The H1 2026 Cold Email Deliverability Report

Cold email deliverability in H1 2026 is bounded by Gmail and Yahoo's enforced sender rules, Microsoft Outlook's May 5, 2025 bulk-sender enforcement, and platform-side outreach caps at the investor databases founders use. Land in the inbox by treating each domain as a 20-email-per-day asset, splitting infrastructure 50/50 across Google Workspace and Office 365, and warming for at least two weeks before any cold send.

• The sender rules that broke cold email in H1 2026
• Cold email deliverability per-domain limits
• How many cold emails per domain per day
• Domain warmup and the Google Yahoo sender rules
• DMARC, DKIM, SPF: the authentication floor
• Why founder cold email fails differently than SDR teams
• The inbox placement stack to run in 2026
• Why this matters for your raise
• FAQ

Most cold email guides assume the reader runs an SDR team firing 10,000 messages a week through a paid prospecting suite. Founders raising a seed round do not. Cold email deliverability in H1 2026 is now governed by sender rules at Gmail, Yahoo, and Microsoft Outlook that bit hard once enforcement landed, plus platform-side outreach caps inside the investor databases founders rely on. The honest answer to "how do I land in the inbox" looks different at founder volume than at agency volume, and the top-three ranking guides on this query are still written for the agency case.

This report is the founder-grade view. Per-domain volume math, the authentication floor, warmup discipline, and the rotation that keeps reputation intact when you are pitching 200 investors over a quarter rather than 200,000 prospects over a week.

The sender rules that broke cold email in H1 2026

The 2024 Gmail and Yahoo sender requirements plus Microsoft Outlook's May 5, 2025 enforcement are the floor every sending domain now sits on, founder mailboxes included. None of the three providers care that you are sending 30 thoughtful investor notes rather than 30,000 templated cold pitches. They check the same authentication records, watch the same spam-rate trend lines, and treat any unauthenticated mail from a new domain as suspicious by default.

The practical shift is that provider-side classifiers no longer give brand-new domains the benefit of the doubt. Where a 2022 cold campaign from a fresh domain might have squeaked into the Promotions tab, a 2026 cold campaign from the same fresh domain routes to spam. The signal-to-noise ratio at the providers has tipped, and unauthenticated low-reputation senders are now the default-suspect category.

There is also a second-order effect. Investor outreach platforms watched the same enforcement land and tightened on their side. As of March 5, 2026, OpenVC caps platform-wide investor outreach at 5 messages per 24 hours for Premium users and 1 per 24 hours for Free users, with the first submission on a new email always blocked for 24 hours. The cap is not a paywall trick. It is the platform protecting its own sender reputation now that providers grade aggregators in roughly the same way they grade individual senders.

Cold email deliverability per-domain limits

At founder volume, the binding constraint is not "how many emails can I send" but "how many domains and mailboxes does my target daily volume require." The math is structural, set by what each major provider treats as a normal personal-account send rate before it starts grading the sender as bulk.

The table below is the operational version of the rules, anchored in OpenVC's 2026 founder guide.

Read the table as a single budget. Pick a daily volume, then back into how many mailboxes and how many domains the volume implies. That is the entire infrastructure-side conversation.

How many cold emails per domain per day

For a founder running cold investor outreach as the only outbound motion, the practical ceiling is 40 cold sends per domain per day, which is two mailboxes at 20 sends each per OpenVC. Above that, you are running a bulk operation and the providers will eventually grade it as one.

The math compounds quickly. OpenVC walks through it directly: to reliably send 500 cold emails per day, a founder needs roughly 25 mailboxes across 13 dedicated domains. Not 13 aliases on the company domain. Thirteen separately purchased domains, each authenticated, each warmed, each rotated. That is what a "500 sends a day" plan actually looks like once you respect the per-domain ceilings.

Most founders should not be at 500 per day. YC partner Aaron Epstein's funnel math from the YC Startup Library frames the personal-sending expectation as "dozens of emails per day, possibly even 50 per day" when cold email is the primary outbound motion. Two warmed mailboxes on a single brand-domain covers that. The rotation conversation becomes load-bearing only when you scale past one founder's personal output.

For an investor raise specifically, the volume is even smaller. A seed round in 2026 with the median post-money SAFE cap landing around $10 million per Carta's State of Pre-Seed: 2025 in Review typically targets 60 to 150 investors over a quarter. That fits inside a single, well-authenticated, well-warmed sending domain. The 13-domain rotation belongs to a sales-outbound problem, not a fundraising one.

Domain warmup and the Google Yahoo sender rules

A new domain is guilty until proven legitimate, and the only proof providers accept is reputation built over time with low-risk, two-way traffic. OpenVC's 2026 guide sets the floor at a minimum two-week warmup before any cold send, with the automated warmup tool left running after campaigns launch.

Warmup works by mimicking what a real human's mailbox looks like to the providers. Inbound, outbound, replies, mark-as-important, and folder movement, all at a slow ramp. The 2024 Gmail and Yahoo sender requirements and the 2025 Microsoft Outlook enforcement all look at the same shape of signal. Brand-new domain plus immediate burst of outbound plus zero inbound equals spam-folder routing, every time.

The hidden trap is that the warmup clock resets when you change the sending pattern. Doubling daily volume the week after launch, switching from warmup tool A to warmup tool B mid-campaign, or moving from one outbound platform to another all read as "something changed, reassess." Founders who set up warmup correctly and then break it three weeks later are the common 2026 failure mode.

✅ Good: A 220-word note that opens with a specific thesis match, attaches one metric, and asks for a 20-minute call. Lands because the content classifier reads it as personal, not bulk. ❌ Bad: An 1,800-character executive summary pasted into the body with three inline images and a Calendly link. Reads to filters as a marketing newsletter, not a founder outreach.

The under-1,000-character rule from OpenVC is not arbitrary. Long messages with images, tracking links, and external CTAs share every structural signal with newsletter content. Short messages with a name, a sentence of context, and a single ask share every structural signal with personal correspondence. The provider classifiers are pattern matchers, and you want yours to match the pattern you actually are.

DMARC, DKIM, SPF: the authentication floor

You do not get to skip authentication because your volume is low. OpenVC's 2026 guide is explicit: without SPF, DKIM, and DMARC all passing on every cold-sending domain, founder emails routinely land in spam regardless of copy quality. Authentication is the gate. Volume sits behind it.

Each record does a different job. SPF tells receiving servers which IPs are allowed to send mail on your domain's behalf. DKIM cryptographically signs each outbound message so receivers can verify it has not been altered and actually originated from the claimed sender. DMARC sits on top, telling receivers what to do when SPF or DKIM fails, and where to send reports about the failures.

For a Google Workspace sending domain, the minimum DNS records look roughly like this:

example.com.        TXT   "v=spf1 include:_spf.google.com ~all"
google._domainkey.example.com.   TXT   "v=DKIM1; k=rsa; p=<your public key>"
_dmarc.example.com. TXT   "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"

Microsoft 365 uses different include and selector values, which is why splitting infrastructure 50/50 across Google Workspace and Office 365 per OpenVC's guidance means setting up two parallel sets of records, one per provider, per sending domain.

A few non-obvious authentication rules that matter in H1 2026:

• DMARC policy must move past p=none. Providers increasingly read p=none as "owner has not bothered." Move to p=quarantine once you have a clean DMARC report week, and consider p=reject for production sending domains.
• One DMARC record per domain. Multiple _dmarc TXT entries silently fail. Validate with a DMARC checker after every DNS change.
• DKIM selector rotation. Rotate selectors at least annually. Stale DKIM keys are a low-grade trust signal at every major provider.
• BIMI is optional but trust-positive. A verified BIMI record with your company logo is not load-bearing for inbox placement, but it is a free trust nudge once DMARC is at p=quarantine or stricter.

The non-negotiable is the holistic pass. SPF alone is insufficient. DKIM alone is insufficient. DMARC over a failing SPF result is worse than no DMARC at all, because the receiver now has an enforced policy that says "quarantine my own mail."

Why founder cold email fails differently than SDR teams

The top-three deliverability guides on this query are all written for SDR teams, and the advice misfires for founders in three specific ways.

First, founders care about reply quality, not reply rate. An SDR team optimizing for 4% reply rate at 50,000 sends is happy with 2,000 replies, half of them no-thank-you. A founder optimizing for a single check from a relevant Pre-Seed VC needs 5 substantive replies from 60 sends. Deliverability advice tuned for the SDR model encourages volume strategies that actively hurt the founder case.

Second, founder reputational risk is non-fungible. First Round Capital reports backing 500+ early-stage teams to date. The investor community at any single firm is small enough that one spam-flag on one partner's inbox lands on every other partner's mental model of you. Bulk-style infrastructure for a 60-investor founder send is a misallocation of risk: more domains, more rotation, more places where a misconfiguration can earn you a spam-flag on a name you cared about.

Third, founder sends are not cold the way SDR sends are cold. YC's Michael Seibel's standing rule on cold investor email is that it must be readable in 60 seconds, sent from a named company-domain address, and that opens, not replies, are the metric that matters. A founder cold email is closer to founder-led sales as described in First Round Review's Sentry essay than to SDR outbound: the operator does the sending, but reputation hygiene, a real company domain, and no scraped lists are what keep replies flowing.

The composite point: at founder scale, you optimize for the smallest infrastructure that lets every send look unambiguously personal to provider classifiers. Not the largest infrastructure that lets you hit a volume target.

In H1 2026, sending 500 legitimate cold emails per day requires roughly 25 mailboxes across 13 dedicated domains. The volume math is now the strategy.

The inbox placement stack to run in 2026

For a founder pitching a seed or pre-seed round, the deliverability stack that holds up in H1 2026 has five components.

• One brand-domain mailbox plus one alternate-domain mailbox. Most founders never need more than this. The brand domain handles reply-prone investor outreach, the alternate handles colder outbound. Both authenticated, both warmed, both inside per-domain caps.
• SPF, DKIM, and DMARC at p=quarantine minimum. Validated weekly during the active raise. DMARC reports give you the first warning sign of a provider downgrading your reputation.
• A warmup tool kept running after launch. Two weeks of pre-send warmup is the floor per OpenVC; leaving the warmup tool live in the background keeps the reputation signal alive when send volume dips during dry weeks.
• Bounce-rate monitoring under 1%. OpenVC's guide treats this as the inflection point. Above 1%, providers move you toward the spam folder fast. Verify every address before you send, and accept that 20 to 40% of any scraped list is dead on arrival.
• Sub-1,000-character message bodies, plain text, no images, one link maximum. A founder cold email that visually resembles a marketing newsletter gets classified as one. Plain text from a named address with a single contextual link is the shape providers route to the inbox.

What you do not need in 2026: a deliverability platform's "spam test" subscription, a Mailreach paid plan during a small raise, or a third sending domain on the theory that it spreads risk. At fundraising volume those tools add cost and operational surface without changing inbox placement.

There is a separate question of whether you should be cold emailing at all. YC's Pete Koomen tells founders in his enterprise sales talk that cold email is "usually the least efficient way of getting prospects' attention," and prioritizing warm intro paths before scaling volume is the right default. For investor outreach specifically, that calculus is different: warm intros to relevant funds are rare, the addressable European pool is large at the $45B in tech investment Atomico tracked in 2024, and a well-targeted cold note from a named company domain still draws a 40% reply rate through pre-authenticated infrastructure like OpenVC's database of 16,000+ investors. Cold is alive at fundraising volume. It is shrinking at sales volume.

Why this matters for your raise

Deliverability is the prerequisite for the entire cold-investor-outreach motion that fundraising at the seed stage now depends on. If your sends are routing to spam, the rest of the playbook does not exist. Authentication, warmup discipline, and per-domain caps are not optional infrastructure; they are the ticket to having a fundraising conversation at all.

The compounding risk is reputational, not technical. The seed and pre-seed VC universe is small. The same partners read the same theses at the same firms, and a spam-flag on one of them propagates inside that community fast. Get the deliverability stack right once, before the raise, and the next 90 days of pitching are a copy and targeting problem. Get it wrong, and you spend the raise window debugging DNS records instead of running founder-investor meetings.

If you are pitching more than 50 investors over a quarter, tools like Causo handle the warmup discipline, per-domain rate management, and authentication checks as part of the investor-outreach flow, so the deliverability stack stops being a separate project.

FAQ

What are the email sender rules in 2026? Gmail and Yahoo's 2024 bulk-sender rules and Microsoft Outlook's May 5, 2025 enforcement are the floor. Every sending domain needs passing SPF, DKIM, and DMARC, a spam-rate trend well under the platform thresholds, and a working one-click unsubscribe path on anything that resembles a list send. Founder volumes do not exempt you from any of these checks.

How do you avoid the spam folder in 2026? Use a real company domain with full authentication, keep the message under 1,000 characters, warm the domain for at least two weeks, and cap each mailbox at 20 cold sends per day per OpenVC. Skip image attachments, tracking links, and Calendly URLs in the first touch.

How many emails per domain per day? At founder volume, no more than 40 cold sends per domain per day, which is two mailboxes at 20 sends each per OpenVC. To reliably send 500 messages per day legitimately, you need roughly 25 mailboxes across 13 dedicated domains.

Is cold email deliverability getting harder? Yes. After the 2024 Gmail and Yahoo sender rules and Microsoft's May 5, 2025 enforcement landed, providers now treat anything resembling templated outbound as bulk. Even fundraising platforms like OpenVC added their own platform-side rate limits in March 2026, so the rules tightened on both sides of the wire.

Do I need DMARC, DKIM and SPF if I'm just cold emailing a few investors? Yes, all three. OpenVC reports that without SPF, DKIM, and DMARC all passing, founder emails routinely land in spam regardless of copy quality. Volume is not the gate; authentication is, and unauthenticated mail from a brand-new domain reads as suspicious to every major provider.

Related on the hub

• Go to market strategy seed founders can execute in 2026 — for when the playbook turns into a raise.
• The first sales cold email for founders in 2026 — Related cold outreach guide.
• The H1 2026 AI Sales Outreach Report — Related cold outreach guide.
• The H1 2026 Cold Email Benchmark Report — Related cold outreach guide.