Skip to content
OS Domains
Use case

Cold outbound at scale. With the conditions that make it sustainable.

Cold outbound is the email use case most infrastructure providers refuse, because on shared IPs it damages every other sender. OS Domains supports it on dedicated, per-customer infrastructure segregated from transactional and marketing reputation — under enforced conditions: verified lists, reasonable daily caps and working unsubscribe flows. It is the most permissive cold-email infrastructure available in the EU for senders who operate lawfully, and a fast way to get dropped for those who push junk.

Cold outbound is a niche that most email infrastructure providers refuse to support — because on shared IPs, cold email damages everyone. We support it because we run dedicated infrastructure per customer, segregated from transactional and marketing reputation. But we enforce hard conditions: verified lists, reasonable daily caps, working unsubscribe flows. Customers who try to push junk through get dropped without refund. The customers who play within the constraints get the most permissive cold-email infrastructure available in the EU.

Read the Acceptable Use Policy in our Terms before signing up if cold outbound is your primary use case. If your list quality is uncertain or your jurisdiction has tight rules (Germany under UWG, France under LCEN), we can help you scope the constraints before committing.

In short

  • Run on dedicated, per-customer infrastructure segregated from transactional and marketing reputation, never shared IPs.
  • Enforced conditions: verified lists, reasonable daily caps and working unsubscribe; junk senders are dropped without refund.
  • GDPR permits B2B cold under legitimate interest, and meeting those conditions is the point, not a loophole.
  • List quality is the lever — infrastructure cannot rescue a bad list — and one spam-trap hit can blocklist a domain.
  • Reply rate is the metric that matters and has fallen to around 3.4%; domain and inbox rotation is risk isolation, not a volume trick.
Key numbers
Domains per account
Up to 200
IPs per pool
3–30
Inbox placement target
75-90%
Daily cap per inbox
25-35 msg

Does OS Domains support cold outbound?

Most mainstream email infrastructure providers (AWS SES, SendGrid, Mailgun, Postmark) will close your account the moment they detect cold outbound activity, because cold email has a higher complaint rate, attracts spam-trap hits, and creates the kind of reputation problems that affect their other customers on shared IPs. We support cold outbound because we run dedicated infrastructure with per-customer IP pools, segregated from transactional and marketing reputation — but we do enforce hard conditions: lists with verified email addresses (not scraped junk), reasonable daily volume per inbox (the Gmail-tolerated range), and an actual unsubscribe flow. Customers who hit our prohibited-use criteria (purchased lists, scraped emails, fake unsubscribe) are dropped without refund.

What architecture does cold outbound need?

A serious cold outbound operation looks like this: 20-100 sending domains rotated systematically, each with its own SPF/DKIM/DMARC, each tied to a small pool of warmed inboxes (3-10 per domain), with daily caps of 25-35 sends per inbox to stay below Gmail and Outlook anti-abuse thresholds. You need the ability to spin up new domains in days, retire damaged domains without leaking traffic to others, and monitor reputation at the per-domain rather than per-IP level because cold outbound damage typically hits the domain reputation harder than the IP reputation. This is the architecture our Cold Email Infrastructure service is built around.

What we do not do.

We do not provide lists. We do not sell email scrapers or contact databases. We do not connect to LinkedIn auto-scrapers. We are infrastructure for outbound that you have sourced and verified yourself through whatever lawful means apply in your jurisdiction (B2B research, opt-in events, public regulatory filings, etc.). What is legal varies by jurisdiction — Germany under TMG/UWG has stricter rules than the US under CAN-SPAM — and we expect customers to know which rules apply to them. We do not give legal advice on cold outbound legality; that is what your lawyer is for.

DMARC enforcement killed lazy outbound, and that helped the senders who stayed.

Google began requiring authentication for bulk senders in February 2024, escalated to hard rejection of non-compliant mail in November 2025, and Microsoft moved in the same direction from May 2025. By 2026 the practical reality is that a sending domain without aligned SPF, DKIM, and a DMARC policy does not land in spam — it is rejected at the door. That change cut the volume of the laziest outbound, the operations spraying unauthenticated mail from throwaway domains, which had been a large share of the spam-trap hits and complaints that poisoned deliverability for everyone else. For an operator who authenticates every rotation domain to enforcement, the inbox is marginally less crowded with the worst senders than it was two years ago. We authenticate every sending domain to DMARC enforcement at provisioning rather than leaving it at p=none, because a cold domain that is not at enforcement is no longer a domain that underperforms; it is a domain whose mail does not arrive. The teams still complaining that cold email is dead are usually the teams that never finished the authentication work that became mandatory.

What is a realistic cold-email reply rate?

The honest benchmark for B2B cold outbound in 2026 sits between roughly 3.4% and 5.8% reply rate depending on the dataset and the targeting, with the top tenth of campaigns clearing 10% on tight, hyper-personalized lists. The average has drifted down from around 5% a year earlier and higher before that, and the cause is structural rather than personal: inboxes carry more than a hundred messages a day for many professionals, AI-generated outreach has flooded the channel, and buyer fatigue has risen. A falling reply rate is usually the market, not your copy. The dangerous response, and the one we design against, is to send more volume to make up the shortfall, which pushes each domain past the caps that hold reputation together and accelerates the decline into spam placement. We cap per-inbox volume and report reply rate per domain so the lever you reach for when the number drops is tighter targeting and better list quality, not a bigger blast. If a campaign is replying below one percent, more sending infrastructure will not fix what is a targeting problem, and we will say so rather than sell you more domains.

Is B2B cold email allowed under GDPR?

European law does not ban B2B cold email; it permits it under the legitimate-interest basis, provided you contact a person in their professional capacity, about something genuinely relevant to their role, with a clear and working opt-out, and a documented assessment that your interest does not override their rights. The conditions are where most operations fail, not the basis itself. National rules layer on top: Germany under UWG is stricter and effectively expects prior consent even for business addresses, the United Kingdom under PECR sets a lower bar for corporate addresses than for personal ones, and the United States under CAN-SPAM runs on opt-out with statutory penalties that can reach tens of thousands of dollars per email if you systematically ignore removal requests. We do not give legal advice on which rule binds you — that belongs to your lawyer — but the platform is built to support the compliant pattern: List-Unsubscribe on every send, a suppression list the API cannot bypass, and an audit log that produces evidence of what was sent and what was honored on demand. The legitimate-interest basis collapses the instant you cannot show you respected an opt-out, so the evidence trail is not a formality.

List quality is the lever; infrastructure cannot rescue a bad list.

Industry analysis puts most of the failure in cold outbound on targeting rather than on deliverability: a large majority of the messages that go nowhere were sent to prospects who never fit the profile or lacked the authority to act, and bad data drives the bounces that then damage the domain. Verification fixes one half of that — we require verified addresses and drop scraped junk, because a high bounce rate alone will sink a domain — but verification only removes the invalid addresses, it does not make a valid-but-irrelevant list relevant. A clean list of the wrong people still fails. The operations that perform send fewer, tighter, more relevant messages to a curated set, and the data consistently shows curated outreach beating bulk sends to unvetted contacts. Our per-inbox caps and per-domain reputation tracking reward that discipline and punish spray-and-pray, which is the deliberate design choice behind a platform that drops customers who push junk. We are the wrong vendor for an operation that wants to blast a purchased list of half a million contacts, and we would rather say that before you sign than after your domains are blocked.

Domain and inbox rotation is risk isolation, not a volume trick.

The rotation architecture — twenty to a hundred sending domains, each with a small pool of warmed inboxes, each domain authenticated independently and capped per inbox — is often read as a way to push more volume past the filters. That reading misses the point and gets people banned. Rotation is blast-radius containment. A single send to a weak list can take a domain from inbox to spam in a couple of days, and the entire value of rotation is that the damaged domain is a disposable one you retire rather than the brand domain your company actually uses, which should never carry cold traffic at all. We provision new domains in days, retire damaged ones without leaking their traffic onto healthy domains, and track reputation per domain because cold damage lands on the domain harder than on the shared IP. The disciplined pattern keeps tested, high-quality lists on premium domains and routes experimental campaigns to domains that can be sacrificed, so a bad experiment costs a domain rather than a quarter of pipeline. Volume is an output of that discipline, not the goal of it.

Plain, short, single-link messages clear filters that decorated templates trip.

The content guidance that holds up across the 2026 benchmarks is unglamorous: plain text or very light HTML, under roughly eighty words, a single link at most, written like a person rather than a brand. Heavy HTML templates, image-laden layouts, and multiple tracking links raise spam scores, and on a cold domain with no established trust they tip the message into the junk folder regardless of how clean the authentication is. The pattern that earns replies tends to reference a specific, real problem the recipient has, and the follow-up that attaches a relevant case study often outperforms the first touch. We do not write your copy and we do not police your message beyond the abuse line, but the deliverability defaults we recommend on cold domains — minimal markup, one link, no image-heavy templates, no link shorteners that share a blocklisted reputation — exist because they keep per-domain reputation from eroding faster than rotation can replace the domains. A beautiful template on a cold domain is a deliverability liability wearing a designer suit.

How dangerous are spam traps for cold lists?

Cold lists, especially anything aged or sourced broadly, carry spam-trap risk that verification alone does not remove. Recycled traps are abandoned addresses that a provider has repurposed to catch senders mailing stale data, and pristine traps are addresses that no human ever used, seeded specifically to catch scrapers. A single pristine-trap hit can land a domain on a major blocklist within hours, and a blocklisted domain does not recover on a schedule you control. Verification strips out the obviously invalid addresses, but it cannot flag a well-formed trap that accepts mail like any real mailbox. The defenses are list provenance — knowing where every address came from, which is the reason we drop scraped lists rather than clean them — conservative volume that limits how much exposure any one domain takes, and continuous blocklist monitoring per domain so a listing surfaces in hours instead of being discovered weeks later when the reply rate has already collapsed. The disposable-domain pattern is the containment: a trap hit on an experimental domain costs that domain, while the premium domains carrying your tested lists stay clean. We track domain reputation at Gmail through Postmaster Tools and at Outlook through SNDS, and watch the major blocklists alongside, because in cold outbound a blocklisting is usually the first hard signal that a list was dirtier than it looked.

How we solve it

The specific capabilities that matter for this use case.

01

Up to 200 sending domains per account

Each domain authenticated independently with SPF, DKIM, DMARC. Rotation policies configurable per pool. Bulk DNS provisioning available via API for accounts with 50+ domains.

02

Pre-warmed inbox pools

Our Pre-Warmed Inboxes service gives you mailboxes with existing reputation, ready to send within hours rather than waiting 4 weeks of warmup. Limited inventory; subject to availability.

03

Per-domain reputation dashboard

Cold outbound reputation damage typically lands on the domain, not the IP. Our dashboard tracks domain reputation at Gmail (via Postmaster Tools) and Outlook (via SNDS) separately from IP reputation.

04

Engagement-aware daily caps

Inboxes that get replies and opens get their daily cap raised automatically. Inboxes that get nothing have their cap reduced to protect reputation. No fixed schedule.

05

Automatic suppression on bounce

Hard bounces auto-suppress for 365 days (cold outbound has more re-discoverable contacts than marketing). Soft bounces retry up to 5 times across 72 hours with exponential backoff.

06

Compliance guard rails

List-Unsubscribe headers required on every send. Suppression list cannot be bypassed by API. Audit log shows every send and every action; we can produce evidence on demand for regulators.

Common challenges

What we see go wrong, and how we fix it.

Reputation damage from one bad campaign

A single send to a junk list can take a domain from inbox to spam in 48 hours. The fix is segmentation: keep your tested high-quality lists on premium domains, route experimental campaigns to disposable domains that you can retire if reputation craters. Reputation Recovery service handles cases where damage has already happened.

Gmail and Outlook adversarial updates

Gmail and Outlook update their anti-cold-email detection roughly quarterly. What worked 6 months ago may not work today. We follow these changes and adjust default daily caps and rotation patterns; customers who follow our recommendations track the market average. Customers who deviate (aggressive cap increases, no unsubscribe, sketchy content) get throttled or dropped.

Compliance variability by jurisdiction

German UWG/TMG requires prior consent for B2C and B2B cold; US CAN-SPAM is opt-out; UK PECR splits between corporate (lower bar) and personal (consent required) addresses. We do not enforce jurisdiction-specific rules — that is your lawyer's job — but we do require List-Unsubscribe and we do drop customers when complaint rates exceed 0.3%.

Reply rates are falling industry-wide, and more volume makes it worse

The average B2B cold reply rate fell to around 3.4% in 2026 from roughly 5% the year before, driven by inbox saturation and buyer fatigue rather than by any one sender's copy. The dangerous response is to send more to compensate, which raises volume per domain past the caps that keep reputation intact and accelerates the decline. We cap per-inbox volume and report reply rate per domain, so the response to a falling rate is tighter targeting rather than a bigger blast.

A cold domain at p=none does not reach spam, it gets rejected

Since the enforcement escalation through late 2025, domains without aligned SPF, DKIM, and DMARC are rejected outright by Gmail, Yahoo, and Microsoft rather than filtered to spam. A rotation domain spun up without enforcement-grade authentication does not underperform; it does not deliver at all. We authenticate every sending domain to DMARC enforcement at provisioning, because in 2026 the authentication decides whether the message arrives or bounces, not whether it reaches inbox or spam.

FAQ

Questions we get the most.

01

Do you really allow cold email? Everybody else bans it.

Yes, with documented conditions in our Acceptable Use Policy. The reason most providers ban it is they run shared IPs and cold outbound damages everyone else. We run dedicated per-customer IPs and per-customer domain pools, so the reputation impact is contained. We also require evidence that your list is verified (not scraped junk) and that your unsubscribe flow actually works.

02

Can you provide cold email lists?

No. We are infrastructure, not a list broker. Sourcing contacts is your responsibility. We have customers who use SalesNavigator + email-verification tools, customers who scrape from public regulatory filings (perfectly legal in many B2B contexts), customers who do offline research. We do not endorse or oppose any of these — we just do not sell them to you.

03

What is the warm-up time for cold outbound?

New domains: 4-8 weeks to reach full sending capacity, scaled by engagement. Pre-Warmed Inboxes can compress this to 1-2 weeks for some traffic profiles. We do not promise faster — Gmail and Outlook throttle new domains regardless of who is doing the warming.

04

What complaint rate causes you to drop me?

Sustained above 0.3% complaint rate (Gmail Postmaster threshold) over 7 days triggers a warning and a mandatory consultation. Sustained above 0.5% triggers automatic suspension pending list cleanup. Single-campaign spikes above 1% trigger an immediate pause until we have a written remediation plan from you. These thresholds protect your reputation as much as ours.

05

Do you support multi-domain rotation policies?

Yes. Configure rotation in the customer portal: round-robin, weighted, engagement-prioritized, or custom. You can also script it via the API. Most senders run weighted rotation where the top-engaging domains carry 60-70% of traffic and the rest serve as fallback.

06

What reply rate should we expect from cold outbound in 2026?

The datasets cluster between 3.4% and 5.8% depending on source and targeting, with the top tenth of campaigns clearing 10% on tight, hyper-personalized lists. Below 3% suggests a deliverability or targeting problem; below 1% means something is broken. The trend is down — inbox saturation and AI-generated outreach have pushed the average lower year over year — so a falling rate is usually the market rather than your copy. We report reply rate per domain so you can separate a targeting problem from a deliverability one before you change anything.

07

Is B2B cold email legal under GDPR?

GDPR permits B2B cold email under the legitimate-interest basis when you contact a person in their professional capacity about something relevant to their role, offer a clear opt-out, and document a legitimate-interest assessment. National rules vary: Germany under UWG is stricter and effectively expects consent, the UK under PECR sets a lower bar for corporate addresses than personal ones, and the US under CAN-SPAM is opt-out with penalties that can reach tens of thousands of dollars per email. We do not give legal advice — that is your lawyer's job — but the platform supports the compliant pattern with mandatory List-Unsubscribe, a suppression list that cannot be bypassed by the API, and an audit log that produces evidence on demand.

08

How many emails per inbox per day is safe?

We default to a conservative 25 to 35 sends per inbox per day, which sits comfortably under the anti-abuse thresholds at Gmail and Outlook. Some operators push to 50 or more, and it can work on well-warmed inboxes with strong engagement, but the higher band leaves less margin when a provider tightens its rules, which happens roughly quarterly. The engagement-aware cap raises the limit on inboxes that earn replies and lowers it on inboxes that get silence, so the volume follows the reputation rather than a fixed schedule. Rotating across several inboxes per rep is how you reach real volume without pushing any single inbox past the line.

09

What happens if one of our sending domains gets blocklisted?

A blocklisted domain stops delivering, and the fix depends on which list flagged it and why. We monitor the major blocklists per domain so a listing surfaces in hours, then the response follows the disposable-domain model: retire the affected domain from active rotation so it stops leaking the problem onto healthy domains, isolate the list segment that caused it, and where the listing is recoverable, file the delisting request and let the domain cool before reuse. For damage that has already spread across a fleet, the Reputation Recovery service handles the structured cleanup. Capping volume and requiring verified lists is precisely what keeps a blocklisting a contained, single-domain event rather than a fleet-wide one.

Ready to talk

Schedule a 45-minute architecture call with an engineer.

No salesperson, no commission, no qualification rounds. Tell us what you are trying to do, we tell you whether we are a fit, and you walk away with a recommendation either way.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment