The fastest way to destroy a domain in 2026 is to point an AI SDR at a firmographic list and press go. Two weeks, maybe three, and your primary domain is in spam-folder purgatory across every major inbox provider.
I am George, founder of Leadpipe. I have watched enough teams blow up their sender reputation to write this post. The good news is that most of the damage is preventable, and the prevention is not clever. It is boring infrastructure work plus a data layer that keeps the agent honest.
This is the playbook. It is not exhaustive. It is what I would do on day one if I were turning on an AI SDR tomorrow and wanted to still have a primary domain six months later.
The short version
Deliverability for AI SDRs is three problems stacked on top of each other:
- Infrastructure. Do your sending domains have the right DNS, warmup, and isolation?
- Data. Is the agent sending to real, fresh, consented records, or to stale list noise?
- Volume and cadence. Is the agent ramping sanely, or hammering 5,000 sends a day on a fresh subdomain?
If you get any one of these wrong, the other two cannot save you. If you get all three right, an AI SDR can run for quarters without domain damage.
The decision tree
Before you send a single AI-generated email, run through this:
1. Is the send domain a dedicated subdomain (not your primary)?
NO → set up subdomain, warm for 2-4 weeks
YES → continue
2. Does the subdomain have SPF, DKIM, DMARC, BIMI set?
NO → fix DNS
YES → continue
3. Is the list person-level verified within 30 days?
NO → verify or replace with fresh first-party data
YES → continue
4. Is the agent filtering on ICP, suppression, opt-outs, TCPA, GDPR state?
NO → wire suppression at the API layer
YES → continue
5. Is the ramp plan in place (50 → 100 → 250 over weeks, not days)?
NO → plan the ramp
YES → you can sendSkipping any node does not save time. It costs the domain.
Layer 1: infrastructure
The rules here are not new. What is new is that AI SDRs send at volumes that punish any infrastructure mistake faster than a human SDR ever could.
| Item | Why it matters | What good looks like |
|---|---|---|
| Dedicated subdomain | Isolate sending reputation from your primary | outreach.yourdomain.com, not yourdomain.com |
| SPF | Authorizes your sending IPs | Valid record, no +all |
| DKIM | Signs every message | 2048-bit key, rotated annually |
| DMARC | Tells inboxes what to do on auth failure | Policy starts at p=none, moves to p=quarantine once clean |
| BIMI | Branded inbox marker | Optional, but signals maturity |
| Warmup | Build trust gradually | 2 to 4 weeks, rising volume |
| Inbox placement monitoring | Know where you are landing | GlockApps, Mailreach, Inboxally |
Tools like Instantly ($47-$97/mo Growth) and Smartlead handle the sending-infrastructure side, and some include warmup networks. The rotation of multiple warmed subdomains is standard practice now. Spread volume across 3 to 5 subdomains, never all on one.
None of this is AI SDR specific. It is cold email 101. The AI SDR just makes the consequences arrive faster.
Layer 2: data
This is where most AI SDRs fail, and where most of the deliverability carnage is actually happening.
Cold email deliverability collapses when you send to addresses that do not exist, bounce, or belong to people who never engaged with your brand. The AI SDR vendor will never tell you this bluntly, because their job is to sell you the agent, not fix your data. The quiet truth is that the agent is sending to the list you give it, and the list you give it is killing you.
Three failure patterns:
- Stale firmographic lists. You bought 50,000 contacts from a database vendor 9 months ago. Contact data decays at roughly 30% per year (see HubSpot’s B2B data decay stats). ~15% of that list has changed jobs. ~10% of those emails now bounce. The agent does not know. It sends. The bounces spike. The reputation drops.
- Probabilistic visitor ID feeding the agent. Some visitor tools guess who was on your site. When they guess wrong, the agent personalizes to the wrong person. The “wrong person” complains or marks as spam. Spam complaints matter more than bounces now.
- No suppression layer. The agent messages your own customers. Or churned logos. Or opt-outs from a previous campaign. Each one of those is a complaint waiting to happen.
The fix is a data layer the agent can trust, which means three things:
| Data fix | What to do | Leadpipe role |
|---|---|---|
| Replace stale list with fresh intent | Feed agent on identified visitors and person-level intent, not a static list | Visitor ID + Orbit |
| Use deterministic matching | Reject probabilistic tools for identified-visitor sends | Leadpipe 8.7/10 vs RB2B 5.2/10, Warmly 4.0/10 in independent test |
| Wire suppression at the API layer | Customers, churned logos, opt-outs filtered before the agent sees the record | Leadpipe suppression and exclusion lists |
This is the same argument I made in The Data Layer AI Sales Agents Are Missing. It applies doubly to deliverability, because bad data is not just ineffective, it is damaging.
Layer 3: volume and cadence
Even with good infrastructure and good data, you will destroy the domain if you ramp too fast. AI SDRs are built to scale. That is the danger. They will happily send 5,000 a day on a fresh subdomain if you let them.
A safe ramp, by week, on a fresh warmed subdomain:
| Week | Daily send ceiling per subdomain | Notes |
|---|---|---|
| 1 | 50 | Watch bounce rate closely, pause if >3% |
| 2 | 100 | Start ICP-filtered sends only |
| 3 | 200 | Add intent-scored segments |
| 4 | 350 | Stable cadence, monitor placement |
| 5+ | 500 to 750 | Holding pattern, do not exceed without another subdomain |
Per-subdomain ceiling of roughly 500 to 750 per day is where most deliverability professionals settle for B2B outbound. If you need more volume, add another warmed subdomain, not more sends per subdomain.
Cadence rules worth following:
- No more than 3 touches per person in any 14-day window without a reply.
- One-click unsubscribe on every message (required by modern inbox rules).
- Different send time windows per subdomain to avoid correlated sends.
- Reply-detection that actually pauses follow-ups when a human replies.
The AI SDR vendor usually handles some of this. Check. Some of them are bad at pausing sequences on an out-of-office or a “not interested” reply, which is how you get blocked.
Why identified visitors beat cold lists on deliverability
Here is the thing almost nobody emphasizes. Sending to identified website visitors is materially better for deliverability than sending to a purchased list, because:
- The recipient already came to your site. They know the brand. Complaint rates are lower.
- The email is verified against the identity graph at the moment of resolution, not from a 12-month-old crawl.
- Suppression, ICP filtering, and exclusion lists apply at the API layer before the agent ever sees the record.
- The content can reference real behavior (“you were on /pricing this morning”), which is lower-complaint than generic pitch.
Cold email reply rates are, at the time of writing, below 1% on most cold lists. Sending to identified visitors on the same stack routinely lands in the 10 to 20% range on the identified segment. Those are not just better outcomes. They are healthier sends, with materially lower complaint and bounce rates than equivalent volume on a stale list.
The macro point is: deliverability is a reputation problem, and reputation is built on whether the recipient wanted the email. People who just visited your pricing page are more likely to want the email than a stranger from a purchased list. The data layer you pick determines the shape of that distribution.
What to monitor, daily
Every AI SDR deployment should have a dashboard, checked daily, with at minimum:
- Bounce rate. Keep under 3%, alarm at 5%.
- Complaint rate. Keep under 0.1%, alarm at 0.3%.
- Spam placement rate. GlockApps or Mailreach seed tests, at least weekly.
- Domain reputation. Google Postmaster Tools, Microsoft SNDS.
- Reply rate by segment. Cold vs identified-visitor vs intent-score-high.
- Unsubscribe rate. Not a disaster signal by itself, but watch the trend.
If any of these drift, the agent keeps going. The agent does not care. That is your job.
Compliance guardrails
Briefly, because this is a deliverability post and not a compliance post:
- CCPA applies to California residents. Leadpipe is CCPA compliant and supports data subject requests.
- GDPR applies to EU/UK. Leadpipe’s default is company-level in those regions; person-level requires affirmative consent. See the GDPR-compliant visitor identification guide.
- CAN-SPAM / CASL apply to US and Canada cold email. One-click unsubscribe, physical address, honest headers, accurate subject lines. Non-negotiable.
- DPA available on request. Subprocessor list maintained.
Compliance and deliverability are not the same thing, but they point in the same direction: send to people who can legitimately be contacted, under the rules that apply, with a clear way out.
Wiring this together
If you are starting from zero, the sequence is:
- Stand up a dedicated sending subdomain. DNS clean. Warm it for 2 to 4 weeks.
- Install the Leadpipe pixel. JavaScript, 2 to 5 minutes, self-serve. Start collecting identified visitor data immediately.
- Wire the webhook to your agent or to Clay. How to add visitor identification to your Clay waterfall for the pattern.
- Turn on suppression at the API. Customers, churned, opt-outs, existing pipeline, existing contacts.
- Start the ramp. 50 a day on the warmed subdomain, mostly identified-visitor sends.
- Layer in Orbit person-level intent after the first month for cross-site intent on target accounts.
- Watch the dashboard daily.
A post worth also reading: How to Feed Visitor Data Into Your AI Agent covers the agent side of the integration. AI SDR Data Stack: Anonymous Visitor to Booked Meeting covers the full path.
The common mistakes
A short list of things I see teams do that destroy domains:
- Send from the primary domain. “It’s just a test.” Three weeks later, the primary is blacklisted.
- Skip warmup because the AI SDR vendor said it was not needed. It is always needed.
- Point the agent at a ZoomInfo export from last year.
- Let the agent self-discover its target list. Autonomy plus no suppression equals customer-spam within a week.
- Ignore bounces. Bounces are the first signal. If you are above 5%, stop.
- Run without reply detection. The agent sends three follow-ups after the prospect already said no. That is how you get complaints.
None of these are hard to avoid. They are just not fun.
Every plan ships with the same identity graph, 23 REST endpoints, webhooks, and a 27-tool MCP server. Start in 5 minutes →
