The Ultimate Email Deliverability Guide: How We Get a Higher Inbox Placement Rate at Nebor

Most sales and revenue teams we speak with have a hard time getting outbound emails into the primary inbox.

Email deliverability has become one of the loudest pain points we hear on calls, and the fixes most teams reach for are tool fixes when the real problem is a missing system.

This is the email deliverability guide we built to keep our own cold campaigns out of spam folders, and the same one we run for our clients.

Most heads of sales we work with know they have a deliverability problem. They cannot tell you what it actually is, what causes it, or what they should be building to fix it. So they keep buying tools, and the inbox numbers stay the same.

They also miss rules that should be basic. You cannot send 100 cold emails a day from one mailbox, and you should never run cold outbound from your primary domain.

Inbox placement is no longer about dodging spammy words and avoiding bold formatting. Gmail and Microsoft now run AI filters that score every part of your send.

Sender reputation, sender name, subject line, body content, and how previous recipients reacted all feed into the decision about where the message lands.

If reply rates have dropped on your outbound campaigns, you are not alone. The channels you set up to start conversations now route into spam and promotions tabs.

With targets to hit and pipeline to fill, an email deliverability problem becomes a revenue problem fast.

That is why getting deliverability right is no longer optional.

As a GTM agency, we built and ran cold outbound systems for our own pipeline before we ever sold them to clients.

The email deliverability stack we run for clients lands cold emails in the primary inbox at scale, runs with zero spam complaints, and consistently produces reply rates above 25%.

Let’s get started.

TL,DR: the email deliverability system

Understanding email deliverability and why most companies get it wrong

When we get on calls with sales and RevOps teams, most of them cannot tell us the difference between deliverability and delivery rate.

The two are not the same, and the confusion is exactly what stops them from finding the real cause of an underperforming campaign.

Deliverability is where your email lands once the recipient's server accepts it. Delivery rate tracks something different. It tells you whether the message bounced or made it through at all.

You can have a perfect delivery rate and terrible deliverability at the same time. The bounces look great, and every email is still ending up in spam. The sales team celebrates great delivery numbers and wonders why nobody is replying.

Across the cold campaigns we audit, we typically see around 20% of sends fail to land in the primary inbox even when delivery rate looks healthy. At Nebor, we track both metrics, and deliverability is the one that actually decides whether you get a reply.

Why your sender reputation and authentication protocols decide where your email lands

Most marketers never think about what happens between hitting send and the message landing somewhere. That gap is where most cold campaigns die.

Cold email works differently from WhatsApp or iMessage. The recipient does not know you, and they never opted in to hear from you.

So before the receiving server lets your message through, it has to verify your identity, decide whether the recipient can trust you, and judge whether the message is worth showing in the first place.

When you hit send, the email moves through three steps. First, it uploads to a Simple Mail Transfer Protocol (SMTP) server.

Second, that SMTP talks to a Domain Name Server (DNS) to find your recipient's mail server.

Third, the receiving SMTP makes a call. The message goes to the inbox, into spam, or it goes nowhere at all.

That last call is the one that matters, and it leans heavily on your sender reputation and your authentication setup. Without both, the message dies before anyone reads it. We will get into the technical setup further down.

Worse, every spam placement makes the next send harder. The reputation damage compounds, and the cycle keeps tightening until almost nothing reaches the primary inbox.

What poor deliverability actually costs you

Bad deliverability creates a downward spiral for outbound. Engagement drops because the messages never reach anyone. Low engagement damages sender reputation further, which sends the next batch deeper into spam.

For sales teams, that loop directly hits revenue. Follow-up emails after demos sit unread in spam folders while the buyer is actively evaluating other vendors.

Product announcement sequences vanish into promotions tabs during the launch window. Each scenario is lost pipeline that compounds over time.

The harder cost is the work behind the campaigns. If your team spent weeks building targeted outbound campaigns, poor deliverability means the time and the money behind the list, the copy, and the automation all earn a fraction of what they should.

You are paying full price for the stack and getting a fraction of the return.

How to build an email deliverability infrastructure that actually works

Before we get into the steps, we need you to understand the framing. Building a deliverability infrastructure is more about building a system than it is about following rules.

Each step and each component below is important, and they build on each other in a specific order. Skip a step and the rest of the system runs with a hole in it.

Here are the four steps we walk through to build an email deliverability system.

Step 1. Build your technical foundation

We have learned at Nebor that getting the technical foundation right matters more than anything else. Teams that invest in proper infrastructure consistently outperform the ones that focus only on content or targeting.

Here is the exact process we follow.

1. Choose your domain sources carefully

Domain reputation starts at the source. We avoid shady resellers and registering domains from suspicious IP locations.

Our experience has taught us that domains registered from certain countries or through questionable registrars often begin with lower trust scores before sending a single email. Two reasons matter here.

The first is shared hosting and shared email IPs. Sometimes when you buy a domain or hosting from a registrar, you share the IP address with other users who bought from the same registrar.

If those users run spammy or malicious activity and spam filters flag the shared IP, your reputation takes the hit even though you kept your own sending clean.

The same logic applies to the registrar itself. If users on a particular registrar run phishing or spam at scale, security vendors start associating every domain registered there with higher risk, and deliverability drops for everyone on the platform.

The second reason is top-level domain (TLD) reputation. The TLD is the last part of a domain name (.com, .net, .org, .xyz, .click).

Some TLDs are known for hosting a high percentage of spam, phishing, and malware-related domains, which damages their reputation. Email filters and security systems use TLD reputation to allow or block messages.

For example, .com, .org, and .edu generally carry a clean reputation. TLDs like .xyz, .top, .click, and the more obscure ones tend to get flagged because spammers and cybercriminals lean on them.

So you want to be on the right side from the moment you buy. Choosing the right registrar means you can run clean outbound without inheriting the consequences of someone else's bad behavior.

We stick to these registrars.

• Namecheap

• Porkbun

• GoDaddy

• Cloudflare

• Spaceship

This first step builds a clean, trusted domain identity before you send a single email. You also want aged domains where possible, and we get into that below.

2. Select strategic inbox providers

Most companies pick providers based on price alone. We think that is shortsighted because the inbox provider directly shapes how email servers perceive your messages, which means it directly shapes deliverability.

Price should never be the only qualifying factor here.

We choose resellers and providers that specialize in cold email infrastructure.

• Zapmail.ai

• ScaledMail

• Inboxautomation

• Inboxlogy

• Maildoso

We prefer them because specializing in cold email infrastructure means they understand the nuances of deliverability and build their tools around that reality.

They provide mailboxes for both Google and Microsoft, and they pre-configure inboxes correctly so the common setup mistakes that flag accounts as suspicious never happen in the first place.

They also help avoid login issues from different IP addresses, which is a subtle but real factor in keeping deliverability healthy.

3. Create a domain strategy that works

Some sales reps assume you can use any sending domain for outbound. You cannot.

Rule one is that you should never use your primary domain to run outbound campaigns. Doing so exposes your main domain and your website to risks like getting blocked or flagged as spam, which can ruin your SEO and your website's reputation in one bad week.

Rule two is to buy sending domains that refer back to your business and main domain. The sending domains you use should look like your main domain so they build trust and credibility on the recipient side. Not all of them, though, which leads us to rule three.

Rule three is that the domains you purchase need to be aged. The older the domain, the better. Email servers can spot a freshly registered domain set up for outbound, and they flag it fast.

Older domains carry more perceived trustworthiness because they have been around long enough to build a track record. They are more likely to make it through filters and traps, which boosts your chances of reaching the inbox.

New domains tied to your business are useful for brand consistency but they are never aged. So you need to use both. Aged domains with general names, plus new domains tied to your business.

Here is what to do.

Run a two-pronged domain strategy. First, create branded variants that align with your company identity. For Nebor, that would be domains like trynebor.com, getnebor.com, and similar.

These keep brand consistency and give you multiple sending options. Second, layer in aged domains that are 1-20 years old to take advantage of their established history.

At Nebor, we typically run a 50-50 split between new branded domains and aged domains for the best results.

4. Configure authentication (SPF, DKIM, and DMARC) properly

Email authentication protocols act as your digital business license. They tell receiving servers that your messages genuinely come from you and that they are safe for the recipient to open.

The industry standard is to implement three protocols. SPF, DKIM, and DMARC.

SPF (Sender Policy Framework) acts as your domain's employee directory. It lists every server you have authorized to send email on your behalf.

Configure it with the proper include statements for all your sending services, and stay under the 10-lookup limit that breaks authentication when you cross it.

DKIM (DomainKeys Identified Mail) adds a digital signature to every message. It verifies that nobody altered the content in transit. We implement DKIM for all our domains using 2048-bit keys for stronger security rather than the standard 1024-bit keys.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties everything together by checking alignment between your MAIL FROM and From address domains.

A lot of confusion comes from the difference between those two addresses. The MAIL FROM, sometimes called the Return-Path, is what mail servers use behind the scenes to handle bounces.

Most people never see it, but it plays a key role in how your emails get delivered. The From address is what your recipients actually see in their inbox. It is the part that tells them who the email is from and whether they should trust it.

DMARC checks whether the domain in the From address aligns with the domain used in the MAIL FROM (for SPF) or in your DKIM signature. If those do not match and the message fails proper authentication, the email could fail DMARC and end up rejected or sent to spam.

That is why authentication setup matters so much, especially when you use third-party email tools. You need everything wired so that receiving servers verify your domain as the sender rather than reading the message as a spoof.

Set clear policies about how those servers should handle messages that fail authentication.

Alt text: Diagram of SPF, DKIM, and DMARC for outbound email deliverability

[IMAGE: spf dkim and dmarc explained for outbound email marketing campaign]

If you plan to send high volumes (starting at 5,000 emails monthly), we also recommend dedicated IP addresses.

They give you complete control over sender reputation, better email delivery speeds, easier troubleshooting of deliverability issues, and stronger protection against domain hijacking, spoofing, and phishing.

5. Separate your email types

This is something most lead generation teams and sales email marketers never think about. Mixing promotional and transactional emails damages deliverability for both.

Always separate promotional and transactional emails using different sending infrastructures, with unique IP addresses and subdomains for each type of message.

A clean example is to send promotional emails from news.yourdomain.com and transactional emails from tryyourdomain.com.

The separation, and the consistency of it, helps avoid spam traps and creates clear distinctions for email providers when they decide how to route your messages.

When you combine both types through the same infrastructure, inbox providers tend to categorize all your messages as promotional, which damages the deliverability of the important transactional ones.

6. Keep a healthy ESP split

A healthy ESP (email service provider) split protects your deliverability and stops you from putting all your sending eggs in one basket.

At Nebor, we send around 50% of our emails through Google, 40% via Outlook, and 10% using a custom SMTP setup with Maildoso.

The mix gives us flexibility, reduces the risk of being throttled or blocked by one provider, and keeps sender reputation strong across the stack.

It works like spreading your bets. If one channel runs into trouble (poor sender reputation, sudden filtering changes), the others keep running smoothly.

If you plan to scale cold outreach, this kind of balanced setup is the safer way to grow without giving up deliverability.

Step 2. Warm up your sending domains and run inbox rotation

Warming up a domain means starting slow and gradually increasing the number of emails you send from a new domain or email address.

That gradual ramp is the whole point. It builds trust with inbox providers like Gmail, Outlook, and Yahoo so they do not flag you as a spammer.

Jumping from zero to 100 emails overnight guarantees deliverability problems. Every inbox needs a proper warm-up window to establish trust with the email providers that decide where future messages land.

The warm-up process

Follow this exact warming sequence.

1. Use automated tools like Instantly to handle the warm-up process.

2. Run the warm-up for two to four weeks minimum before you send real campaigns.

3. Start with one to two new inboxes per domain. Cap at around three inboxes per domain unless you have a setup specifically built to handle more.

4. Begin with two to four emails per inbox daily, and gradually grow the volume.

5. Target highly engaged recipients during the warm-up phase.

Together these moves create a focus on engagement, which generates positive signals that improve sender reputation from the start.

Here is the warm-up cadence we typically run.

Inbox warm-up volume starts at one email per day and grows by one each day. We continue until we hit around 20 warm-up emails daily. The exact number of domains and inboxes depends on the client, their TAM, and the sending volume their goals demand.

Email sending volume starts at two to four emails to real prospects per day and gradually moves up to a maximum of around 20. This slow ramp helps avoid spam filters and keeps deliverability healthy through the first weeks of real sending.

Even after warm-up, we keep monitoring closely. If bounce rates climb or deliverability drops, we cut volume immediately and let metrics recover before pushing again.

The inbox rotation strategy

Inbox rotation protects your sender reputation while you scale outbound.

Instead of using the same inboxes and sending domains forever, you cycle them in and out. In month one, you use a batch of inboxes and domains (say 10 to 50) to send. At the same time, another batch sits in warm-up.

In month two, you switch. The first batch goes back into warm-up or rest, and you start sending from the second batch. The rotation keeps deliverability high and reduces the risk of spam flags or inbox burnout.

The number of inboxes, domains, and rotatable batches you create should depend on your TAM, your sending volume, and your campaign goals.

Inbox rotation matters for four reasons.

• Each inbox and domain has daily sending limits, so rotating lets you send more total emails without crossing those limits on a single inbox.

• If you overuse one inbox, spam filters flag it. Rotating spreads risk across the pool, so if one inbox takes a reputation hit, the others stay healthy.

• You reduce wasted spend on constantly buying and re-warming new inboxes and domains.

• Sending from multiple addresses makes your campaigns look more natural to email providers.

It also gives you room to test. Outbound campaigns are won by trying different angles and doubling down on what works. Rotating inboxes lets you run different copy, sending times, sending domains, or IPs across batches and see what performs best.

Step 3. Build prospect lists that actually work

List quality is so central to deliverability that we wrote a separate post on it. The full walk-through on building a prospecting list lives in our prospect list guide.

The quality of your prospect list directly impacts deliverability. Skip the spray-and-pray approach with random contacts and focus on building targeted lists that connect with the right people.

Here is the short version of how we think about it.

Never use purchased lists. Or maybe you should.

Let us address the elephant in the room. Buying lead lists has a bad reputation, and for good reason when done the traditional way. We agree with that take.

Purchased lists damage sender reputation for a handful of well-known reasons. But they do not damage reputation if you build them the way we build them at Nebor. The disagreement comes from how each side defines a purchased list.

Here are the standard problems with purchased lists, and what we believe each one actually means.

• They often contain invalid emails. That means you did not use the right tools to find them, enrich the contacts, or verify the email addresses. The fault is in the workflow, not the list.

• Recipients never opted in to hear from you. That means you went after the wrong ICP, and the people on the list have no need for your solution and no reason to care about your message. Done the other way, with a real match between their situation and your offer, opt-in becomes a much smaller obstacle.

• They generate high spam complaint rates. This only happens when you target the wrong ICP with the wrong message at the wrong time. Recipients complain about emails that read like junk and offer them no value.

• They violate regulations like GDPR, CCPA, and CASL. Those same regulations carve out a path for outreach when there is a legitimate business interest and the message offers real value to the recipient.

Now let us walk through how we actually build lead lists, so the difference is clear.

Build prospect lists by being smart with the right tools

1. Get your ICP right

Start by analyzing your most successful customers. What makes them perfect fits for what you sell?

Look at company size, industry, tech stack, business model, and growth stage. Look for patterns in how they use your solution and the challenges they face. The sharper your ICP definition, the higher your conversion rates will be downstream.

2. Identify your TAM

To find your TAM, use the data you gathered when defining your ICP. That includes industry, company size, location, job titles, and any other firmographic that defined the best fits.

Then use a combination of tools like LinkedIn Sales Navigator, Apollo, and Clay to count how many companies or people match the profile.

Multiply the number of accounts by the average number of decision-makers you could reach in each. That gives you a realistic view of how many potential buyers exist and lets you plan outreach and growth goals more carefully.

If you want a deeper walk-through on this, our post on building your TAM covers the full method.

3. Create detailed buyer personas

Go beyond company criteria and understand the actual people making decisions. Who specifically should you be targeting?

Map the buying committee. That means decision-makers, influencers, end-users, and gatekeepers. Build your personas on real research, not assumptions about who is involved.

4. Choose the right data sources

Finding leads is a data problem more than a tool problem. Platforms like Apollo and LinkedIn Sales Navigator are great for casting a wide net, but they tend to lack depth when you target a niche ICP.

That is why we always recommend custom-built datasets and advanced lead qualification.

Instead of relying on generic filters, create custom data pulls based on your best-fit customers. Look at firmographics, technographics, hiring signals, and other buying signals.

Then layer in filters based on real-world pain points. What challenges does this role face? What is happening in their industry? Are they growing, hiring, or shifting focus? That extra context makes outreach sharper and far more relevant.

Tools like PandaMatch help find lookalike companies. Pairing that with manual research or Clay-powered workflows lets you go deeper and build lead lists that are both targeted and high-converting.

5. Find and verify the right contacts

Once you have identified target companies, find the right people inside them.

• Use specialized tools like Clay combined with LeadMagic, FullEnrich, and Findymail to automate contact enrichment. Double-check accuracy by running more than one tool.

• Verify and validate emails through multiple tools like BounceBan, Debounce, and ZeroBounce to keep list hygiene high. Together, these cover email syntax verification, domain existence checks, mailbox existence verification, MX record validation, SMTP server connectivity, and more.

• Score leads based on how well they match your ICP, and prioritize outreach against that score.

This takes more work than buying a generic list, but it produces dramatically better results. You also stop calling it a purchased list at this point because the inputs and the workflow look nothing like the old definition.

If you do this right, you see higher open rates, better deliverability, and far more conversions.

Clean your lists religiously

Business information changes constantly. Implement a regular cleaning process that includes deduplication, standardization, and verification every 90 days to keep the data fresh.

A few specific moves help.

• Remove hard bounces immediately.

• Remove subscribers who marked emails as spam.

• Run re-engagement campaigns for inactive subscribers.

• Purge subscribers who stay inactive after re-engagement attempts.

All of these affect deliverability, so make sure the cadence stays consistent.

Step 4. Write cold emails that bypass spam filters

Even with a perfect technical setup, poor content choices trigger spam filters.

Here is how we write content that consistently reaches the inbox.

Write like a human, not a marketer

Spam filters detect marketing language patterns. We avoid the most obvious ones.

• Shady financial promises (easy money, consolidate debt).

• False urgency (act now, limited time only).

• Pushy language (guaranteed, risk-free).

• Exaggerated claims (miracle, breakthrough).

Instead, we write emails that sound like one colleague talking to another. The shape of our content looks like this.

• Personalization based on research, intent data, and enrichment, not just mail merge.

• Conversational, plain language.

• Short sentences with simple, direct offers.

• Format and copy variation across customer segments using spin text.

• Restraint on punctuation and no all-caps.

You are competing for attention in an inbox that already has dozens of cold emails fighting for the same reply. Your message has to feel relevant and read well, or it goes to the bottom of the pile.

Optimize your text-to-image ratio

Our cold emails are usually plain text.

If you must add images, keep at least a 60:40 text-to-image ratio across the email. Be ready to burn through inboxes faster when you lean on rich content. That trade-off can be worth it if it produces meaningfully more leads.

A few specific rules apply.

• Every email contains between 30 and 100 words.

• All images include descriptive alt text.

• No critical information lives only inside an image.

• Image dimensions and file sizes stay optimized.

Write subject lines that read like a colleague's

Your subject lines decide whether recipients open your emails or report them as spam. You need to avoid spam trigger words, because recipients regularly mark emails as spam based on the subject line alone, without ever reading the body.

A few rules we follow.

• Preview the email content accurately, with no misleading bait.

• Stay concise enough for mobile (five to six words maximum).

• Avoid heavy promotional language.

• Set clear expectations for what is inside.

If you want a deeper view on timing, our post on the best time to send cold emails walks through the windows we see produce the strongest engagement.

Match email service providers (ESPs) when you can

Our experience shows better deliverability when we match sending and receiving environments. We implement ESP matching where possible.

• Gmail to Gmail.

• Outlook to Outlook.

For Microsoft recipients specifically, we often use Azure-based Outlook inboxes rather than standard Microsoft ones, because they consistently perform better in our tests.

For difficult filtering systems like Barracuda or Proofpoint, we go even tighter.

• Keep messages under 40 words.

• Minimize formatting.

• Eliminate all links and attachments.

• Use plain text throughout.

Four rules for protecting deliverability as you scale your sending

As your email program grows, a few new considerations come into play.

Track everything except open rate

Focus on the deliverability indicators that actually predict outcomes.

• Inbox placement rate. The percentage of emails that land in the primary inbox.

• Spam placement rate. The percentage going to spam folders.

• Bounce rate. The percentage of emails that fail to deliver.

• Complaint rate. The percentage of recipients who marked emails as spam.

We do not track open rates because tracking opens uses invisible pixels in your cold emails to detect when someone opens them. Those pixels make your messages look spammy or automated, and an ESP can easily block them on the way in. The cost of tracking opens is worse deliverability, which is the opposite of what you want.

Test regularly, not just when problems show up

Run a regular testing schedule rather than waiting for problems to appear. The cadence we recommend looks like this.

• Weekly blacklist checks for all domains.

• Weekly inbox placement tests for active campaigns.

• Monthly full deliverability audits.

• A/B tests on sending times, formats, and content.

When performance declines, trace the issue through the entire system rather than making random adjustments. Random fixes mask the root cause and make the next regression harder to debug.

Know when to break the rules

Sometimes aggressive sending tactics make business sense even at the cost of domain lifespan. For high-value campaigns, you can occasionally do things you normally would not.

• Increase sending volume beyond normal limits.

• Include rich media like images and videos.

• Add tracking links and CTA buttons.

Just go in knowing you might burn a domain in 30-60 days. The trick is having replacement domains ready and calculating whether the potential revenue justifies the infrastructure cost. Sometimes it does, and most of the time it does not.

Take recipient feedback seriously

Recipient feedback affects deliverability and IP reputation directly. Always check spam complaints and the spam complaint rate. Stay aligned with CAN-SPAM laws and the equivalent regulations in the countries you send into.

Watch unsubscribe requests, and always include an unsubscribe link in your emails so that recipients can opt out cleanly when they want to.

Build it as one system instead of isolated tactics or tips

Everything in this email deliverability guide is one system, not a stack of individual tactics. Each piece holds up the next.

• Domain quality establishes baseline trust.

• The technical foundation and authentication setup verify your identity.

• List hygiene prevents reputation damage.

• Content quality keeps you out of filters.

• Sending discipline tells providers you behave like a legitimate sender.

• Monitoring catches problems before they spread.

Break one link and the rest unravels with it.

This is what we mean when we talk about ownership over rental. The deliverability stack we build for a client lives in the client's accounts, not ours. The sending domains, the warmed inboxes, the warm-up sequences, the rotation logic, and the audit cadence all stay with the client after the engagement ends. We hand over the operating manual and walk away.

We are salespeople first and automation experts second, and the systems we build for clients look like the ones we would run for our own pipeline. Because we do.