A complete Apollo.io deliverability setup requires five components: dedicated cold email domains separate from your primary domain, DNS authentication records (SPF, DKIM, and DMARC) on every sending domain, properly configured mailboxes using real names, a 3–4 week inbox warming period before sending sequences, and inbox rotation enabled in Apollo to protect sender reputation at scale.
I spent three years at Apollo.io. In that time I watched hundreds of companies stand up outbound motions and make the same infrastructure mistakes — buying Apollo, loading in a list, and firing sequences from their primary domain with zero authentication configured.
The result is always the same: low open rates, zero replies, and a confused founder asking why Apollo "doesn't work." Apollo works fine. The infrastructure doesn't.
This guide covers the complete deliverability setup — in the right order — so that when your sequences go live, they actually land in inboxes.
No — sending cold outbound from your primary domain is one of the fastest ways to permanently damage your email reputation. Use dedicated cold email domains instead.
Your primary domain — the one on your business cards, your website, your regular email — has sender reputation built up over time. When you send cold outbound at volume from that domain, you are gambling that reputation on people you've never emailed before.
Cold outbound generates spam complaints. Even a small number of complaints relative to sends can trigger spam filters. If your primary domain gets flagged, it doesn't just affect your Apollo sequences — it affects every email you send. Your sales team. Your CEO. Your support inbox.
The solution is dedicated cold email domains. These are separate domains you purchase specifically for outbound — they buffer your primary domain from any reputation risk, and a properly warmed cold domain actually delivers better than a fresh primary domain.
Start with 2–3 dedicated cold email domains and 2–3 mailboxes per domain. That gives you 4–9 sending inboxes — enough volume without overloading any single mailbox.
For most early-stage companies, I recommend starting with 2–3 cold email domains and 2–3 mailboxes per domain. That gives you 4–9 sending inboxes — enough to run meaningful sequences without hammering any single mailbox.
If your primary domain is acmecorp.com, your cold email domains might look like:
| Domain | Use | Notes |
|---|---|---|
acmecorp.io | Cold outbound | Same brand, different TLD |
acmecorp.co | Cold outbound | Common alternative TLD |
getacmecorp.com | Cold outbound | Prefix variation |
Avoid anything that looks spammy or unrelated to your brand. The goal is that a recipient who looks up the domain still lands on something that looks legitimate. Buy domains from Google Domains, Namecheap, or Cloudflare.
You need all three — SPF, DKIM, and DMARC — configured on every sending domain before any email goes out. These are required, not optional.
These three DNS records are email authentication standards. Email providers use them to verify that mail claiming to come from your domain actually came from your domain. Without them, you are an unauthenticated sender — and modern spam filters treat unauthenticated senders with extreme suspicion.
SPF tells receiving mail servers which servers are authorized to send email on behalf of your domain. Add a TXT record to your domain's DNS:
If you're using Google Workspace for your cold email mailboxes (recommended), use the record above. If you're using Microsoft 365, replace include:_spf.google.com with include:spf.protection.outlook.com.
DKIM adds a cryptographic signature to outgoing emails that proves they haven't been tampered with in transit. Your email provider generates the DKIM key — you add it to DNS.
In Google Workspace: Admin Console → Apps → Google Workspace → Gmail → Authenticate Email → Generate new record. Copy the TXT record value and add it to your domain's DNS.
DMARC builds on SPF and DKIM. It tells receiving servers what to do when an email fails authentication — and critically, it enables reporting so you can see if someone is spoofing your domain.
Start with p=none (monitor mode). Once you've confirmed legitimate mail is passing SPF and DKIM — typically after 1–2 weeks of monitoring — move to p=quarantine, then p=reject.
| Record | What it does | Time to configure |
|---|---|---|
| SPF | Authorizes sending servers | 5 minutes |
| DKIM | Signs outgoing mail cryptographically | 15 min + 48hr propagation |
| DMARC | Policy + reporting for failed auth | 5 minutes |
Create 2–3 mailboxes per domain using real personal-style names — not generic department addresses like outreach@ or sales@.
Once your domains are purchased and authenticated, create 2–3 mailboxes per domain. For a domain like acmecorp.io, that might be:
Use real-looking names — not outreach@ or sales@. Cold email performs better when it looks like it's coming from a person, not a department. Set up a professional signature and a forwarding rule so replies come to your main inbox.
Plan for at least 3–4 weeks of dedicated warm-up before running sequences at full volume. Skipping this step will tank your deliverability for months.
A new domain with new mailboxes has zero sending history. If you fire sequences from day one, you will land in spam — no matter how good your authentication setup is. Inbox providers need to see a track record of legitimate, engaged mail before they'll trust you at volume.
Use a dedicated warm-up tool — Instantly, Lemwarm, or Mailreach are all solid options. These tools automatically send low-volume emails between warm-up network inboxes and generate positive engagement signals.
| Week | Daily sends (per mailbox) | Status |
|---|---|---|
| Week 1 | 5–10 warm-up only | Warm-up tool running, no sequences |
| Week 2 | 15–20 warm-up only | Warm-up tool running, no sequences |
| Week 3 | 25–30 warm-up + 5–10 sequences | Begin soft launch |
| Week 4+ | 30–50 warm-up + 20–30 sequences | Full ramp |
Inbox rotation distributes your sequence sends across multiple mailboxes so no single inbox gets hammered — keeping each mailbox's daily volume within safe limits and protecting sender reputation at scale.
Once your mailboxes are warmed and connected to Apollo, set up inbox rotation. In Apollo: go to Settings → Mailboxes, connect all your warmed mailboxes, then in your sequence settings select "Rotate mailboxes." Apollo will distribute sends evenly across the pool.
Keep daily sends per mailbox under 40–50 emails per day. If you need to send more volume, add more mailboxes — don't push individual mailboxes past that threshold.
Deliverability is not a one-time setup. Keep your warm-up tool running in the background and check these four signals every week.
Keep your warm-up tool running in the background even after you've launched sequences — it continuously refreshes sender reputation. Check these signals weekly:
Follow these six steps in order. Skipping or reordering them is the most common cause of deliverability failures.
Same brand, different TLD. Use Google Domains, Namecheap, or Cloudflare. Buy extras now — domain age matters.
All three. On every sending domain. Before anything else. Verify each with MXToolbox.
Use real names. Set up signatures. Forward replies to your main inbox.
Use Instantly, Lemwarm, or Mailreach. Do not send sequences until week 3.
Max 40–50 sends per mailbox per day. Keep warm-up running in parallel.
Spam rate, bounce rate, reply rate, DMARC reports. Deliverability is ongoing — not a one-time setup.
Common questions about Apollo.io deliverability setup
No. You should use separate cold email domains instead of your primary domain. Cold outbound can trigger spam complaints, and that damage affects your entire primary domain — including sales, executive, and support inboxes. Once a primary domain's reputation is damaged, recovery can take months.
You need SPF, DKIM, and DMARC on every sending domain before any email goes out. All three are required — not optional. SPF authorizes your sending servers, DKIM cryptographically signs your outgoing mail, and DMARC sets policy for failed authentication and enables spoofing reports. Verify each record using MXToolbox after adding it.
Plan for at least 3–4 weeks of dedicated warm-up before running sequences at full volume. The schedule above starts with warm-up only in weeks 1 and 2, adds light sequence volume in week 3, and ramps to full sending in week 4. Skipping warm-up will send your emails to spam regardless of how well your DNS authentication is configured.
Start with 2–3 cold email domains and 2–3 mailboxes per domain. That gives you 4–9 sending inboxes — enough sending capacity to run meaningful sequences without overloading any single mailbox. Enable inbox rotation in Apollo to distribute sends evenly across the pool.
Keep daily sends under 40–50 emails per mailbox. If you need more total volume, add more warmed mailboxes rather than increasing send count on a single inbox. Exceeding this threshold raises the risk of spam complaints and reputation damage on that mailbox.
Check four signals weekly: spam placement rate (below 5% is solid, above 10% signals a problem), bounce rate in Apollo (keep under 3%), reply rate (a sudden drop often indicates a deliverability issue before spam reports confirm it), and DMARC reports (review monthly for spoofing or authentication failures). Keep your warm-up tool running continuously in the background.
This is the foundation of every Apollo.io Setup engagement I run. If you'd rather have someone who's done this hundreds of times set it up correctly from the start — that's exactly what the Apollo.io Setup service covers.