Table of contents
Example H2
Example H3
Example H4
Experience
Agent Frank

Get a uniquely crafted email delivered in your inbox in seconds

It's being carefully crafted by AI
Please check your mailbox
Something went wrong. Please try again
Learn more
Get insights delivered straight into your inbox every week!
Blog
Tutorials & Guides

Scaling Outreach: Google Workspace DNS Setup Guide

By
Carlos Ascanio
July 26, 2025
5 min read

Using Google Workspace for cold email campaigns can significantly improve your chances of reaching inboxes. But without proper DNS configuration, even the best emails risk ending up in spam. Here's what you need to know:

  • Why it matters: DNS records like SPF, DKIM, and DMARC authenticate your emails, protecting your domain reputation and boosting deliverability.
  • What you need: Access to your domain registrar, DNS management, and an active Google Workspace account.
  • Best practices: Use secondary domains for outreach, avoid spammy domain extensions, and warm up mailboxes gradually.
  • Automation tools: Tools like Primeforge can simplify DNS setup, saving time and reducing errors.

Properly setting up DNS records ensures your cold email campaigns land where they should - your prospect's inbox. Let’s dive into the details.

What You Need Before Setting Up DNS

Before jumping into DNS configuration, it’s important to have a few key items ready and make some strategic decisions about your domain. Being prepared can save you time and help you avoid common mistakes that might disrupt your cold email campaigns.

Essentials for DNS Setup

To get started with DNS setup, you’ll need three main things:

  • Domain ownership: You must have full administrative access to your domain registrar account, including login credentials. Without this, you won’t be able to make the necessary changes.
  • DNS management access: This is usually available through your domain registrar, but some domains are managed by third-party DNS hosts like Cloudflare or AWS Route 53. Make sure you know where your DNS zone is managed and confirm you have the rights to add, edit, or delete DNS records.
  • An active Google Workspace account: Google Workspace is required to configure specific DNS records. Without it, you won’t be able to complete the setup.

Before making changes, remove any existing MX, SPF, DKIM, or DMARC records from other services. Conflicting entries can lead to authentication problems or delivery issues. You’ll also need to verify your domain to prove ownership and prevent unauthorized use. As Google explains:

"We don't want someone else to use your domain to sign up for other domain-verified Google services. You can help us keep your domain safe by showing us that you are the owner."

Domain verification involves adding a TXT or CNAME record to your DNS settings. Google typically takes up to an hour to confirm the verification.

Why Use Secondary Domains for Outreach?

Once your DNS setup is squared away, it’s time to think about your outreach strategy. A key best practice for cold email campaigns is to avoid using your primary business domain for outreach. Instead, invest in secondary domains that are similar to your main domain but distinct enough to shield your primary domain’s reputation.

This approach protects your main domain in case a secondary domain gets flagged. Many outreach teams rotate several secondary domains to manage email volume and maintain deliverability.

When choosing secondary domains, pick names that align with your brand or campaign while keeping a professional tone. For instance, if your main domain is "techsolutions.com", you could use something like "techsolutions-outreach.com" or "gettechsolutions.com" for your emails. Before proceeding, ensure the domain isn’t blacklisted and plan to gradually increase email activity to build a strong sender reputation.

Choosing the Right Domain Extension

Your choice of domain extension can significantly impact deliverability. The .com extension remains the most trusted and widely used option, favored by over 50% of websites. It’s often the best choice for cold email campaigns due to its familiarity and credibility.

If a .com domain isn’t available, consider alternatives like .net or .io. The .net extension is trusted by many large email providers and offers reliable deliverability. Though .io domains tend to be more expensive, their lower association with spam can work in your favor.

On the other hand, avoid extensions like .xyz, .free, and .yx, as these are often linked to spam. If your campaign targets a specific country, a country-specific extension might help build local trust. However, it’s a good idea to test its deliverability in your target market first.

Cost is another factor to consider. For example, .io domains are typically more expensive than .com or .net options. Additionally, the age of a domain can influence deliverability - older domains with a clean history are generally less likely to trigger spam filters. If possible, consider purchasing an aged domain to improve your chances of success.

How to Set Up DNS Records Step by Step

Once your domain is ready, the next step is configuring your DNS records. This involves setting up three key types of records: MX records to route emails, and SPF, DKIM, and DMARC records for email authentication. These records are crucial for ensuring reliable email delivery and protecting your domain’s reputation.

Setting Up MX Records

MX (Mail Exchange) records are essential for directing emails sent to your domain to the correct mail servers. If you’re using Google Workspace, these records need to point to Google’s servers. Here’s how to set them up:

  1. Log into your domain registrar account and go to your DNS settings.
  2. Remove any existing MX records from other services to avoid conflicts.
  3. Add a new MX record with the following details:
Field Value
Type MX
Name / Host / Alias @ (or leave blank)
TTL Default or 1
Priority 1
Value / Destination smtp.google.com

If you’re using a legacy setup with multiple MX records and email delivery is working fine, no changes are necessary. Once you’ve saved the new MX record, enable Gmail in the Google Admin Console. Keep in mind that it might take up to 72 hours for these changes to propagate across all email servers.

After setting up MX records, move on to configuring SPF, DKIM, and DMARC records for better email security.

Configuring SPF, DKIM, and DMARC Records

Email authentication is critical for verifying the legitimacy of your messages and ensuring they aren’t tampered with. Here’s a breakdown of the three records:

  • SPF (Sender Policy Framework):
    This record specifies which mail servers are authorized to send emails on behalf of your domain. To set up SPF, add a TXT record with these values:
    • Host/Name/Alias: @
    • TTL: 3600 (or use your provider’s default)
    • Content: v=spf1 include:_spf.google.com ~all
  • DKIM (DomainKeys Identified Mail):
    DKIM adds a digital signature to outgoing emails, enabling receiving servers to verify their authenticity. To configure DKIM, go to the Google Admin Console, navigate to Apps > Google Workspace > Gmail, and click on "Authenticate email." Generate a new DKIM record and add the provided public key to your DNS records.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance):
    DMARC tells receiving servers how to handle emails that fail SPF or DKIM checks. According to Google, "DMARC helps protect users from forged email messages and lets you manage messages that don't pass SPF or DKIM." Before setting up DMARC:
    • Ensure that SPF and DKIM are properly configured.
    • Allow at least 48 hours for changes to propagate.
    • Start with a "none" policy to monitor activity and adjust to "quarantine" or "reject" based on the results.
    • Set up a dedicated mailbox for DMARC reports.

Checking DNS Propagation

After updating your DNS records, it’s important to verify that the changes have propagated across global servers. Propagation can take up to 48 hours. Tools like whatsmydns.net, DNSChecker, or the nslookup command can help you check the status of your DNS records (A, MX, CNAME, TXT) across multiple locations.

If you notice inconsistent results, try flushing your DNS cache or switching to an alternative DNS server.

Best Practices for Large-Scale Cold Email

Scaling cold email outreach successfully requires careful attention to DNS settings. The difference between emails landing in inboxes versus spam folders often hinges on following proven strategies that safeguard your sender reputation and improve deliverability.

Common DNS Setup Mistakes to Avoid

DNS errors can seriously harm email deliverability. Studies indicate that around 80% of companies fail to implement DMARC enforcement due to the complexities of DNS configurations. Avoiding these common mistakes can save your campaigns from setbacks that might take weeks to fix.

Even minor errors like an extra space or incorrect character in DNS text fields can result in failures. For example, a trailing space in an SPF record such as v=spf1 include:_spf.google.com ~all can cause email authentication to fail.

Another major issue is DNS's lack of error handling. Since it operates as a live, global system, there’s no built-in safety net. Many organizations only discover DNS problems after their email deliverability has already taken a hit.

To stay agile, set your TTL (time to live) to 6 hours or less, allowing faster updates when changes are needed.

At scale, DNS management becomes a continuous task. Adding or removing SaaS apps from your email authentication records requires constant updates, demanding ongoing attention from your technical team.

Additionally, the lack of immediate feedback complicates problem detection. While DMARC provides reporting features, interpreting these reports can be overwhelming due to their technical complexity and volume. Without the right tools or expertise, improving email security becomes a challenge.

Once DNS configurations are under control, the next step is managing your sending domains and mailboxes to further reduce risks.

Managing Mailboxes and Domains

Properly managing your mailboxes and domains is crucial for maintaining a strong sender reputation. A core principle here is distribution and isolation - spreading your email volume across multiple domains and mailboxes while safeguarding your primary domain.

Instead of using your main domain, always rely on subdomains like outreach.company.com. Each subdomain should have its own DNS records (DMARC, SPF, DKIM) and function independently.

When setting up new mailboxes, start small. Begin with 10–20 emails per day and gradually increase to 50–100 emails daily over 2–3 weeks. With an average email deliverability rate of 81%, proper warm-up is essential to avoid spam filters.

Distribute your email volume across multiple mailboxes. Limit each mailbox to 50–100 emails per day once warmed up. This not only reduces the risk of spam filtering but also provides backup in case one mailbox encounters issues.

Regularly cleaning your email list is another must. Every 30 days, remove inactive subscribers and validate email addresses. Considering that 30% of subscribers update their email addresses annually, this practice helps reduce bounce rates and maintain engagement. According to Google's Sender Guidelines, aim for a bounce rate below 0.41% and spam report rates under 0.3%.

Email providers now prioritize domain reputation over IP reputation. This means your domain’s sending history, authentication setup, and engagement metrics directly impact the deliverability of all emails sent from that domain.

Meeting New Email Authentication Requirements

Keeping up with evolving email authentication standards is critical for scaling outreach. Email providers like Gmail and Yahoo now enforce stricter authentication policies, requiring senders to implement robust practices to ensure message legitimacy and minimize spam.

Key steps include:

  • SPF Records: List all authorized sending sources while staying within the 10 DNS lookup limit. For Google Workspace users, ensure your SPF record includes include:_spf.google.com and ends with either ~all (soft fail) or -all (hard fail), depending on your confidence in the setup.
  • DKIM Keys: Each domain and subdomain must have its own DKIM signature. Use tools like the Google Admin Console to generate separate DKIM keys for every sending domain to maintain proper authentication.
  • DMARC Policies: Progress from p=none to p=reject as you gain confidence in your setup. DMARC enforcement is now a key requirement for email providers focused on reducing spam and unauthorized emails.

Monitoring and reporting are equally important. Set up dedicated mailboxes for DMARC reports (e.g., rua@yourdomain.com) and use tools to analyze the data. This helps identify authentication issues, detect unauthorized sending, and catch configuration errors before they impact deliverability.

To enhance security further, consider adopting DNSSEC. While not mandatory, it provides extra protection against DNS spoofing and cache poisoning. However, it’s worth noting that over 4% of domains using DNSSEC have encountered misconfigurations, so careful implementation is necessary.

As email providers continue to update their requirements, staying informed and adapting your DNS settings will help ensure your campaigns remain effective. Strong authentication practices are the backbone of scalable and reliable cold email outreach.

sbb-itb-be7a2e3

Automating DNS Setup with Tools

Manually configuring DNS records can be a headache, especially when managing large-scale cold email campaigns. It’s not just time-consuming - it’s also prone to errors. That’s where automated tools like Primeforge come in, simplifying the process and letting you focus on what really matters: creating impactful outreach campaigns.

Using Primeforge for Automatic DNS Setup

Primeforge

Primeforge takes the hassle out of DNS configuration for Google Workspace. It automatically sets up SPF, DKIM, and DMARC records in just about 30 minutes. Plus, it uses US-based IP addresses and includes features like animated GIF headshots, which can boost reply rates by 3%–15%. Even better, it integrates smoothly with popular email tools like Salesforge, making it a seamless addition to your workflow.

Manual Setup vs Automated Tools

The difference between manual DNS setup and automated tools like Primeforge is night and day. Manual configuration through platforms like Google Workspace or Microsoft 365 can take over 24 hours per domain and requires technical expertise to avoid mistakes. Primeforge not only saves time but also reduces the risk of errors with automated validation.

Feature Manual Setup Primeforge Setup
Time Required 24+ hours per domain 30 minutes
Error Risk High (no validation) Low (automated checks)
Scalability Limited High (bulk operations)
Compliance with Standards Manual monitoring Automated updates
Cost Savings None 46% savings

This comparison makes it clear: automation not only saves time but also ensures accuracy. Primeforge’s automated validation and testing guarantee that DNS records meet current authentication standards, avoiding costly errors.

How Agencies and Teams Benefit

For agencies juggling multiple campaigns, Primeforge is a game-changer. Its bulk DNS update capabilities, centralized management, and multiple workspaces make scaling outreach efforts much easier. With bulk operations, teams can update authentication records across numerous domains simultaneously, cutting down on technical overhead.

"I've been using a couple of other email infra forges for over a year and have been pretty impressed with deliverability... Stellar deliverability on Salesforge and spam tests always come back green! Excited to spin up some Outlook accounts soon also." - Rahul Lakhaney, Former VP, Gartner, now CEO @ Enrich.so and Maximise

Primeforge’s pricing is designed for scalability, ranging from $3.50 to $4.50 per mailbox per month. This cost-effective model allows agencies to provide dedicated mailboxes for each client while maintaining proper isolation. For even better results, agencies can combine Primeforge with other tools in the Forge Ecosystem. For example, Mailforge offers shared email infrastructure for broader campaigns, while Infraforge provides private, customizable solutions for clients with specific needs.

Conclusion: Building Scalable Email Infrastructure

Getting your DNS records set up correctly for Google Workspace is a must if you want your cold outreach campaigns to succeed. Without proper DNS configuration, even the most engaging emails can land in spam folders, putting your sender reputation at risk.

Here’s a reality check: the average email open rate across industries is 41.31%, and 69% of recipients might mark an email as spam simply because of its subject line. By setting up SPF, DKIM, and DMARC records correctly, you can significantly improve your chances of hitting open rates between 40% and 60%.

As your outreach grows, having scalable infrastructure becomes essential. Instead of overloading a single domain or inbox, spreading the workload across multiple domains and inboxes - referred to as horizontal scaling - allows you to handle larger email volumes without sacrificing performance. This approach also helps you stay compliant with regulations like GDPR and CAN-SPAM.

Beyond handling volume, a scalable setup enhances campaign performance. With the right foundation, you can improve email deliverability, personalize messages more effectively, and track key metrics like open rates, click-through rates, and responses. These insights fuel ongoing campaign improvements. Keeping inbox activity under 30 emails per account daily and refreshing your target lists every quarter are practical steps to maintain efficiency.

To make things easier, automation tools like Primeforge simplify DNS configuration. When paired with other tools in the Forge Ecosystem, Primeforge provides a complete email infrastructure solution that grows alongside your business.

Achieving cold outreach success starts with a strong and well-optimized DNS setup. Automation and strategic scaling are the keys to keeping your campaigns on track and delivering results over the long term.

FAQs

Why should I use secondary domains for cold email outreach, and how do they protect my primary domain's reputation?

Using secondary domains for cold email outreach is a smart way to protect your primary domain's reputation. Cold outreach often comes with challenges like high bounce rates, spam complaints, or even the risk of being blacklisted. By operating through secondary domains, you create a protective layer that shields your main domain from these potential issues.

This strategy helps ensure your emails continue to land in inboxes while safeguarding your brand's credibility. Think of secondary domains as your safety net - they let you expand your outreach efforts without jeopardizing the reliability and trust associated with your primary domain.

What challenges can arise with manual DNS setup, and how does automation with tools like Primeforge simplify the process?

When setting up DNS manually, it’s easy to stumble into issues like typos, misconfigurations, or forgetting key records such as SPF, DKIM, and DMARC. These errors can snowball into problems like emails landing in spam, poor deliverability rates, and even damage to your domain’s reputation.

That’s where automated tools like Primeforge come into play. They handle DNS configuration with precision, keeping records accurate, up-to-date, and aligned with best practices. This not only minimizes human error but also boosts email performance and saves valuable time - making it a smart choice for scaling cold email campaigns effectively.

How does the domain extension you choose impact email deliverability, and which ones work best for cold outreach?

The domain extension you pick plays a big role in email deliverability since spam filters and ISPs often associate certain extensions with either trustworthy or suspicious behavior. .com domains are generally seen as the safest choice for cold email campaigns because of their strong reputation and better deliverability rates. On the other hand, using newer or less common extensions can sometimes trigger spam warnings, putting your emails at risk.

To improve your chances of reaching inboxes, opt for a .com domain and make sure your DNS records are set up correctly. Pair this with strong sender reputation practices to boost your email performance. If you’re looking for an easier way to handle this, services like Primeforge offer automated DNS setup and customized email infrastructure tailored for cold outreach.

Related posts