Cold Email Infrastructure
Cold email infrastructure is everything between hitting send and an outreach email reaching the inbox: dedicated sending domains kept separate from your primary, mailboxes or a dedicated SMTP/MTA, full authentication, warming and rotation. Two rules dominate: never send cold from your primary domain, and scale by adding inboxes, not volume per inbox (15–25 a day is the safe ceiling). MCSNET builds the dedicated-infrastructure version — your own IPs and the full deliverability stack run from Toronto — and is honest about the two things that actually decide cold-email success: list quality and, for Canadian sending, CASL.
Key takeaways
- Never send cold from your primary domain — one flag can take down your marketing, client and transactional mail with it. Use dedicated, isolated domains.
- Scale by adding inboxes, not volume: the safe ceiling is ~15–25 sends per inbox per day, so reaching real volume means many low-volume inboxes across many domains, rotated.
- After Google's late-2025 Workspace crackdown, a single provider is a single point of failure — dedicated SMTP infrastructure is a separate, independent lane.
- Your list kills more domains than your infrastructure does — bounce rate, not volume or content, is the fastest way to burn a domain. Verify everything.
- Cold is the hardest test of the whole deliverability stack — and for Canadian recipients, CASL requires consent, which we will be honest with you about.
Cold email is the hardest thing you can ask of email infrastructure. You are sending unsolicited mail, to people who never asked for it, at volume, and expecting it to land in the inbox — which is precisely the pattern every spam filter is built to stop. Getting it right is less about clever copywriting than about infrastructure: the domains, mailboxes, authentication, warming and rotation that sit between you hitting send and a prospect actually seeing your message. This page explains how that infrastructure works, the two rules that matter most, and the honest truths — about list quality, the Google crackdown, and the law — that most cold-email guides skip.
What is cold email infrastructure?
Cold email infrastructure is everything between clicking “send” and your email reaching someone’s inbox — the technical foundation outbound runs on. It has a handful of parts, and missing any one degrades the whole. Dedicated sending domains, separate from your primary company domain, carry the cold mail. Mailboxes on those domains — whether Google Workspace and Microsoft 365 accounts or a dedicated SMTP setup — do the sending. Authentication — SPF, DKIM, DMARC and reverse DNS — proves the mail is legitimate. Warming builds each sender’s reputation before real campaigns begin. And a sequencer connects to the mailboxes and runs the outreach. Get one wrong and deliverability suffers; get them all right and you have a foundation that can scale to real volume without burning domains. The infrastructure is where cold campaigns are lost, even when they are won on the message.
Why you must never use your primary domain
This is the first rule, and it is absolute: never send cold email from your primary company domain. The reason is shared reputation. Every type of mail your business sends from that domain — marketing, client correspondence, invoices, password resets — draws on one domain reputation, and cold outreach is the riskiest mail there is. If your cold sending gets the domain flagged, it does not just hurt the campaign; it drags down everything, and suddenly your invoices are landing in spam because of an outreach sequence. The fix is isolation: cold email goes out only from dedicated secondary domains, completely separate from the primary, so that a domain burned by cold sending is a contained, replaceable loss rather than a business-wide catastrophe. Protecting the primary is not a precaution to add later — it is the foundation the rest is built on.
The Google Workspace crackdown changed the game
For years the default cold-email setup was a pile of Google Workspace accounts, and in late 2025 that bet got a lot riskier. Google began aggressively cracking down on Workspace accounts used for cold email, and operators reported entire tenants being locked — not individual inboxes but every domain under one account — with no warning and no meaningful appeal. The lesson was sharp: running all your outbound through a single provider is a single point of failure, and when that provider decides to enforce its terms, your whole operation can vanish overnight. The response from serious senders has been diversification — spreading across providers so one crackdown cannot end everything — and a renewed interest in dedicated SMTP infrastructure on your own IPs, which is an independent lane that does not live or die by one platform’s terms-of-service enforcement. Owning your sending infrastructure is, among other things, insurance against someone else’s policy change.
Native mailboxes or dedicated SMTP infrastructure?
There are two fundamentally different ways to build cold infrastructure, and they trade off differently. Native Google and Microsoft mailboxes inherit the provider’s established trust — Gmail-to-Gmail sending enjoys strong placement, and Workspace consistently delivers well — but they come with low per-inbox limits, exposure to crackdowns, and the need to manage many accounts. Dedicated SMTP infrastructure on your own IPs gives you control, scale and independence: your reputation is yours alone, you can push real volume, and no platform can suspend you for using it as intended — but you build that reputation from scratch through disciplined warming, and it is more technical to run. Neither is simply better; the honest answer for many programs is a mix, with dedicated infrastructure as the scalable, independent backbone.
| Native GWS / M365 | Dedicated SMTP infrastructure | |
|---|---|---|
| Deliverability | High, inherited trust | Built through warming |
| Per-inbox volume | Low (15–25/day) | Higher, you control it |
| Reputation | Shared platform | Yours alone |
| Crackdown risk | Real (tenant suspensions) | None — you own it |
| Best for | Reaching Gmail/Outlook inboxes | Scale, control, independence |
How much can you safely send per inbox?
The defining constraint of cold email is how little each inbox can safely send. The safe ceiling in 2026 is roughly 15 to 25 cold emails per inbox per day; system limits are far higher, but pushing past about 100 to 150 a day per inbox triggers bulk-pattern detection and sharply higher spam rates. This single fact reshapes everything: you scale by adding inboxes and domains, not by sending more per inbox. A useful rule of thumb is daily target divided by roughly forty equals the minimum inbox count, plus a buffer for rotation — so real volume means many low-volume inboxes spread across many domains. Rotation then distributes sending across that pool, which does more than respect limits: it contains risk. Sending a thousand a day across five domains puts two hundred on each, so one bad list segment hits a fifth of your volume; spread across fifteen or twenty domains, the same incident touches five to seven percent — a contained problem instead of a catastrophe. The architecture is many small senders, rotated, not a few big ones.
Warmup is not optional
The single most common reason cold campaigns fail is skipping the warmup, and no amount of correct DNS makes up for it. A fresh mailbox, domain or IP has zero reputation, and sending real cold volume from it on day one is a near-guaranteed suspension. Every sender needs a disciplined ramp — typically starting around five sends a day and building to full volume over three to four weeks — and the warming has to generate real engagement signals (opens, replies, mail moved out of spam) rather than the SMTP-only activity that mailbox providers’ algorithms simply ignore. Crucially, warming is not a one-time gate you pass through; it runs as ongoing maintenance even during active campaigns, because reputation decays without it. Where a dedicated IP or pool is involved, each IP warms in sequence too. Pre-warmed inventory can shorten the wait, but the principle holds: trust is built gradually or not at all, and the teams that try to skip it spend months recovering from the suspension that follows.
The honest truth: your list kills more domains than your infrastructure
Here is the truth most infrastructure providers will not lead with: the fastest way to burn a domain is not volume, not content, and not DNS — it is bounce rate, and bounce rate comes from your list. A cold list full of invalid or stale addresses generates the hard bounces that push you past the threshold mailbox providers use to trigger filtering across all their recipients, and it does so quickly. Most cold-email “deliverability problems” are really data problems wearing a deliverability mask: the best authentication, the cleanest warming and the most carefully rotated pool cannot save a bought or unverified list. This is why verification comes before infrastructure, not after — every address checked before it is ever sent to, lists kept clean, and risky cohorts suppressed the way spam-trap monitoring demands. We will build excellent infrastructure for you, and we will tell you plainly that it is the second most important thing; your list is the first.
Is cold email even legal?
Cold email’s legality depends entirely on where your recipients are, and as a Canadian provider we are obliged to be honest about it. In the United States, CAN-SPAM permits B2B cold email so long as you identify yourself truthfully, do not use deceptive subject lines, and offer a clear, working opt-out. Canada’s CASL is far stricter — it is consent-based, meaning commercial email to Canadian recipients generally requires prior express or implied consent, which makes pure unsolicited cold outreach to Canadian addresses legally risky in a way it is not under CAN-SPAM. Europe’s GDPR adds its own consent requirements. We will not pretend these laws do not exist to make a sale: we help build outbound that respects the rules, advise on which jurisdictions and audiences cold sending is appropriate for, and tell you honestly when a plan crosses a legal line. Building the infrastructure to send is easy; building it responsibly is the part that protects you.
The deliverability stack underneath it all
Cold email does not get its own special deliverability rules — it is simply the most demanding application of the same stack everything else runs on, with the least margin for error. The authentication must be flawless, because cold mail gets no benefit of the doubt. The reverse DNS on every sending IP must match, or you are rejected at the connection. Each IP and inbox must be warmed properly. Sender reputation must be watched, blocklists monitored, and bounces handled before they accumulate. At cold-email scale, across many domains and IPs, this is exactly the multi-IP and pool management the rest of the moat describes. Cold email is where every weakness in the stack shows up first and worst — which is why building it on infrastructure that already does all of this well is the difference between a program that scales and one that burns domains.
How we build and run your cold email infrastructure
With MCSNET, cold infrastructure is the dedicated-infrastructure model done properly, not a stack of resold mailboxes. We provision dedicated sending domains kept fully isolated from your primary, set up sending on dedicated IPs and a real SMTP/MTA, and configure flawless authentication and reverse DNS on every one. We warm each IP and sender in sequence, size the inbox and domain count to your target volume rather than overloading a few, and run the rotation that distributes risk across the pool. Then we monitor it as managed deliverability — reputation, blocklists, bounces, placement — and act on what we find. And we do the honest part: insisting on list verification before sending, and advising on the compliance line so your outbound is built to last rather than built to burn. The result is infrastructure you own and we run, engineered for the hardest sending there is.
# mcsnet · cold infra status · acme-outreach (3 cold domains) primary domain isolated · 0 cold mail protected cold-1 · 2 inbox warm · 22/inbox/day · ptr+auth ok cold-2 · 2 inbox warm · 20/inbox/day · ptr+auth ok cold-3 · 1 inbox warming wk2 · 8/day ramping rotation round-robin across 5 inboxes bounce 0.7% (under 2% threshold) · list verified status healthy · no blocklist hits · primary untouched
Why work with us?
Because we build the durable version, not the disposable one. Anyone can resell Google Workspace mailboxes that a crackdown can erase; far fewer give you dedicated domains and IPs, a real MTA, and the full deliverability stack — warming, reverse DNS, reputation, blocklist and bounce management — run as one managed system from Toronto. Owning the infrastructure is independence from any single provider’s policy, and running it well is what keeps cold email landing. We are also honest in the two places it matters most: that your list quality, not our infrastructure, is the biggest variable, and that CASL is real for Canadian sending. Your infrastructure stays resident in Canada under PIPEDA, with compliance treated as part of the build. We would rather build you something that lasts than something that sends today and burns next month.
Who this is for, and who it is not
It is for serious B2B outbound operations — agencies, sales teams and lead-generation businesses — sending at enough scale that dedicated infrastructure, isolation and durability matter more than the cheapest possible mailboxes. It is for anyone who has been burned by a Workspace suspension and wants an independent lane they own. It is not for someone hoping to blast a purchased list and treat the law as optional — we will decline the list before it burns your domains, and we will not help send pure unsolicited cold mail to Canadian consumers in violation of CASL. Cold infrastructure pairs with the warming every sender in it needs, the multi-IP pools it runs across, and the list hygiene that decides its fate. Built on dedicated infrastructure, warmed properly, fed a clean and consented list, and run within the law, cold email becomes a durable channel instead of a domain-burning gamble.