Sidekick
Day 14 Drop · The Slam
★ Playbook · The 2-Week Mark ★

Golden
email.

Two back-end moves quietly decide whether your email lands in the inbox or rots in spam: authenticate your domain (SPF, DKIM, DMARC — simplified) and warm up your sender before you scale. Do them in order and your reputation survives real volume.

1 · Authenticate 2 · Warm Up Free · No Signup
Build my warmup plan →
★ Day 14 · 2-Week Mark ★

That's two full weeks of the Sidekick Summer Slam — one free tool every single day. To celebrate, we're handing you the unglamorous setup that makes every other marketing tool actually work: getting your email seen.

Your best email is worthless if it lands in spam.

You can write the perfect offer, design a beautiful template, and segment your list like a pro — and none of it matters if the mail server quietly files it under junk. The customer never sees it. You never even know.

Deliverability is decided before your email is opened — by two things most owners never set up: proof that you're really you (authentication), and a track record that you're not a spammer (warmup). Skip them and you can torch a brand-new domain on day one — and a burned sending reputation is slow and painful to rebuild.

Get them right and you've built a quiet asset: a sending reputation that holds up when you finally scale.

~1 in 6
legitimate marketing emails never reach the inbox industry-wide
0
warnings you get — spam filtering is silent by design
Day 1
is exactly when most new domains get burned by blasting cold
2 moves
fix the vast majority of self-inflicted deliverability problems

★ The 2 moves — in order

  1. Authenticate the domainSPF · DKIM · DMARC. Prove the mail is really from you. Do this first — warming an unauthenticated domain just teaches filters to distrust you faster.
  2. Warm up the senderStart small, ramp slowly, earn engagement. Teach the inbox providers you're a real human sending wanted mail — then scale.
Part 1 · The Inbox Setup Guide

Authenticate it. (SPF · DKIM · DMARC, simplified.)

Three short text records you add to your domain. Sounds like IT homework — it's really just three ID checks that prove your email is really from you. Here's each one in plain English, why it matters, and the exact steps.

SPF

SPF

★ The guest list

A public list of which servers are allowed to send email for your domain. If a server isn't on the list, receivers treat the mail as suspicious. Stops random servers from spoofing your name.

DKIM

DKIM

★ The wax seal

A tamper-proof signature stamped on every message. The receiver checks the seal against a public key on your domain. If the mail was altered or faked, the seal breaks and it gets flagged.

DMARC

DMARC

★ The bouncer's orders

Your instructions for what to do when a message fails the first two checks — let it through, send to spam, or reject it outright. Also emails you reports on who's sending as you.

What it is

A single TXT record on your domain listing the mail services authorized to send on your behalf (your email host, your CRM, your invoicing tool, etc.).

Why it matters

Without it, anyone can send email pretending to be your domain — and receivers have no way to tell real from fake, so your real mail gets treated with suspicion too.

The exact steps

  1. Log in to wherever your domain's DNS lives (your registrar — GoDaddy, Namecheap, Cloudflare, etc.).
  2. Find DNS / DNS Records / Manage Zone.
  3. Add a new TXT record. Host/Name = @ (your root domain).
  4. Paste the SPF value for your email provider. Combine providers into one SPF record — never create two.
  5. Save. Allow up to a few hours for DNS to update, then test it.
Example — Google Workspace
v=spf1 include:_spf.google.com ~all
★ One SPF record only. To authorize multiple senders, nest their include: bits inside the same record, e.g. v=spf1 include:_spf.google.com include:sendgrid.net ~all. Keep total lookups under 10.

What it is

A cryptographic signature added to every email you send. Your email host generates a key pair; you publish the public half as a DNS record, and the host signs outgoing mail with the private half.

Why it matters

It proves a message genuinely came from you and wasn't altered in transit. DKIM is the single strongest signal you can give inbox providers that you're legit.

The exact steps

  1. In your email provider's admin (Google Workspace, Microsoft 365, your ESP), find Authenticate email / DKIM.
  2. Click Generate — the provider hands you a host name (a "selector") and a long public-key value.
  3. In your DNS, add the TXT (or CNAME, if your provider says so) record with the exact host and value they gave you.
  4. Go back to the provider and click Start authentication / Verify.
  5. Confirm it shows "active." Done — every email is now signed automatically.
Format — values come from your provider
google._domainkey TXT v=DKIM1; k=rsa; p=MIGfMA0G...your-long-public-key...AQAB
★ Don't invent the key — your email host generates it. Copy/paste exactly; a single missing character breaks the signature. The selector (here google) will differ per provider.

What it is

A TXT record telling receivers what to do when an email fails SPF/DKIM, plus an address where they email you reports about who's sending under your name.

Why it matters

It's the instruction layer. Gmail and Yahoo now require a DMARC record for anyone sending in bulk. Without it you're not just less trusted — you may be flat-out rejected.

The exact steps

  1. Make sure SPF and DKIM are live and passing first.
  2. Add a TXT record. Host/Name = _dmarc
  3. Start with a monitor-only policy (p=none) so you see reports without risking real mail.
  4. Point rua= at an inbox you'll actually check (a DMARC report reader helps).
  5. After a few weeks of clean reports, tighten to p=quarantine, then eventually p=reject.
Example — start here, then tighten
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; fo=1; adkim=s; aspf=s
★ The progression is the whole game: none (watch) → quarantine (spam-folder failures) → reject (block them). Don't jump straight to reject or you risk killing legit mail you forgot to authenticate.
★ Test your work free: send a message to a checker like mail-tester.com, or look up your domain in an MX/SPF/DMARC lookup tool. You want all three — SPF, DKIM, DMARC — showing PASS before you send another email.
Part 2 · The Email Warmup Guide
★ Interactive · Build Your Ramp ★

Now warm it up.

Brand-new sending address? Inbox providers don't trust strangers. Blast 1,000 cold emails on day one and you'll get flagged instantly. Warming = starting small and ramping slowly so providers learn you're a real human sending wanted mail. Tell me your target and I'll build the schedule.

Gentle
Safest · slowest
Standard
Recommended
Push
Faster · riskier
WeekEmails / dayPer week*Status

How to warm up well.

A schedule is half of it. The other half is sending mail people actually want — because engagement (opens, replies, "not spam") is what teaches providers to trust you.

★ Do

  • Start by emailing people who know you and will open/reply — colleagues, past customers, friends.
  • Ask a few early recipients to reply and move you to their primary inbox.
  • Send consistently on a steady weekday cadence — providers reward regular patterns.
  • Keep early content conversational and personal, not a hard sales blast.
  • Authenticate first (Part 1), then warm — never the reverse.
  • Clean your list: verify addresses so you're not hitting dead inboxes.

★ Don't

  • Don't buy a list and blast it from a fresh domain — fastest way to torch it.
  • Don't jump from 20 to 5,000 overnight, even if a campaign is "urgent."
  • Don't ignore bounces and spam complaints — pause and fix if they spike.
  • Don't stuff early emails with links, images, and spammy words ("FREE!!!", "ACT NOW").
  • Don't send from a no-reply address during warmup — you want replies.
  • Don't switch sending domains constantly — you reset your reputation each time.

Tweak it for your world.

Same two moves, slightly different emphasis depending on what you sell and how you send.

🔧

Service Pros

You send fewer, higher-stakes emails — quotes, invoices, appointment reminders. One quote in spam can cost a job.

★ Hack: authenticate the exact domain you send quotes/invoices from. Warm gently — your volume is low, so even a slow ramp covers it.
📣

Agency Owners

You send for clients and run cold outreach at volume. A burned domain isn't just your problem — it's your client's brand.

★ Hack: send cold outreach from a separate domain (e.g. a .co variant) so the main brand domain's reputation stays pristine. Warm each one.
🛒

E-Commerce

You blast promos and flows to big lists. Gmail/Yahoo bulk rules hit you hardest — and one bad send tanks the whole list's deliverability.

★ Hack: DMARC is non-negotiable at your volume, and add a one-click unsubscribe. Warm a dedicated promo subdomain separate from transactional mail.

6 ways people torch it.

Every one of these is common, self-inflicted, and avoidable.

Warming an un-authenticated domain

You ramp slowly but never set up SPF/DKIM/DMARC. You're just teaching filters to distrust you, politely. Authenticate first.

Two SPF records

Adding a second SPF record instead of merging into one. Receivers see a conflict and SPF fails entirely. One record, nested includes.

Jumping straight to p=reject

Setting DMARC to reject before you've confirmed everything passes. You block your own legit mail you forgot to authenticate.

The day-one blast

New domain, 2,000 cold emails out the gate. Instant flag, sometimes an instant blacklist. The schedule above exists for this reason.

Buying a cold list

Sending to people who never opted in spikes complaints and bounces — the two metrics that wreck reputation fastest.

Set-and-forget

Never checking your DMARC reports or deliverability. Problems are silent. Glance at reports monthly so you catch drift before it costs you.

Do it in this order.

Your whole golden-email setup, start to finish.

★ The 7-step run-through

Block 30–45 minutes for the setup, then let the warmup run over the following weeks.

  1. Add your SPF recordOne TXT record at @, all senders nested inside it.
  2. Turn on DKIM in your email hostGenerate the key, publish the record they give you, verify.
  3. Add a DMARC record at p=noneMonitor-only to start, pointed at an inbox you check.
  4. Test all three until they PASSmail-tester or an MX lookup. Don't send real volume until green.
  5. Build your warmup scheduleUse the generator above — note your week-1 number.
  6. Send to engaged people firstReal opens and replies in the early weeks do the heavy lifting.
  7. Ramp on schedule, then tighten DMARCHit full volume, then move DMARC to quarantine → reject.

Want more like this?

Sign up for the Sidekick Summer Slam. One free marketing or operations tool dropped to your inbox every day from May 8 → September 4. No fluff. No fee. (And yes — we authenticated and warmed the domain it comes from.)

Get me on the list →

Disclaimer. Sidekick Creative Company, LLC is an independent business. We are not affiliated with, endorsed by, or partnered with Google LLC, Meta Platforms Inc., Facebook, Instagram, Skool Inc., Anthropic PBC, Perplexity AI Inc., Wispr AI Inc., OpenAI OpCo, or any other third-party platform, brand, or service mentioned in our content. All trademarks, service marks, and trade names are the property of their respective owners. References to third-party products are for informational purposes only and do not imply endorsement of Sidekick by those parties.

No guaranteed results. The tools, frameworks, and resources distributed through the Sidekick Summer Slam are educational and informational. We use these same tools daily in our own work with clients, but we make no guarantees, warranties, or representations about any specific business, financial, marketing, or operational outcomes you may experience. Results vary depending on your business, market, execution, and effort.

The Sidekick Summer Slam giveaway is open to U.S. residents 18 and older. No purchase necessary. Void where prohibited. See Official Giveaway Rules for complete details.