Lead Generation

Buy a Burner Domain Before You Send a Single Pitch

Your company domain is not a marketing channel. It's a single point of failure for every invoice, contract, and password reset your business sends, and you're about to bet it on a cold list you bought last week. Most founders treat cold outreach as a deliverability problem: get the copy right, throttle the volume, watch the open rates. That framing is wrong, and it's wrong in an expensive way. Cold email isn't a deliverability problem. It's an asset-risk problem. The real question is not "how do I get this campaign into the inbox?", it's "what am I willing to lose if this campaign goes badly?" Because here's the part nobody tells you before you connect your main domain to a cold-email tool: the address your Stripe receipts, your client contracts, your calendar invites, and your bank statements all flow through is the same address you're about to use to message 2,000 strangers who never asked to hear from you. One trips the other. Never send cold-outreach volume from your primary business domain. Buy a separate lookalike domain (about $12), authenticate it, warm it for roughly two weeks, and treat it as a sacrificial sending asset you can throw away, so that when a campaign burns a domain's reputation, it burns a $12 throwaway and not the address your entire company runs on. That separation is the whole game, and almost nobody who's gotten burned wishes they'd skipped it.

Joshua Agonya Pi'Rwot

By Joshua Agonya Pi'Rwot

Founder, Business Growth Accelerator

Executive summary

Cold email from your main domain bets your company's entire deliverability on one campaign. Here's the burner-domain firewall that protects the asset.

Section 1

Key takeaways

• Your primary domain carries your transactional email, invoices, receipts, password resets, client comms, so a cold campaign that damages its reputation damages the operational core of the business, not just a marketing experiment. • Gmail acts when a sender of 5,000+ messages a day crosses a 0.3% spam-complaint rate; 0.1% is the warning zone and a sustained bounce rate above 2% alone triggers penalties, thresholds an un-warmed cold list can blow past in days . • Blacklisting doesn't shave deliverability, it collapses it: one documented case saw open rates fall from 35% to 4%, with the IP recovering in 2-4 weeks but domain reputation taking 6-12 weeks to rebuild . • A burned domain is contagious, persisting with a dead sending domain can spill over and damage the reputation of the other domains you own, including your main brand . • A burner domain costs about $12 and two weeks. A blacklisted main domain costs 6-12 months and possibly your entire email operation .

Section 2

Why your main domain is the most expensive thing you'll ever put on a cold list

Think about everything that physically leaves your company through one domain. Sales receipts. Stripe payment confirmations. Onboarding sequences for paying clients. Calendar invites. Contract-signing links. Password resets for your own team's logins. Support replies. The quote you sent a prospect who is forty minutes from saying yes. All of that is "transactional" or "relationship" email, mail people expect, mail they often need, mail that has to land in the inbox or money and trust evaporate. It is the load-bearing wall of the company's communications. You don't notice it until it cracks, and when it cracks, the whole house shifts. Now layer cold outreach on top of that exact same domain. Cold email is, by definition, mail the recipient did not ask for. A meaningful slice of any cold list will mark it as spam, bounce because the contact data is stale, or hit a spam trap. Each of those is a small deduction from your domain's reputation, the trust score mailbox providers like Gmail and Outlook assign to the sender behind the address. Reputation is the variable that decides whether your mail reaches the inbox, the promotions tab, the spam folder, or nowhere at all. The trap is that the reputation hit doesn't stay quarantined to your cold campaign. It attaches to the domain. So when your cold list drags the domain's score down, your invoices and receipts ride the same sinking score. You can run a flawless transactional setup for years and watch it get taken out by a single bad Tuesday of cold sends. This is the same load-bearing logic that makes a deliberate, qualified discovery process worth more than raw send volume, the asset you're protecting is downstream trust, not this week's open rate.

Section 3

How tight are the tripwires, really?

Tighter than founders assume, and the thresholds are public. Since February 1, 2024, Google requires any sender of more than 5,000 messages per day to Gmail accounts to authenticate with SPF, DKIM, and DMARC (the three records that prove your mail actually comes from your domain) and to "keep spam rates reported in Postmaster Tools below 0.3%," with 0.10% the recommended ceiling . Read that as a number, not a guideline. At 0.3%, you're allowed three spam complaints per thousand messages before Google starts acting against you. At a 10,000-message campaign, that's a budget of thirty complaints across the entire send. A cold list of strangers can produce that before lunch. Independent reputation analysis lands on the same line: Gmail's action threshold is a 0.3% complaint rate, "0.1% is considered the warning zone," and separately, "a sustained bounce rate above 2% will trigger reputation penalties" . The bounce figure matters because it doesn't even require anyone to be annoyed. If you bought a list and a chunk of the addresses are dead, which is the normal condition of bought lists, you can clear the 2% bounce tripwire on volume and data rot alone, no complaints required. So the picture is: a sender doing real cold volume is operating inside a complaint budget of roughly one to three per thousand and a bounce budget of two per hundred, on a list of people who didn't opt in, using data of unknown freshness. That is not a margin. That is a wire. And the moment you walk that wire from your main domain, the thing underneath you isn't a marketing experiment, it's your company's entire email operation. If you haven't pressure-tested whether your outreach motion even belongs on cold volume yet, the growth diagnostic is a faster way to find that out than a blacklisting.

Section 4

What "burned" actually costs, in weeks, not adjectives

The reason "just be careful" is bad advice is that the downside isn't linear. When a domain crosses the line, deliverability doesn't degrade gently. It falls off a cliff. A documented blacklisting case shows the shape of it: open rates "dropped from 35% to 4% following blacklisting" . Sit with that ratio. Not 35% down to 28%. Down to 4%. Nine out of ten messages that used to reach a human now reach nothing. If that domain is also carrying your receipts and client mail, your clients are now in the 4% bucket too, which is the operational version of your phone line going dead while the bills keep arriving. Then comes recovery, and recovery is where founders discover the trap fully closes. There's a comforting half-truth that you can "just get delisted." Delisting is genuinely fast, Spamhaus and similar blacklists can remove you in a day or three once you fix the cause. But delisting is not the same as recovery. In that same case, the IP recovered in 2-4 weeks while "domain reputation takes 6-12 weeks" to rebuild . The blacklist removes your name from a list quickly; the mailbox providers' trust score forgives you slowly. Delisting is fast, reputation is slow, and it's the slow clock that's punishing your business. Stack the severity tiers and the case for treating the domain as expendable gets blunt. Recovery time scales with damage: a domain in severe condition is looking at 8-16 weeks of rehab and "may not fully recover," and a blacklisted business domain should plan for "6-12 months after delisting" . Six to twelve months. For a service business that books revenue through email, proposals, contracts, follow-ups, that is not an inconvenience, it's a structural revenue event. This is precisely why the operators who do high outreach volume don't try to nurse a damaged domain back to health. They've already decided the domain was disposable, because the math of nursing it never beats the math of replacing it.

Section 5

The contagion problem: a dead domain doesn't die alone

Here's the failure mode that turns a contained mistake into a spreading one, and it's the part founders almost never see coming. The instinct, once a sending domain starts struggling, is to keep pushing, warm it harder, slow the sends, try to claw the reputation back. That instinct is what makes the damage spread. As Hugo Pochet, co-founder of Mailpool and a cold-email deliverability expert, puts it: "Persisting with a dead domain can also damage your sender reputation for other domains you own" . Reputation isn't scored in perfect isolation. Mailbox providers connect signals, shared infrastructure, related domains, the same registrant fingerprints, and a domain you keep flogging while it's tanking can bleed into the reputation of the other domains under your roof. If those other domains include your main brand, you've just converted a single dead sending domain into a threat against the asset you were trying to protect in the first place. The "I'll fix it" reflex is the thing that takes the house down. This is the strongest possible argument for separation as the default, not the cleanup plan. The point of a burner isn't only that it absorbs the hit when a campaign goes wrong. It's that it gives you the freedom to do the right thing when one goes wrong, to walk away from a $12 domain instead of staying chained to a burning one because it shares a name with your invoices. Knowing when to stop is itself a system decision, and it's the same discipline that separates follow-up that compounds from follow-up that just decays into noise.

Section 6

The BGA framework: The Burner Domain Firewall

The fix is structural, not tactical. You're not trying to send cleaner email from one domain, you're building a firewall that decides, in advance, what can ever touch what. Three layers. 1. The ASSET layer, the domain you never send cold from This is your real company.com. It carries transactional and relationship mail only: receipts, invoices, contracts, client communication, calendar invites, password resets, support. Treat it like production infrastructure. The rule is absolute and has no exceptions: zero cold volume, ever, leaves this domain. Not "a small test." Not "just the warm-ish leads." Authenticate it properly with SPF, DKIM, and DMARC , keep it pristine, and accept that its only job is to be boringly, permanently trustworthy. The asset layer's value is measured in years of clean reputation, and you protect that by never gambling a day of it. 2. The BURNER layer, the sacrificial lookalike you actually send from Buy a separate domain that resembles your brand: get-company.com, company.co, trycompany.com, company-hq.com. About $12. Authenticate it from scratch (SPF, DKIM, DMARC), set up the mailboxes, and warm it for roughly 14 days before it sends a single cold message, meaning you ramp it gradually with low-volume, reply-generating sends so mailbox providers see a normal, trusted sender emerge rather than a brand-new domain that instantly blasts a thousand strangers. One caveat that catches people: do not try to shortcut this with a subdomain of your main domain (mail.company.com). A subdomain does not insulate the root, damage on the subdomain can reach back to the asset you were trying to wall off, which defeats the entire purpose. It has to be a genuinely separate domain. 3. The BLAST RADIUS rule, rotate, expect to burn, throw away This is the mindset that separates operators from amateurs. The goal is not to never burn a domain. At real volume, you will eventually burn one, the tripwires are too tight and the lists too imperfect for "never" to be a plan . The goal is to make sure that when one burns, it's a $12 domain you delete, not the address your bank statements arrive at. So run 3-5 warmed burner domains in rotation, split your volume across them, and keep a clean one warming in the background as a replacement. When a burner's metrics start sliding toward the 0.3% complaint or 2% bounce lines , you don't nurse it and you don't let it bleed onto your other domains, you retire it and rotate the next warmed domain in. The recovery math makes this obvious: nursing a blacklisted domain is a 6-12 month project ; replacing a burner is a two-week one. You're choosing which clock to run. The sub-frame to keep in your head through all three layers: delisting is fast, reputation is slow . Every decision in this firewall is built to keep the slow clock, the one mailbox providers run on your trust score, pointed at a disposable asset and never at the load-bearing one. This is the same separation-of-concerns logic that runs through how the qualification layer protects the closing layer in a real sales system: you don't let a high-risk activity contaminate a high-value one just because they happen to live next to each other. A worked picture: a five-person consultancy wants to run 1,500 cold sends a week to fill its pipeline. The wrong version connects consultancy.com to a sending tool and lets it rip, and if that campaign trips the line, the next client proposal lands in spam for three months . The firewall version spends roughly $36 on three lookalike domains (get-consultancy.com, consultancy.co, try-consultancy.com), warms them over two weeks, splits the 1,500 sends across them, and keeps a fourth warming. When one starts sliding in month two, it's deleted and replaced inside a week. The main domain never sees a single cold send, the proposals always land, and the worst-case loss is a $12 domain and a few days. That's the entire trade: a rounding-error cost to take an existential risk off the table. The scripts, rotation schedule, and warm-up checklist for running this live as a system sit in the template pack, and the broader demand-side build is in the LeadOS playbook.

Section 7

You're running The Burner Domain Firewall right when…

You're running it right when a teammate could not, even by accident, send a cold campaign from your primary domain, because nothing cold is connected to it and the rule is written down, not remembered. You're running it right when you own 3-5 warmed lookalike domains, you know which one is currently carrying volume and which one is warming in reserve, and you can name the metric (complaint rate creeping toward 0.3%, bounce rate toward 2%) that triggers a rotation . You're running it right when the question "what happens if this campaign burns a domain?" has a boring answer, "we delete a $12 domain and rotate in the next one", instead of a frightening one. And you're running it right when your invoices, receipts, and client mail have never once shared a sending reputation with a stranger you cold-emailed, because the firewall decided, long before any campaign launched, that they never would.

FAQ

Direct answers for operators.

Why can't I just warm my main domain carefully and send cold from it?

Because warming controls how fast you ramp, not whether recipients complain or your list bounces. A careful warm-up still leaves you operating inside Gmail's 0.3% complaint budget and 2% bounce budget on a list of people who didn't opt in . If you cross those lines, the damage lands on the domain carrying your invoices and client mail, and recovery for a blacklisted business domain runs 6-12 months . The warm-up reduces the odds of a fast death; it does nothing to cap the downside. Separation caps the downside.

Is a subdomain like mail.company.com a safe alternative to buying a separate domain?

No. A subdomain does not reliably insulate your root domain , so reputation damage on the subdomain can reach back to the main brand you were trying to protect, which defeats the point of the exercise. The firewall only works if the sacrificial layer is a genuinely separate, lookalike domain you can delete without touching company.com.

How many burner domains do I actually need?

For steady cold volume, run 3-5 warmed lookalike domains in rotation, with at least one clean domain warming in reserve. Splitting volume keeps any single domain well under the complaint and bounce thresholds , and the reserve means that when one slides toward the line, you can retire it and rotate the replacement in within a week rather than pausing your pipeline. At roughly $12 a domain, the full setup is a rounding error against a 6-12 month recovery .

A burner is getting flagged, should I try to recover it?

Almost never. Delisting from a blacklist is fast (often 24-72 hours), but rebuilding the trust score that actually decides inbox placement takes 6-12 weeks even in a recoverable case, and severe damage may never fully recover . Worse, persisting with a dying domain can spill over and damage the reputation of your other domains . Retire it, rotate in a warmed replacement, and spend the two weeks warming a new one instead of the three months nursing a dead one.

Joshua Agonya Pi'Rwot

Written by

Joshua Agonya Pi'Rwot

Founder, Business Growth Accelerator · Country Director, AVODA Group Uganda · EMBA

Joshua helps service-business operators turn scattered marketing into a clear path from first attention to booked call. He is Founder of Business Growth Accelerator and Country Director of AVODA Group Uganda.