Cold Email Subject Lines That Actually Get Opened
Five subject line formats that consistently produce 40 to 60 percent open rates when your infrastructure is clean.
Read article →Email authentication is the single most important technical step for cold email deliverability. Without it, Gmail and Outlook route your emails to spam regardless of how good your copy is. Here is what each record does and how to set it up.
A plain-English guide to SPF, DKIM and DMARC for B2B founders running cold email. What each record does, how to set them up, and what happens if you skip them.
If your cold emails are landing in spam and you have not yet checked your email authentication records, stop everything and check those first. SPF, DKIM and DMARC are three DNS records that tell receiving mail servers that your emails are legitimate. Missing or misconfigured authentication records are responsible for the majority of cold email deliverability failures we diagnose at Koldconvert.
SPF (Sender Policy Framework) is a DNS record that lists which servers are authorised to send email on behalf of your domain. When Gmail receives an email claiming to be from you, it checks your domain's SPF record to verify that the sending server is on the approved list. If it is not, the email fails SPF authentication and is significantly more likely to be routed to spam.
Your SPF record looks like this in your DNS settings: v=spf1 include:_spf.google.com include:sendgrid.net ~all. The include: entries authorise specific sending services. The ~all at the end means "soft fail" for anything not listed (use -all for hard fail once you are confident your list is complete).
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every email you send. The receiving server uses a public key stored in your DNS to verify that the email was not tampered with in transit and that it genuinely came from your domain. An email without a valid DKIM signature cannot be verified as authentic.
Every email sending service (Instantly, Smartlead, Google Workspace, SendGrid) has instructions for adding their DKIM record to your DNS. It is usually a long TXT or CNAME record that you copy from their dashboard and add to your domain registrar. It looks complicated but takes about 3 minutes to set up.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is the policy that ties SPF and DMARC together and tells receiving servers what to do when an email fails authentication. Without DMARC, a receiving server that finds an SPF or DKIM failure has no clear instruction. With DMARC, you can specify: do nothing (p=none), send to spam (p=quarantine), or reject entirely (p=reject).
DMARC also enables reporting. When you include a reporting address (rua=mailto:), you receive aggregate reports from receiving mail servers showing you which emails passed and failed authentication. This is invaluable for diagnosing deliverability problems.
Step 1: Add SPF record to your domain DNS. Include all services you send from.
Step 2: Add DKIM keys for every sending service you use. Google Workspace, Instantly, Smartlead and SendGrid all provide these in their setup docs.
Step 3: Add DMARC with p=none and a reporting address. Wait 2 to 4 weeks and review the reports.
Step 4: Move DMARC to p=quarantine once reports confirm clean authentication. Move to p=reject once you are certain no legitimate emails are failing.
SPF: v=spf1 include:_spf.google.com ~all
DKIM: A TXT or CNAME record provided by your sending platform, usually at google._domainkey.yourdomain.com or similar.
DMARC: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; adkim=r; aspf=r
Authentication does not guarantee inbox placement. But the absence of it almost guarantees spam placement. Set it up on day one, before you send a single email.
Authentication is necessary but not sufficient. A brand-new domain with perfect SPF, DKIM and DMARC still needs to be warmed up before high-volume sending. Start with 5 to 10 emails per day on a new domain, increase by 10 to 20 percent per day, and reach your target volume over 2 to 4 weeks. Google Postmaster Tools will show you your domain's sender reputation as it develops.
Yes. Without DMARC, Gmail and Yahoo cannot enforce your authentication policies. DMARC is now mandatory for bulk senders to Gmail (over 5,000 per day) and is strongly recommended for all cold email senders.
Start with p=none and a reporting address. After 2 to 4 weeks reviewing reports, move to p=quarantine. Then p=reject once you are confident.
Use MXToolbox for SPF and DMARC checks. Use Mail-Tester for a full authentication score. Use Google Postmaster Tools for reputation monitoring at scale.
We handle domain setup, authentication records, warm-up, sending infrastructure and deliverability monitoring. So you can focus on replies, not DNS records.
Five subject line formats that consistently produce 40 to 60 percent open rates when your infrastructure is clean.
Read article →Why most outbound fails at the list stage, and the Apollo plus Clay plus verification stack that fixes it.
Read article →The surround-sound sequence that combines all three channels into one coordinated flow that books more meetings.
Read article →