Cold Email Infrastructure for the United States

A US cold email stack in 2026 has three non-negotiables: CAN-SPAM compliance, full SPF/DKIM/DMARC alignment, and sending from US-based IPs that match the geography of your recipients. The US market is dominated by Gmail, Outlook.com, Yahoo Mail, and Apple iCloud Mail, and since February 2024 Google and Yahoo enforce the Google & Yahoo bulk sender requirements. Anyone sending above 5,000 messages per day to Gmail addresses from the same domain has to pass DMARC, publish a p=none or stricter policy, keep spam complaint rates under 0.3%, and offer one-click unsubscribe via List-Unsubscribe-Post.

The cold email failure mode in the US is almost always the same: an outreach team buys shared-IP mailboxes from a cheap bulk provider, skips warmup, hits Gmail with 200 messages per mailbox on day one, and ends up in spam inside a week. The fix is boring: real Google Workspace or Microsoft 365 accounts, US IPs, a 14-28 day warmup, and volumes per mailbox that stay under 50/day per account for the first month.

Pricing based on InboxKit's Professional ($39/mo, 10 slots), Agency ($99/mo, 30 slots), and Enterprise ($299/mo, 100 slots) tiers with $2.99-$3.50 extra per mailbox. Warmup add-on is $3/mailbox/month. InfraGuard is billed per domain with the first month free.

CAN-SPAM (the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003) is the federal baseline for commercial email in the US. Unlike GDPR, it does not require prior consent, but every requirement on the list below is enforceable, and the FTC can fine senders up to $53,088 per violating message under updated 2024 penalty figures.

The seven CAN-SPAM requirements every cold sender must meet: 1. Accurate header information. From, Reply-To, and routing headers must identify the real sender. InboxKit registers mailboxes under your legal sending entity so this happens automatically. 2. Non-deceptive subject lines. No fake RE: or FWD: prefixes unless the message actually is a reply. 3. Clear commercial disclosure. The message must be identifiable as a commercial solicitation. A short This is an outreach message from {Company} line at the bottom is enough. 4. A valid physical postal address. Every message needs a real street address or PO box. This is the single most commonly missed requirement. 5. A clear opt-out mechanism. An unsubscribe link or reply-to-opt-out instruction, honored within 10 business days. 6. No sending to scraped addresses harvested from websites. Scraping is specifically called out in the statute and carries higher penalties. 7. No forged headers, open relays, or borrowed accounts. Using compromised mailboxes triples exposure.

CAN-SPAM preempts most state anti-spam laws but not California's CCPA, which applies if you process personal information of California residents: even B2B work emails count when scraped without permission. A California recipient who opts out of your sequence has a CCPA right to request deletion of their contact record. A clean outbound workflow handles that with a suppression list that survives mailbox rotation.

US B2B inboxes skew Gmail-heavy but are not Gmail-only. The practical mix a US sender can expect in 2026 looks like this:

Two things matter in this mix. First, Gmail and Microsoft 365 disagree about reputation. Gmail watches domain reputation across all your sending. Microsoft 365 weighs IP reputation more heavily, which is why a US sender with a clean domain can still land in Outlook.com junk if their sending IP has historic complaints. InboxKit's US IP pools are segmented: new mailboxes go onto lower-volume IPs first and only graduate to higher-volume pools after warmup completes.

Second, the Gmail inbox split matters. Messages can land in Primary, Promotions, Updates, or Social. Cold outreach should target Primary. The tabs are determined mostly by content: personalized, 1:1-sounding plain-text emails with a clear ask land in Primary, while emails with heavy HTML, tracking pixels, and merge-tag-heavy greetings get swept into Promotions. US cold email teams that strip tracking pixels from first touches consistently report 2-3x higher reply rates.

An email from a European or Asian IP to a US Gmail recipient is technically legal and technically authenticated, and still ends up junked more often than the same message sent from a US IP. Three reasons.

One, IP geolocation is a reputation signal. Gmail and Microsoft feed sender IPs through geolocation databases, and messages that cross continents to reach a recipient pick up a small but measurable reputation penalty, especially if the sending domain is also new. Two, latency to the receiving MTA affects SMTP handshake success. TLS renegotiations and RFC 5321 timeouts misbehave more often over 200ms round-trip paths, which quietly bumps bounce rates. Three, ISP peering matters. US-to-US traffic usually rides high-quality peering directly into Google and Microsoft's edge, while trans-Atlantic traffic can be routed through transit providers with noisier neighbors.

InboxKit runs real Google Workspace and Microsoft 365 accounts on US-based IPs as the default for US cold senders. This matters more for Microsoft 365 delivery than for Gmail, but the compounding effect on first-touch open rate is real, we typically see 5-12% higher inbox placement for US-domiciled campaigns that match sender and recipient geography.

A practical test: once your US infrastructure is live, send a calibration batch to GlockApps seed list and compare Primary vs Promotions rates for identical content sent from US IPs vs non-US IPs. The delta is usually 10-20% in favor of US IPs.

The US cold email domain strategy is the same everywhere: protect the brand domain, send from secondary domains, rotate mailboxes, but the execution details matter.

• Register 3-8 secondary domains (.com preferred for US recipients, .io, .co, and .app land fine but test slightly worse in our data).
• Vary registrars. Using one registrar for all domains creates a correlated failure mode.
• Redirect all secondary domains to the primary brand site with a 301 so link clicks on secondary domains still build brand trust.
• Keep each secondary domain to 3-5 mailboxes. More than that starts to look like bulk on shared-domain scoring.

• Prefer Google Workspace for US recipients. Google-to-Google delivery is the highest-trust path in the US inbox mix.
• Mix in Microsoft 365 mailboxes at a 20-30% ratio. Microsoft 365 often performs better when reaching Outlook.com / Microsoft 365 recipients.
• New mailbox ceilings: 20/day in week 1, 40/day in week 2, 60/day in week 3, 80+/day only after week 4.
• Use InboxKit's isolated warmup network: not a shared warmup pool where a neighbor's complaints pollute your reputation.

• v=spf1 include:_spf.google.com ~all (or Microsoft equivalent)
• Two dkim selectors published (google, selector1)
• v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com at minimum; tighten to p=quarantine after 30 days of clean reports.
• MX records matching your mailbox provider
• Optional: BIMI record for brand indicator display in Gmail and Yahoo

InboxKit automates all of this through Cloudflare in under 60 seconds per domain.

Google's 2024 bulk sender rules draw a bright line at 5,000 messages per day to Gmail from a single domain. Cold senders should treat that as a planning constraint, not a target. A properly warmed US setup sending 5,000 cold emails per day is distributing them across at least 50-100 mailboxes on 15-30 domains, never hitting the 5,000/domain ceiling on any single zone.

• Days 1-7: 10-20 messages per mailbox per day, all outbound to warmup network, zero cold outreach.
• Days 8-14: 20-40 messages per mailbox per day, warmup network only, start sending 5-10 test cold emails to known-engaged recipients.
• Days 15-21: 40-60 messages per day with a 70/30 warmup-to-cold ratio.
• Day 22+: 60-100 messages per day, flipping to 30/70 warmup-to-cold. Full cold volume after day 28.

• 10,000 messages / 60 per mailbox = ~170 active mailboxes
• 170 mailboxes / 4 mailboxes per domain = ~45 domains
• At InboxKit Enterprise ($299 for 100 slots + $2.99 extra): ~$500/month infrastructure cost
• Warmup add-on: 170 × $3 = $510/month
• InfraGuard: ~$50/month for 45 domains
• Total: ~$1,060/month for 10,000 cold emails/day: under $0.004 per sent message.

Compare that to Instantly's bundled sequencer + infrastructure pricing at roughly $0.008-$0.015 per sent message for equivalent volume, or an in-house rebuild where the human cost of managing 45 domains and 170 mailboxes manually dwarfs the infrastructure bill.

The three failure modes for US cold senders, in order of frequency:

1. 1Silent domain blacklisting. A recipient marks one of your messages as spam, their domain's reputation drops, Gmail quietly throttles delivery. You see the symptom (reply rates falling) two weeks later. Fix: continuous blacklist monitoring (Spamhaus SBL, SORBS, Barracuda) + Google Postmaster domain reputation checks every 6 hours. InboxKit's InfraGuard handles this natively.

1. 2DNS drift. A well-meaning engineer adds a new vendor to SPF, pushes the record over 10 DNS lookups, SPF evaluation returns permerror, DMARC alignment silently breaks. Fix: DNS watch that alerts on any unexpected record mutation.

1. 3Mailbox suspension. Google Workspace suspends a mailbox for policy violation. Existing sequences keep trying to send, pile up bounces, hurt the whole domain's reputation. Fix: auto-pause on suspension so the bad mailbox doesn't drag its neighbors down.

US senders should watch Google Postmaster Tools and Microsoft SNDS weekly at minimum. Domain reputation in Postmaster Tools should stay in the High bucket; once it drops to Medium, throttling is already happening. Spam complaint rate should hover under 0.1%, the 0.3% Google threshold is the enforcement line, not the operating target.

• [ ] Register 5-10 secondary domains, spread across 2+ registrars
• [ ] Create InboxKit account, pick the tier that matches projected volume
• [ ] Provision Google Workspace mailboxes (70%) + Microsoft 365 mailboxes (30%)
• [ ] Automated DNS (SPF/DKIM/DMARC/MX) via InboxKit + Cloudflare
• [ ] Enable isolated warmup on every mailbox
• [ ] Enable InfraGuard on every domain

• [ ] Confirm all mailboxes reach the warmup network and send engagement metrics
• [ ] Daily check on Postmaster Tools domain reputation
• [ ] Review SNDS data for Microsoft 365 IP ranges
• [ ] Build suppression list (CAN-SPAM 10-day opt-out honoring)

• [ ] Start cold sequences at 40-60 messages per mailbox per day
• [ ] A/B test subject lines and first-touch content
• [ ] Weekly deliverability review: Primary tab %, open rate, reply rate, complaint rate
• [ ] Rotate mailboxes out at 0.1% complaint rate threshold

• Google Postmaster domain reputation drops to Low
• Spam complaint rate crosses 0.2%
• Daily bounce rate crosses 3%
• InfraGuard alerts on a blacklist hit