastructure and IP space, and they connect to common cold-email sequencers. Because the tenant is isolated, your sending is not pooled with unrelated senders.
Google Workspace. Real Google-hosted mailboxes, similar in spirit to Microsoft 365 but on Google’s infrastructure. Both Microsoft and Google are “real inbox” providers, as opposed to raw relays.
SMTP relays. SMTP (Simple Mail Transfer Protocol) is the underlying protocol all email uses to move between servers. A “raw SMTP” or relay service sends mail through a shared sending platform rather than a real, isolated inbox. These can be cheaper and faster to set up, but the IP space is often shared across many customers, so one bad sender on the platform can affect your deliverability.
| Approach | What you get | Isolation |
|---|---|---|
| Microsoft 365 | Real, isolated tenant and mailboxes | High — your own tenant |
| Google Workspace | Real Google-hosted mailboxes | High — your own org |
| SMTP relay | Sending via a shared platform | Low — often shared IP pools |
The practical trade-off: real inbox providers (Microsoft 365, Google) give you isolation and behave more like genuine human mail, which generally helps inbox placement. Shared SMTP pools are quicker and cheaper but tie your reputation to strangers. This is one reason many cold-email setups now favour isolated Microsoft 365 tenants over shared mailbox pools.
DNS authentication: SPF, DKIM, DMARC
These three records tell receiving mail servers that your messages are genuinely authorised. Without them, your mail is far more likely to be filtered or rejected. They are not optional for serious sending.
SPF (Sender Policy Framework). A DNS record that lists which servers are allowed to send email for your domain. When mail arrives, the receiver checks whether it came from an approved source. SPF answers: “is this server allowed to send for this domain?”
DKIM (DomainKeys Identified Mail). A cryptographic signature added to each message, verifiable against a public key published in your DNS. It proves the message was not altered in transit and genuinely came from your domain. DKIM answers: “was this message really signed by this domain, and is it intact?”
DMARC (Domain-based Message Authentication, Reporting and Conformance). A policy record that tells receivers what to do when SPF or DKIM checks fail — for example, ignore, quarantine, or reject the message. DMARC ties SPF and DKIM together and lets you set a clear rule. It answers: “what should you do if this mail does not pass the other checks?”
Setting these three records correctly, for every sending domain, is foundational. Misconfigured authentication is one of the most common reasons new cold-email domains land in spam.
Warmup
Warmup is the practice of gradually increasing a mailbox’s sending volume over its first weeks, rather than sending at full volume immediately. A brand-new mailbox that suddenly sends hundreds of messages looks suspicious to mailbox providers.
In practice, warmup starts at a handful of messages per day per mailbox and ramps up over several weeks. Many warmup tools also exchange and open messages between participating mailboxes to build early positive signals, though the value of automated warmup is debated. The principle is sound regardless: start slow, ramp gradually, never spike.
Deliverability
Deliverability is whether your email actually reaches the inbox rather than the spam folder or a silent block. It is distinct from “delivered” in a sequencer dashboard, which often only means the message was accepted by the receiving server, not that it reached the inbox.
Deliverability depends on the sum of everything above: clean authentication, isolated and warmed mailboxes, reasonable per-mailbox volume, and low complaint and bounce rates. It also depends heavily on the message itself and on who you send to. No infrastructure can rescue mail that recipients mark as spam.
This is the place for an honest caveat. Good infrastructure improves your odds. It does not guarantee inbox placement, and it does not grant you legal permission to send. Many markets, including Germany under UWG §7(2) and other EU countries, require prior opt-in even for business-to-business email. Where your servers sit and which IPs you send from is a separate question from whether you are allowed to email a given person. The sender is always responsible for consent and for local law.
Why senders separate cold email from the main domain
Pulling the threads together, here is why experienced senders keep cold email on its own infrastructure:
- Reputation isolation. Complaints and bounces hit the throwaway domains, not your real company domain.
- Domain wear. Sending domains “burn” — their reputation degrades — under sustained cold volume, often within a few months and faster at higher daily volume. Senders run several overlapping domains and rotate them, retiring worn ones. You do not want your primary domain in that rotation.
- Continuity. If a cold-email domain gets blocklisted, your invoices and support mail are unaffected.
- Scale. Spreading volume across many mailboxes on dedicated domains is how senders reach meaningful volume without tripping spam filters.
The standard setup is therefore: dedicated domains, many real mailboxes each sending a little, correct SPF/DKIM/DMARC, gradual warmup, and a willingness to retire and replace domains as they wear.
How Mailionaire approaches this
Mailionaire is managed cold email infrastructure built on this exact model. We provision real, isolated Microsoft 365 mailboxes — one sending domain maps to one isolated Microsoft 365 tenant with up to 100 mailboxes. We set SPF, DKIM, and DMARC for you, monitor deliverability signals, and replace worn mailboxes and domains as they burn, so you are not manually rotating infrastructure.
Mailionaire is built and run in Switzerland. You can switch on optional EU/Swiss residency so your mailbox content sits at rest in the EU and Switzerland on EU/CH IP space, under the Microsoft EU Data Boundary. (For recipients in the US, US IP space usually delivers better, so residency is an option rather than the default.) Pricing is flat at $50 per month per active domain, with a 14-day money-back guarantee. You can see the full provisioning flow on our how it works page.
To be clear about what that European footprint does and does not mean: it concerns where your data is stored and which IPs you send from. It does not decide who you may legally email. Infrastructure is the plumbing; consent and local law remain your responsibility.
FAQ
What is cold email infrastructure in one sentence?
It is the set of dedicated domains, mailboxes, and DNS authentication records used to send outbound email at scale without risking the reputation of your main company domain.
Do I really need separate domains for cold email?
In practice, yes. Cold email draws more complaints and bounces than normal mail, and sending domains wear out under sustained volume, so keeping it off your primary domain protects your everyday email.
What do SPF, DKIM, and DMARC do?
SPF lists which servers may send for your domain, DKIM cryptographically signs each message, and DMARC sets the policy for what happens when those checks fail. Together they prove your mail is authorised and intact.
Does European infrastructure make cold email legal?
No. Data residency and EU IPs concern where data is stored and where mail is sent from, not whether you have permission to email someone. Many EU markets require opt-in even for B2B, and consent is always the sender's responsibility.
Mailionaire provisions real, isolated Microsoft 365 mailboxes for cold email — built in Switzerland, with optional EU/Swiss data residency — then monitors and replaces them as they wear out. One flat price per domain. See how it works →