Loading tutorials…
Loading tutorials…
Apollo's send infrastructure is fine. Your deliverability problems are 95% on your end — DNS, content, sending patterns, and reputation. This walks the full deliverability stack: authentication, monitoring, content rules, and recovery.
Who this is forApollo operators whose sequences show high opens but low replies, or whose test sends land in Promotions/Spam instead of Primary. Also setup-stage operators wanting to do deliverability right from day 1.
What you'll need
Step 1
SPF is a TXT record at the root of your sending domain. Lists which servers may send mail. Must be exactly ONE record, with all includes combined.
Open your DNS provider. Navigate to TXT records for the sending domain.
Add (or modify) the root TXT record: v=spf1 include:_spf.google.com ~all (for Google Workspace). For Microsoft 365: v=spf1 include:spf.protection.outlook.com ~all.
If you send from multiple providers, combine: v=spf1 include:_spf.google.com include:spf.protection.outlook.com include:sendgrid.net ~all
CRITICAL: only ONE SPF TXT record allowed at the root. Adding a second TXT record starting with v=spf1 breaks all SPF authentication. Recipient mail servers reject the email.
The ~all at the end means 'soft fail' — emails from unlisted servers are marked suspicious but delivered. Use -all (hard fail) only after 90 days of clean DMARC reports.
Validate at mxtoolbox.com → SPF Record Lookup → enter your domain. Result must be "SPF Record Found" with no errors.
Step 2
DKIM is a CNAME or TXT record at a selector subdomain (e.g., google._domainkey.yourdomain.com). Each mail provider has its own selector format.
For Google Workspace: Admin console → Apps → Google Workspace → Gmail → Authenticate email → Generate new record. Google provides a CNAME with selector "google" (e.g., google._domainkey.yourdomain.com).
For Microsoft 365: Microsoft Defender → Email & collaboration → Policies → DKIM → Enable DKIM for domain. Microsoft provides 2 CNAME records (selector1._domainkey, selector2._domainkey).
For each provider, add the CNAME (or TXT) record in your DNS exactly as specified. Wait 24-48 hours for DNS propagation.
In the provider admin, click "Start authentication" (Google) or "Enable" (Microsoft). The provider verifies the CNAME resolves correctly before activating DKIM signing.
Validate at mxtoolbox.com → DKIM Record Lookup → enter "google" (or your selector) and your domain. Result must show a valid public key.
Each new mail provider adds its own DKIM selector. They do not conflict — multiple selectors at different subdomains is correct.
Step 3
DMARC is a TXT record at _dmarc.yourdomain.com. It tells receivers what to do when SPF or DKIM fails. Start at p=none for 30 days of monitoring.
Add a TXT record at _dmarc.yourdomain.com with value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com; fo=1
p=none means "monitor only — do nothing." rua and ruf are email addresses for aggregate and forensic DMARC reports.
Set up DMARC report parsing. Free options: dmarc.postmarkapp.com (parses reports for you), EasyDMARC free tier. Paid: DMARCLY, Valimail.
Run for 30 days. Aggregate reports show which IPs sent on your behalf and whether SPF/DKIM passed.
After 30 days of clean reports (95%+ pass rate from legitimate senders): escalate to p=quarantine (failed messages go to spam folder). After another 30-60 days clean: escalate to p=reject (failed messages are bounced).
For cold outbound on a lookalike domain: p=quarantine is the typical end-state. p=reject is appropriate for transactional domains but risky if you accidentally have a legitimate sender unconfigured.
Step 4
Google Postmaster Tools and Microsoft SNDS show your reputation, spam rate, and authentication results from the provider perspective.
Google Postmaster Tools: postmaster.google.com → Add Domain → verify via TXT record. Wait 7-14 days for data. View Domain Reputation, IP Reputation, Spam Rate, Authentication.
Target Postmaster scores: Domain Reputation High, IP Reputation High, Spam Rate under 0.1%. Anything worse = active deliverability problem.
Microsoft SNDS: sendersnetwork.microsoft.com → request access (approval takes 5-10 days). Less detailed than Google but covers Outlook/Hotmail/Live audiences.
Sign up for a deliverability monitor (GlockApps, MailGenius, Mail-Tester). Run a test send to a seed audience monthly. The tool reports inbox placement per major provider (Gmail, Outlook, Yahoo, Apple).
Apollo Sequence Health: Apollo → Settings → Email Accounts → click the inbox → "Health Score." This is Apollo internal estimate — useful but less authoritative than Postmaster/SNDS.
Check weekly. React within 24 hours if Domain Reputation drops or Spam Rate exceeds 0.3%.
Step 5
Cold emails that trigger spam filters: heavy HTML, multiple links, large images, all-caps subject lines, no physical address in footer, no unsubscribe link.
Plain-text or minimal HTML: cold outbound emails should be ~95% text. No header images, no logo banners, no complex tables. Apollo defaults to plain-text-style HTML — keep it that way.
Link density: 1 link per email maximum (your CTA or calendar link). Multiple links trigger spam filters. NEVER include 3+ links in a cold email.
Images: do not embed. If you must reference an image, link out to it rather than embed. Embedded images are a major spam signal.
Subject line rules: no all-caps, no excessive punctuation (!!!), no spam words ("free," "guaranteed," "act now," "limited time"). Lowercase, conversational subjects perform best.
Footer: include physical mailing address (CAN-SPAM requirement) + clear unsubscribe link. Apollo auto-appends an unsubscribe link to all sequences — verify under Settings → Email Footer.
Test every new template at mail-tester.com before launching. Send the email to your mail-tester address; receive a score 0-10. Anything below 8 needs content fixes.
Step 6
Daily: bounces. Weekly: Postmaster + Apollo health. Monthly: GlockApps test. Quarterly: full audit (SPF/DKIM/DMARC, content, suppression).
Daily (5 min): check Apollo dashboard for bounce rate. Anything above 3% = pause sequences and re-verify contact data.
Weekly (15 min): check Google Postmaster Tools Domain Reputation + Spam Rate. Check Apollo per-inbox Health Score. Investigate any drops.
Monthly (30 min): run a GlockApps or Mail-Tester full deliverability test from each sending inbox. Score below 8/10 = content issue. Inbox placement below 90% Primary = reputation issue.
Quarterly (2 hours): full audit. Re-verify SPF (no stacking, under 10 lookups), DKIM (still validating), DMARC (escalated to p=quarantine if reports clean). Re-check suppression lists. Re-test all sequence templates.
Annual (4 hours): rotate sending inboxes. Old inboxes accumulate small reputation hits over time. Replace 1-2 inboxes per year with fresh-warmed ones to keep the inbox pool fresh.
Document the cadence. Without an operating rhythm, deliverability decays invisibly. A specialist runs this cadence in 2-3 hours/month total.
Common mistakes
Stacking multiple SPF records
What goes wrong: Adding a second TXT record starting v=spf1 (e.g., one for Google, one for SendGrid) breaks ALL SPF authentication. Both providers fail SPF checks. Email is rejected or marked spam. Apollo shows delivered but 30-60% never reach inbox. Wasted spend $500-2,000/month until detected.
How to avoid: ONE SPF record at root. Combine all includes: v=spf1 include:_spf.google.com include:sendgrid.net ~all
DMARC at p=reject without 60 days of monitoring
What goes wrong: Setting p=reject too early bounces legitimate email from senders you forgot about (CRM, billing system, partner integrations). Days or weeks of missed business email before you discover.
How to avoid: Run p=none for 30 days. Verify aggregate reports show 95%+ pass from legitimate senders. Move to p=quarantine for 30-60 days. Only escalate to p=reject after consistent clean reports.
No DMARC at all
What goes wrong: Gmail and Microsoft (as of Feb 2024) require DMARC on bulk senders (5,000+ emails/day to their users). Without DMARC, your emails are throttled or rejected at scale. Apollo dashboard shows delivered; recipients see nothing.
How to avoid: Configure DMARC at minimum p=none for monitoring on every sending domain. Required, not optional, as of 2024.
Embedded images in cold emails
What goes wrong: Image-heavy emails trigger Promotions tab placement (Gmail) or Spam (Outlook). Even a single embedded company logo can push email out of Primary. Reply rates collapse 40-60% in Promotions.
How to avoid: Plain-text or minimal HTML only. No images, no logo banners, no complex tables. Apollo defaults correctly — do not override with fancy templates.
No physical address or unsubscribe in footer
What goes wrong: CAN-SPAM Act requires physical address + clear unsubscribe in every commercial email. Missing either = legal exposure (FTC fines up to $51,744 per violation) + spam triggers.
How to avoid: Configure Apollo Settings → Email Footer with company name, physical mailing address, and unsubscribe link. Apollo auto-appends to all sequences.
No Google Postmaster Tools monitoring
What goes wrong: Domain Reputation drops to Low. You do not notice for 2-3 weeks because Apollo dashboard does not surface this. By the time you see plummeting reply rates, 3 weeks of cold sends have wasted budget AND further damaged reputation.
How to avoid: Postmaster Tools registration on day 1. Weekly review. React within 24 hours to Domain Reputation drops.
Recap
Done — what's next
How to set up an Apollo.io account the right way
Read the next tutorial
Hand it off
Deliverability is the highest-leverage skill in cold outbound — and the most easily neglected. A demand generation specialist will configure the full stack (SPF, DKIM, DMARC, monitoring, content compliance) and establish the operating cadence in 4-6 hours, typically $100-200. The ongoing 2-3 hr/month deliverability maintenance is included in most retainers ($800-2,000/mo).
See specialist rates
Authentication proves identity but does not control inbox placement. Promotions tab is content-based: Gmail classifies emails with marketing language, embedded images, multiple links, or sender-similar-to-marketers. Fix by simplifying content: plain text, 1 link, no images, conversational subject. Promotions placement can take 30-60 days to fully escape after content fix.
Apollo uses your inbox provider (Google/Microsoft) for sending — there is no separate Apollo sending IP. Your sending reputation is tied to the Google/Microsoft outbound pool plus your inbox-specific authentication. Dedicated IPs are not a relevant concept here; this differs from Mailchimp/SendGrid.
Mild damage (1-2 weeks of poor sending): 2-4 weeks of warm-up-only + clean content to recover. Moderate damage (4-8 weeks of poor sending): 60-90 days. Severe damage (blacklisted): often unrecoverable on that inbox; replace and start fresh on a different sending IP/inbox.
BIMI (Brand Indicators for Message Identification) shows your logo next to emails in Gmail. Nice-to-have for transactional/marketing, not necessary for cold outbound. Requires DMARC at p=quarantine or p=reject as prerequisite. Add after 90+ days of clean DMARC.
No. Apollo is a sequence tool; deliverability is your inbox provider + your DNS + your content. Apollo provides health-score visibility and reasonable defaults, but the actual deliverability work (DNS, monitoring, content) is on you.
Apollo.io
Apollo has the cheapest entry into B2B sales intelligence, but the default account configuration will silently torch your domain reputation. This walks the exact setup order that keeps your inbox warm and your credits efficient.
Apollo.io
Warm-up is the boring 6-8 weeks that determines whether your Apollo investment pays back. Skip it and you torch the inbox in week 2. This walks the exact ramp schedule, the tools, and the signals that tell you the inbox is ready for real sends.
Apollo.io
Sequences are where Apollo earns its $99/seat. They are also where most operators destroy their sender reputation. This walks the right step structure, cadence, personalization layer, and reply handling that books meetings without burning inboxes.
Apollo.io
Apollo reply rate below 2% means something is structurally wrong — and it could be any of 8 causes. This walks the diagnostic order so you fix root causes, not symptoms.
Apollo.io
DIY Apollo is a fine idea — until it isn't. This is the honest framework: when the cost of self-managing exceeds the cost of hiring, and how to tell which side you're on.