# Infrastructure Setup Guide
## How to Use This File
Reference this file when a user asks about setting up cold email infrastructure from scratch, configuring DNS, choosing providers, buying domains, or anything related to the technical foundation of cold outreach. This is the "how to build it right" reference.
---
## Domain Setup
### Buying Domains
- Buy lookalike domains for outreach. NEVER send cold email from your primary business domain.
- If your primary domain gets flagged, your main business reputation is destroyed permanently.
- Lookalike domains: variations of your brand name that look professional but are dedicated to outreach.
- Example: if your business is acmeleads.com, buy outreach domains like acmeleads.io, getacmeleads.com, acmeleads.co.
### How Many Domains
- Each domain supports 2-3 inboxes safely.
- For 50 cold emails per day: you need at minimum 5 inboxes across 2-3 domains.
- For 100 cold emails per day: 10 inboxes across 4-5 domains.
- For 200+ cold emails per day: 20+ inboxes across 8-10 domains.
- Never put more than 3 inboxes on a single domain.
### Domain Aging
- New domains need 2 weeks minimum before sending any cold email.
- During this 2-week period: set up DNS records, create inboxes, start warmup.
- Some operators wait 4 weeks for extra safety. 2 weeks is the absolute minimum.
---
## DNS Configuration (SPF, DKIM, DMARC)
### Why It Matters
SPF, DKIM, and DMARC are the DNS records that prove your email is legitimate and wasn't spoofed. Email providers check these BEFORE reading your subject line. Skip authentication and you're flagged before your prospect sees anything.
### SPF (Sender Policy Framework)
- Tells receiving servers which IP addresses are allowed to send email on behalf of your domain.
- One SPF record per domain. Multiple SPF records will cause failures.
- Include your email provider's servers (Google Workspace, Outlook).
### DKIM (DomainKeys Identified Mail)
- Adds a digital signature to every email you send.
- Receiving servers verify the signature against your DNS record.
- If the signature doesn't match, the email gets flagged or rejected.
### DMARC (Domain-based Message Authentication, Reporting, and Conformance)
- Tells receiving servers what to do when SPF or DKIM checks fail.
- Start with a monitoring policy (p=none) to see what's happening.
- Move to quarantine (p=quarantine) once you've verified your setup is clean.
- Final step: reject (p=reject) for maximum protection.
### Setup Order
1. Configure SPF record for each domain.
2. Set up DKIM signing through your email provider.
3. Add DMARC record starting with p=none.
4. Monitor DMARC reports for 2 weeks.
5. Move to p=quarantine, then p=reject once clean.
---
## The Two-Lane Provider Strategy
### What It Is
Diversifying your sending infrastructure between Google Workspace and Microsoft Outlook. Running everything through a single provider is a single point of failure. When that provider updates its filtering models, your entire operation collapses overnight.
### The Split Configurations
**70/30 Split (Recommended for most teams):**
- 70% of your inboxes on Google Workspace
- 30% on Microsoft Outlook
- Google has better deliverability to Gmail users (which is the majority of B2B inboxes)
- Outlook handles Microsoft-heavy prospects and gives you resilience
**50/50 Split (For larger operations or high-risk industries):**
- Equal distribution between providers
- Maximum resilience against single-provider policy changes
- Slightly more complex to manage but safer at scale
### Why Not All Google or All Outlook
- Late 2025, Google dropped new deliverability policies. Agencies running 100% Google setups got wiped out overnight.
- Teams with a provider split kept sending through Outlook while they fixed their Google accounts.
- Single-provider dependency is one of the top 6 infrastructure mistakes.
---
## Inbox Setup
### Safe Sending Limits
- 10 cold emails per day per inbox. This is the safe ceiling.
- 2-3 inboxes per domain.
- So one domain supports roughly 20-30 cold emails per day.
- Going above these limits triggers velocity flags from providers.
### Inbox Configuration
- Each inbox needs a real-looking profile: first name, last name, professional display name.
- Profile photos help with identity validation (Checkpoint 4 in the Pre-Send Evaluation).
- Email signatures with real company information add legitimacy.
### Client-Owned vs Rented Inboxes
- Client-owned: you own the Google Workspace or Outlook accounts. You control them.
- Rented/shared: a provider controls the accounts. You're sending from infrastructure you don't own.
- Client-owned is non-negotiable. When you rent, you exist at someone else's mercy. If they raise prices, change terms, or shut down, your entire outbound operation dies.
- Real example: a $25K invoice held to ransom because the provider knew the agency couldn't afford to lose their infrastructure. That doesn't happen when you own your accounts.
---
## Warmup Protocol
### The 4-Week Ramp
**Week 1-2 (Domain Aging):**
- Domain registered, DNS configured, inboxes created.
- Start automated warmup sending (5-10 emails per day, all warmup).
- Zero cold outreach during this phase.
**Week 3 (Ramp Up):**
- Warmup continues in the background.
- Start sending 3-5 cold emails per day per inbox alongside warmup.
- Monitor bounce rates daily. If bounces exceed 1.5%, pause and investigate.
**Week 4 (Full Send):**
- Ramp up to 10 cold emails per day per inbox.
- Warmup can continue or be reduced.
- Monitor reply rates, bounce rates, and spam complaints.
### Warmup Best Practices
- 14 days is the absolute minimum warmup period. Sending cold email from a brand-new inbox with zero history gets you instantly flagged.
- Use a warmup tool that simulates real email conversations (opens, replies, moves from spam to inbox).
- Don't stop warmup entirely once you start sending. Keep it running at a lower volume for ongoing reputation building.
### What Kills Warmup Progress
- Sending too many cold emails too fast (velocity spike).
- High bounce rates (bad list hygiene).
- Low reply rates combined with high send volume (looks like spam to providers).
- Sending with broken DNS authentication.