Cold Email Setup Guide

Last updated: January 3, 2026

Step-by-step guide to configuring a secondary domain for cold email with proper authentication. Follow the exact order to avoid blocking your own emails.

Why do I need a secondary domain?

Never use your primary domain for cold outreach. If your main website is acme.com and your cold emails get marked as spam, your entire domain reputation tanks—including your regular business emails.

Buy a look-alike domain

Go to a registrar (Namecheap, Cloudflare, GoDaddy) and purchase 1-2 secondary domains:

• getacme.com
• tryacme.com
• acme.co
• acme-mail.com

How do I buy a domain in Cloudflare?

Cloudflare sells domains at wholesale cost with no markup. A .com domain costs around $10/year—cheaper than most registrars.

Create a Cloudflare account

1. Go to cloudflare.com and sign up for a free account
2. Verify your email address
3. Navigate to Domain Registration → Register Domains in the left sidebar

Search and purchase

1. Enter your desired domain name in the search box (e.g., getacme.com)
2. Select from available options—Cloudflare shows the exact wholesale price
3. Add to cart and complete checkout
4. Payment options include credit card and PayPal

Why Cloudflare?

Your domain will be active within minutes. DNS is automatically configured through Cloudflare.

How do I create a recovery email?

Before setting up Google Workspace, create a dedicated recovery email using Protonmail. This keeps all your cold email infrastructure organized and separate from your main accounts.

Why use Protonmail?

Create your Protonmail account

1. Go to proton.me and click Create a free account
2. Select the Free plan
3. Choose a username that matches your cold email domain:
   • If your domain is getacme.com, use [email protected]
   • If your domain is tryacme.com, use [email protected]
4. Set a strong password and save it in your password manager
5. Complete the verification (phone or email)
6. Skip the premium upsells—the free plan works perfectly

Why this naming convention?

Using <yourdomainname>@proton.me makes it easy to:

• Instantly know which domain this recovery email belongs to
• Manage multiple cold email domains without confusion
• Find the right account when you need to recover access

What you’ll use this for

• Google Workspace account recovery
• Cloudflare account recovery (optional secondary)
• Receiving DMARC reports (alternative to your main email)
• Any cold email infrastructure that needs a recovery address

How do I set up the email workspace?

Google Workspace gives you a professional email address with Gmail’s deliverability. The cheapest plan works perfectly for cold outreach.

Get the cheapest Google Workspace plan

1. Go to workspace.google.com
2. Click Get Started and enter your newly purchased domain
3. Select Business Starter at $6/user/month (billed monthly) or $7.20/user/month (billed annually)
4. You only need one user account for cold outreach

Save money on Google Workspace

Create the user account

1. Set up a legitimate-looking email: [email protected]
2. Avoid generic addresses like sales@ or info@—they have lower open rates
3. Use your real name for better trust signals

Complete your profile

1. Upload a professional headshot to your Google account
2. Fill out your contact information completely
3. Add a signature with your name and company—this humanizes your outreach

How do I set up SPF?

SPF (Sender Policy Framework) is the bouncer at the club. It tells receiving servers which IP addresses are allowed to send email for your domain.

Do this before DMARC. If you set up DMARC first, you’ll block your own emails.

Add SPF record in Cloudflare

1. Log into dash.cloudflare.com
2. Select your cold email domain from the sidebar
3. Go to DNS → Records
4. Click Add Record
5. Configure the record:

6. Click Save

Verify your setup

Check that you only have one SPF record per domain. Multiple SPF records cancel each other out and break authentication. You can verify in Cloudflare by filtering DNS records by type TXT.

How do I set up DKIM?

DKIM (DomainKeys Identified Mail) is a digital wax seal that proves the email hasn’t been tampered with during transit.

Do this before DMARC. Complete both SPF and DKIM setup before moving on.

Generate the DKIM key in Google Admin

1. Go to admin.google.com
2. Navigate to Apps → Google Workspace → Gmail → Authenticate Email
3. Select your domain and click Generate New Record
4. Choose 2048-bit key length for better security
5. Copy both the DNS Host name (e.g., google._domainkey) and the TXT record value

Add DKIM record in Cloudflare

1. Log into dash.cloudflare.com
2. Select your cold email domain
3. Go to DNS → Records
4. Click Add Record
5. Configure the record:

6. Click Save

Activate DKIM in Google Admin

Critical step most people forget:

1. Go back to admin.google.com → Gmail → Authenticate Email
2. Click Start Authentication
3. Wait for status to show “Authenticating email”

DKIM won’t work until you complete this activation step.

How do I add MX records for Google Workspace?

MX (Mail Exchange) records tell the internet where to deliver emails sent to your domain. Without these, you can send emails but won’t receive replies.

Automatic setup with Cloudflare

Google Workspace detects when your domain uses Cloudflare and offers one-click MX record setup:

1. During Google Workspace setup, look for the Verify with Cloudflare button
2. Click it—Google will automatically add all 5 MX records to your Cloudflare DNS
3. The records are configured with correct priorities automatically

This adds the following records for you:

Verify MX records are active

1. Go to MxToolbox MX Lookup
2. Enter your domain and select MX Lookup
3. You should see all 5 Google mail servers listed with correct priorities

How do I set up DMARC?

DMARC (Domain-based Message Authentication) is the rule book. It tells receiving servers what to do when emails fail SPF or DKIM checks.

Wait for propagation first

1. Wait at least 24 hours after setting up SPF and DKIM
2. Use MxToolbox to verify both show “Pass”
3. Only proceed once authentication is confirmed

Add DMARC record in Cloudflare

1. Log into dash.cloudflare.com
2. Select your cold email domain
3. Go to DNS → Records
4. Click Add Record
5. Configure the record:

6. Click Save

Replace [email protected] with the email where you want to receive DMARC reports.

DMARC policy options

Start with p=none for the first month. After confirming everything works, upgrade to p=quarantine or p=reject.

How do I know my records are propagated?

After setting up your DNS records, verify everything is working before you start sending. These free tools check your configuration and flag any issues.

Quick verification tools

Using MxToolbox

1. Go to MxToolbox SuperTool
2. Enter your domain (e.g., getacme.com)
3. Run these checks:
   • SPF Record Lookup - Should show your SPF record and “Pass”
   • DKIM Lookup - Enter google._domainkey (or your selector) to verify
   • DMARC Lookup - Should show your DMARC policy

Using EasyDMARC

1. Go to EasyDMARC and create a free account
2. Add your domain to the dashboard
3. EasyDMARC will:
   • Scan all your authentication records
   • Send you a report via email when issues are detected
   • Provide ongoing monitoring of your DMARC reports
4. Download the reports to track authentication failures over time

What “Pass” looks like

All three records should show green/pass status:

If any show “Fail” or “Not Found,” wait another 24 hours or double-check your DNS entries for typos.

How do I clean my email list?

Email providers like Mailchimp, ActiveCampaign, and SendGrid scan your lists and will block you for high bounce rates. Clean your list before sending.

Use an email verification service

1. Go to NeverBounce (or similar: ZeroBounce, Hunter.io)
2. Upload your email list as a CSV
3. Run the verification—it checks for:
   • Invalid email addresses
   • Disposable/temporary emails
   • Catch-all domains
   • Known spam traps
4. Download the cleaned list and remove all “invalid” or “risky” entries

Enable double opt-in

For inbound signups, always use double opt-in verification:

1. User submits their email on your form
2. System sends a confirmation email with a verification link
3. User clicks the link to confirm
4. Only then is the email added to your active list

This prevents:

• Typos and fake emails from polluting your list
• Spam complaints from people who didn’t actually sign up
• Getting flagged by email providers for poor list hygiene

Bounce rate thresholds

How do I set up a redirect to my main site?

When someone types your cold email domain into a browser, they should be redirected to your main website. Cloudflare’s redirect rules make this easy.

Create a redirect rule in Cloudflare

1. Log into dash.cloudflare.com
2. Select your cold email domain
3. Go to Rules → Redirect Rules
4. Click Create Rule

Configure the rule

1. Rule name: Redirect to main site
2. When incoming requests match: Select All incoming requests
3. Then: Select Dynamic redirect
4. Expression:

   concat("https://www.silvermine.ai", http.request.uri.path)

5. Status code: 301 (Permanent Redirect)
6. Preserve query string: Enable this toggle

Alternative: Static redirect

If you just want to redirect everything to your homepage:

1. When incoming requests match: All incoming requests
2. Then: Select Static redirect
3. URL: https://www.silvermine.ai
4. Status code: 301

Why this matters

• Recipients who check your domain see a legitimate business
• Maintains brand consistency across domains
• Builds trust when prospects research your email

Quick Reference