What tools do I need for cold email outbound?

Six layers: a data source (Apollo, Clay, or ZoomInfo), an email verifier (ZeroBounce, NeverBounce, or Kickbox), sending infrastructure (secondary domains with 2-3 mailboxes each on Google Workspace, Microsoft 365, or a dedicated provider), a sequencer (Instantly, Smartlead, or lemlist), optional AI tooling, and monitoring (Google Postmaster Tools, Microsoft SNDS). A one-SDR setup runs roughly $250-500/month.

How many email domains and mailboxes do I need for cold outreach?

Work backward from daily volume. Each mailbox safely sends 20-30 cold emails per day, and each domain should carry only 2-3 mailboxes. One SDR sending 150 emails/day needs about 6 mailboxes across 2-3 secondary domains. A team of four SDRs at the same pace needs roughly 24 mailboxes across 8-12 domains. Never use your root company domain.

How much does a GTM email infrastructure stack cost per month?

For one SDR at 150 sends/day: data layer $50-150, verification $20-50, six mailboxes $36-50 on Google Workspace (or $10-25 on dedicated providers like Maildoso or Infraforge), three domains about $3/month amortized, sequencer $40-100, monitoring free to $50. Total: roughly $250-500/month before salaries. AI SDR agents add $1,000-3,000+/month.

Can I run cold email from my main company domain?

No. Cold email generates spam complaints and blocklist hits no matter how good your targeting is, and that damage attaches to the sending domain permanently. If it lands on your root domain, it degrades employee email, billing notifications, and password resets. Buy 2-3 secondary domains that resemble your brand and contain the risk there. Domains cost about $12/year — root domain reputation is irreplaceable.

Do AI SDR tools like 11x or Artisan replace the email infrastructure stack?

No — they sit on top of it. An AI SDR still needs warmed mailboxes, authenticated secondary domains, verified lists, and volume caps. Most AI SDR platforms bundle or resell this infrastructure, but the physics don't change: machine-generated volume without per-mailbox limits burns domains faster than human SDRs do, because the agent never gets tired and never slows down.

What order should I set up my outbound email stack in?

Infrastructure first, data last. Week 1: buy secondary domains, provision mailboxes, configure SPF, DKIM, and DMARC. Weeks 2-4: warmup on every mailbox. During warmup: build and verify your prospect list, configure the sequencer with rotation and a custom tracking domain. Week 4-5: start sending at 10-15/day per mailbox and ramp to 25-30 over two weeks. Teams that buy data first always rush the warmup.

The GTM Email Infrastructure Stack (2026): Every Layer, Explained

The Stack in One Table

Every outbound email operation — whether it's one founder sending 50 emails a day or an AI agent fleet sending 5,000 — runs on the same six layers. Most teams buy these layers from different vendors, wire them together themselves, and discover the failure points in production.

Here's the whole stack:

Layer	Job	Representative tools	Typical cost (2026)
1. Data	Build and enrich the prospect list	Apollo, Clay, ZoomInfo, LinkedIn Sales Navigator	$50-300/user/mo (ZoomInfo: five figures/yr)
2. Verification	Remove invalid addresses before they bounce	ZeroBounce, NeverBounce, Kickbox	$0.003-0.008 per address
3. Sending infrastructure	Secondary domains, mailboxes, SPF/DKIM/DMARC, warmup	Google Workspace, Microsoft 365, Maildoso, Infraforge, Mailscale, Mission Inbox	$1-8 per mailbox/mo + ~$12/yr per domain
4. Sequencer	Rotate mailboxes, enforce caps, manage replies	Instantly, Smartlead, Apollo, lemlist, Reply.io	$37-100/user/mo
5. AI	Research, personalization, autonomous agents	11x, Artisan, AiSDR, Clay enrichment agents	$0 (DIY) to $3,000+/mo
6. Monitoring	Watch reputation, blocklists, inbox placement	Google Postmaster Tools, Microsoft SNDS, GlockApps	Free to ~$100/mo

The layers are listed in pipeline order — data flows top to bottom. But you should build them in almost the reverse order, because layer 3 takes 14-30 days to come online (warmup) while layer 1 takes an afternoon. Teams that buy an Apollo seat on Monday and start blasting on Tuesday are skipping the only layer with a hard time dependency, and it shows up as spam-foldered campaigns within weeks.

I've spent my career in large-scale infrastructure, and the thing that strikes me about the outbound stack is how much it resembles any other distributed system: each layer has a contract with the next one, and almost every production failure is a violated contract between layers, not a broken tool. I'll cover those failure modes near the end. First, the layers.

Layer 1: Data — Where List Quality Is Won or Lost

Your deliverability ceiling is set before you send a single email, because list quality determines bounce rate, spam-trap hits, and reply rate — the three signals mailbox providers weight most heavily.

The four tools that dominate this layer in 2026:

Apollo — the default for funded startups. A 270M+ contact database plus a built-in sequencer. Cheap per seat, decent coverage, but the data is community-sourced and ages: expect meaningful decay on emails for contacts who changed jobs. Fine as a starting point; never trust it raw.
Clay — not a database, an orchestration layer. It waterfalls multiple data providers per contact (try provider A, fall back to B, then C), runs enrichment and AI research per row, and exports wherever you want. Credit-based pricing that climbs fast, but waterfall enrichment routinely finds 15-30% more valid emails than any single provider because no one vendor has complete coverage.
ZoomInfo — the enterprise incumbent. Strongest on direct dials, org charts, and intent data; priced accordingly (annual contracts, five figures). Overkill for a seed-stage team; standard at 50+ sales orgs.
LinkedIn Sales Navigator — not an email source at all, but the freshest signal of where someone currently works. The highest-quality lists I see are built Navigator-first: define the account list and personas there, then enrich emails through Clay or Apollo.

The contrarian take: the data layer is the most over-purchased layer in the stack. Teams buy ZoomInfo and Apollo and Clay simultaneously, then send the same generic email to all of it. A 500-contact list built from a tight Sales Navigator search and waterfall-enriched will outperform a 50,000-contact database export on replies-per-send every time — and it won't torch your sending reputation in the process.

One structural rule: B2B contact data decays at roughly 2-3% per month as people change jobs. A list is not an asset you build once. Anything older than 60 days needs re-verification before it touches your sequencer.

Layer 2: Verification — The Cheapest Insurance in the Stack

Verification is a commodity service that removes invalid, catch-all, and disposable addresses before you send. ZeroBounce, NeverBounce, and Kickbox all do the job for $0.003-0.008 per address. The price of verifying a 10,000-contact list is about $40. The price of not verifying it is your sending domains.

Here's the mechanism, because "bounces are bad" undersells it. When a mailbox provider sees your domain hard-bounce repeatedly, it reads that as a sender who doesn't know their recipients — the defining behavior of a spammer working from a scraped or purchased list. Sustained bounce rates above 2-3% measurably degrade domain reputation, and the damage compounds: lower reputation means more spam-foldering, which means fewer opens and replies, which further lowers engagement signals, which lowers reputation again. One dirty list import can start a spiral that takes weeks of clean sending to reverse. Keep cold campaigns under 2%; treat 3% as an incident.

Three operational rules:

Verify at import AND at send time if more than 30 days pass between them. Data decay doesn't pause because the list is sitting in your sequencer.
Decide your catch-all policy explicitly. Catch-all domains accept everything, so verifiers can't confirm the mailbox exists — typically 15-25% of a B2B list. Sending to them raises bounce risk; excluding them shrinks your addressable market. Most teams send to catch-alls at reduced volume from their most expendable domains.
Never let an SDR or an AI agent bypass verification. Make it a pipeline step, not a habit.

I've compared the major verifiers' accuracy and pricing in detail in the email verification tools comparison if you're choosing one.

Layer 3: Sending Infrastructure — The Core of the Stack

This is the layer that determines whether anything else matters, and it's the one teams most consistently get wrong. Everything else in the stack is a SaaS subscription; this layer is actual infrastructure with DNS, reputation physics, and time constants you cannot pay your way around.

Secondary domains: never the root

Cold email gets sent from purchased secondary domains — variations like tryyourbrand.com or yourbrand-hq.com — never from your root company domain. The reasoning is pure blast-radius engineering: cold outreach will generate spam complaints and occasional blocklist entries even when it's well-run, and domain reputation damage is sticky. If that damage lands on the domain that carries your employee email, customer notifications, and password resets, you've created a company-wide incident out of a sales motion.

The pattern I see over and over with funded startups: they hire their first SDRs, point them at the root domain or a single under-provisioned secondary domain, push volume, and burn that first sending domain within about 90 days. The sequence is always the same — week 1-4 looks great, week 5-8 open rates sag, week 9-12 Gmail placement collapses and someone finally checks Postmaster Tools. The fix at that point isn't a fix; it's a rebuild on new domains with a fresh 30-day warmup, which means a quarter of SDR salary spent learning a $36 lesson (the cost of three domains).

Buy .com domains from a mainstream registrar, put a simple one-page site with a redirect on each, and set up forwarding for replies. Skip .xyz, .online, and other discount TLDs — they're overrepresented in spam corpora and filters know it.

The provisioning math

The math is fixed by mailbox-provider tolerance, and it hasn't materially changed since Google and Yahoo tightened bulk-sender rules in February 2024:

20-30 cold sends per mailbox per day. Beyond that, per-mailbox behavioral flags start accumulating regardless of content quality.
2-3 mailboxes per domain. More mailboxes on one domain concentrates risk and looks like exactly what it is.
So one SDR sending 150 emails/day needs ~6 mailboxes across 2-3 domains. A four-SDR team at the same pace needs ~24 mailboxes across 8-12 domains.

Scale that mentally before you commit to outbound targets. If the revenue model says "each SDR sends 300/day," the infrastructure bill says 12 mailboxes and 4-6 domains per SDR, plus warmup lead time. The volume target and the infrastructure budget are the same decision; most companies make them in separate meetings.

Authentication: SPF, DKIM, DMARC

Non-negotiable since 2024, when Google and Yahoo began requiring authentication for bulk senders and enforcing a 0.3% spam-complaint ceiling; Microsoft followed with equivalent SPF/DKIM/DMARC requirements for high-volume senders to Outlook in May 2025. In 2026, unauthenticated cold email isn't risky — it's undeliverable.

SPF authorizes which servers send for your domain. One record per domain, mind the 10-DNS-lookup limit.
DKIM cryptographically signs each message. Enable it in Google Workspace or Microsoft 365 admin — don't ship with the provider's default unsigned state.
DMARC tells receivers what to do when SPF/DKIM fail, and sends you reports. Start at p=none to collect data, move to p=quarantine once reports are clean. A missing DMARC record fails Gmail's bulk-sender requirements outright.

Set all three on every secondary domain on day one, before warmup starts. Authentication added after a domain has history doesn't retroactively repair anything.

Warmup: the 14-30 days you can't skip

New domains and mailboxes have zero reputation, and mailbox providers treat zero-reputation senders pushing volume as attackers. Warmup is the process of building send history gradually — low volumes, ramping over 14-30 days, with real engagement signals. Most teams use automated warmup networks built into their sequencer, though be aware these pools exist in a gray zone with mailbox providers and quality varies. The full process — schedules, ramp rates, and when a mailbox is actually ready — is in my domain warmup guide.

The only thing I'll add here: warmup is a calendar dependency, not a checkbox. Every outbound launch plan should have "domains purchased" and "first real send" separated by at least three weeks. I have never seen a compressed warmup that didn't get paid back with interest.

Google/Microsoft mailboxes vs. dedicated infrastructure providers

Two ways to provision the mailboxes themselves:

Google Workspace / Microsoft 365 ($6-14/mailbox/month): real business mailboxes with the strongest baseline deliverability, because you inherit Google's and Microsoft's sending infrastructure. The downside is administrative friction at scale — managing 24+ mailboxes across a dozen Workspace tenants is genuinely painful, and both providers have been more aggressive since 2024-2025 about suspending tenants that look like cold-email farms.

Dedicated cold-email infrastructure providers — Maildoso, Infraforge, Mailscale, Mission Inbox — emerged specifically to solve that scaling pain. They provision domains, mailboxes, and DNS automatically, typically at $1-4/mailbox/month at volume, with everything pre-authenticated. The trade-offs: you're sending from their infrastructure rather than Google's (placement varies by provider and by which receiving system you're targeting), and you're concentrated on a vendor whose entire IP space is dedicated to cold email. My read: defensible at 30+ mailboxes where Workspace admin overhead becomes a real cost, worth testing head-to-head against a Workspace control group rather than taking either side's marketing at face value.

This whole layer deserves more depth than one section — the complete cold email infrastructure guide is the full build-out, step by step.

Layer 4: Sequencer — The Control Plane

The sequencer is what makes 24 mailboxes behave like one coherent sending operation: Instantly, Smartlead, Apollo (if you're consolidating), lemlist, and Reply.io are the main options in 2026 at $37-100/user/month.

Three capabilities matter far more than the AI-writing features these vendors lead with:

Mailbox rotation. The sequencer spreads a 500-contact campaign across all connected mailboxes automatically, keeping each under its daily cap. This is the entire mechanism that makes the provisioning math from layer 3 workable.
Hard volume caps with ramp schedules. Per-mailbox daily limits that the tool enforces even when a human (or an AI agent) asks for more, plus gradual ramping for newly warmed mailboxes.
Custom tracking domains. Open/click tracking rewrites links through a tracking domain — and on the default shared tracking domain, your deliverability is chained to every other customer using it. Setting a custom tracking domain (a subdomain of each sending domain) takes ten minutes and removes a whole class of inherited-reputation failures. It's the most skipped checkbox in the entire stack.

Honestly, the rotation-and-caps core is commoditized — the meaningful differences between the two market leaders are in warmup quality, deliverability tooling, and pricing model, which I break down in Instantly vs Smartlead.

One warning: sequencers are also where bad decisions get amplified. The same tool that enforces 25/day/mailbox will happily let you override it to 100. Every setting that protects your domains is a setting someone under quota pressure can change. Treat sequencer config like production config — reviewed, not vibes.

Layer 5: The AI Layer — New Volume, Same Physics

Two distinct things hide under "AI for outbound" in 2026:

AI personalization — using LLMs (via Clay, sequencer-native features, or your own pipeline) to research prospects and draft openers at scale. Done well, this raises reply rates because relevance is the binding constraint on cold email. Done lazily — one prompt template across 10,000 rows — it produces text that is recognizably machine-patterned.

AI SDR agents — 11x, Artisan, AiSDR and a growing field — which automate the whole loop: sourcing, research, writing, sending, and reply handling. Pricing typically lands in the low four figures per month, positioned against an SDR salary.

Here's what actually changes in the math, and what doesn't:

What doesn't change: every constraint in layer 3. An AI agent's emails leave from the same mailboxes, on the same domains, subject to the same 20-30/day tolerance. Agents don't get special physics.
What changes: the failure rate. A human SDR ramps volume slowly because writing is slow. An agent can saturate your entire mailbox fleet on day one and will do so unless caps are enforced at the sequencer/infrastructure level — not in the agent's prompt. If your AI SDR vendor manages sending for you, ask exactly the layer-3 questions: how many mailboxes, on whose domains, warmed how, capped where.
The 2026-specific problem: content clustering. Gmail and Microsoft have gotten visibly better at identifying templated, machine-generated text across senders — near-duplicate AI emails get classified as a campaign cluster even when they're sent from a hundred different domains. Infrastructure rotation does not defeat content-level fingerprinting. If a thousand teams prompt the same model with the same "personalize this" template, they're all sending statistically similar mail, and filters trained on exactly this signature catch it at scale. The counter is genuine input variance: different research signals per prospect, not different adjectives.

My position, having watched this from the infrastructure side: AI multiplies whatever your stack already is. Sound infrastructure plus AI personalization is a real edge. Weak infrastructure plus machine volume is the fastest domain-burning machine ever built.

Layer 6: Monitoring — The Layer Everyone Skips Until It's Too Late

You cannot see your own deliverability from inside your sequencer. Open rates are a degraded proxy (image-blocking and privacy proxies distort them), and "delivered" only means "not bounced" — spam-foldered mail counts as delivered. The monitoring layer is how you find out what's actually happening:

Google Postmaster Tools (free): domain reputation, spam-complaint rate, and authentication results for mail sent to Gmail. Register every sending domain. Watch two numbers: spam rate (keep it under 0.1%; 0.3% is Google's enforcement line) and the domain reputation tier. A drop from High to Medium is your earliest actionable warning.
Microsoft SNDS (free): the equivalent telemetry for Outlook/Hotmail, keyed to sending IPs. Coarser data, still worth registering.
Blocklist monitoring: automated checks of your domains and IPs against Spamhaus and the other major lists, via your sequencer's built-in checks or a standalone watcher. You want to learn about a listing from an alert, not from a quarter of bad replies.
Placement testing (GlockApps and similar, ~$50-100/month): seed-list tests that show where your mail actually lands — Gmail inbox vs. Promotions vs. spam — per sending domain. Run it weekly per domain cohort and after any configuration change.

Total cost of this layer rounds to zero. The reason to set it up on day one is lead time: reputation declines show up in Postmaster Tools one to two weeks before reply rates make the problem undeniable, and early-stage reputation damage is recoverable in ways that late-stage damage is not.

How the Stack Fails: Misconfigurations Between Layers

Almost every outbound deliverability incident I get called into is a contract violation between two layers, not a broken tool. The recurring ones:

Data → Verification gap: the list was verified at import, then sat for 75 days while the campaign was "pending approval." Decay pushed real-world bounces past 3% even though the verifier said 99% valid. Contract: verification results expire in ~30 days.
Verification → Sending gap: catch-alls were marked "risky" by the verifier and sent anyway, at full volume, from the newest domains. Contract: risk-tiered addresses get risk-tiered sending.
Sequencer → Infrastructure cap mismatch: the sequencer's global daily limit was raised to hit a quota push, silently overriding per-mailbox ramp schedules on mailboxes that finished warmup four days earlier.
Shared tracking domain: custom tracking domains never configured; a stranger's spam run on the shared domain dragged down placement for everyone on it.
Auth set up once, never watched: a DNS migration dropped the DKIM selector records; DMARC was at p=none and nobody read the reports, so signing failed silently for six weeks.
AI → Sequencer feedback loop: an agent A/B-"optimizing" for replies kept escalating volume to the same catch-all-heavy segment because replies included bounce-backs it misclassified as engagement.
No monitoring at all: every one of the above discovered weeks late, from revenue impact instead of telemetry.

If you take one engineering habit from this article: write down the inter-layer contracts (max bounce %, max sends/mailbox/day, verification freshness window, tracking-domain policy) and audit them monthly. It's a one-page document that prevents most five-figure incidents.

Build vs. Buy, and When to Bring In an Engineer

A decision framework by stage:

Founder-led, under 50 sends/day. Buy nothing exotic. Two secondary domains, 4 mailboxes on Google Workspace, free verification credits, an entry-tier sequencer, Postmaster Tools. ~$75-150/month. Set it up yourself in a weekend plus warmup time — the learning is worth more than the time saved.

First SDRs, 150-600 sends/day. Buy the layers, own the wiring. Apollo or Clay for data, paid verification, 6-12 mailboxes per SDR-equivalent across dedicated domains, Instantly or Smartlead, weekly placement tests. ~$250-500/month per SDR-equivalent. This is the stage where the 90-day domain burn happens — usually because the stack was assembled tool-by-tool with nobody owning the contracts between layers.

Scaling team or AI agents, 1,000+ sends/day. Now it's an infrastructure program: dedicated mailbox providers vs. Workspace tested head-to-head, domain cohort rotation planned quarters ahead, DMARC reports parsed, monitoring automated with alerts. The tooling cost is still small; the design cost is real.

When to bring in an engineer rather than another tool: when deliverability dropped and nobody can say which layer failed; before an AI SDR rollout multiplies your send volume by 10x; when you're provisioning 30+ mailboxes and the admin model matters; or when DMARC reports, Postmaster data, and sequencer stats disagree and someone needs to reconcile them. Tools execute the stack — they don't architect it, and every vendor's default settings optimize for their churn rate, not your domain reputation.

That architecture-and-audit work is exactly what I do for funded startups and scaling sales teams. If you want your stack designed — or rescued — by someone who has no tool to sell you, see how I work with outbound teams.