The cold email SMTP question
Cold outbound at volume runs across many mailboxes. That is not a design choice, it is a deliverability reality: every mailbox has a daily ceiling before receivers start tempering reputation, and spreading load across mailboxes is how legitimate cold programmes keep sending. The operating question for anyone running cold outbound is not whether SMTP works — it does — but whether raw SMTP is enough for managing dozens or hundreds of mailboxes.
This article compares two honest paths: running cold email on raw SMTP with your own mailbox rotation, and running the same mailboxes as providers inside Mailers.io with quota-aware orchestration above them. The comparison points out where each is appropriate and where each stops helping.
Where raw SMTP stops for cold email
Raw SMTP gives any cold email operator a universal way to send through any mailbox that speaks SMTP: Google Workspace, Microsoft 365, Zoho, private SMTP, or a relay.
What SMTP does not give:
- Per-mailbox quotas. Google Workspace enforces roughly 2,000 external messages per account per 24 hours. Microsoft 365 enforces its own caps. SMTP does not know any of that; exceeding caps is your problem.
- Rotation. Picking the next eligible mailbox based on burn-down, warmup state, and priority. SMTP exposes no such concept.
- Failover. If one mailbox gets rate-limited or suspended, SMTP returns an error; the operator or the script handles the fallback.
- Suppression. Bounces, unsubscribes, and do-not-contact lists are enforced by you, per list and per campaign.
- Canonical events. SMTP returns synchronous responses; opens, clicks, and bounces arrive via different paths and in different shapes per mailbox provider.
- Team access. One mailbox equals one credential equals everything-or-nothing.
What orchestration adds for cold outbound
Mailers.io attaches each mailbox and SMTP endpoint as a provider. Google Workspace mailboxes, Microsoft 365 mailboxes, Zoho, private SMTP — all first-class. See /integrations/gmail-smtp, /integrations/outlook-smtp, and /integrations/smtp.
The orchestration layer above them:
- Per-mailbox caps. Set
max_per_hourandmax_per_dayon each provider. The router never exceeds them. - Priority order. Tag providers by priority; the router picks the highest-priority mailbox with remaining capacity at each send.
- Automatic failover. If a mailbox returns a throttling response or a provider-level error, the next eligible provider takes the send.
- Canonical webhooks. Delivered, bounced, complained, opened, clicked — same event shape regardless of mailbox provider.
- Suppression. Global and per-campaign suppression, do-not-contact lists, and bounce / complaint enforcement.
- Team roles and audit log. Per-resource RBAC and a full audit trail, which matters for operators running multi- client or agency setups (see /team-roles).
What Mailers.io is not:
- A reply manager or unified inbox. Replies land in the mailbox that received them. Inbox review and classification live in a different category of tool.
- A lead database. Lead sourcing, enrichment, and waterfalls are out of scope. Bring your own list pipeline.
- A deliverability guarantee. Inbox placement depends on authentication, content, reputation, and receiver-side decisions. No platform can guarantee outcomes there.
Side-by-side comparison
| Dimension | Raw SMTP (DIY rotation) | Mailers.io (mailbox orchestration) |
|---|---|---|
| Per-mailbox quotas | Enforced by your script or spreadsheet | Enforced per provider |
| Rotation logic | You write it; priority mostly by position | Priority + remaining capacity, automatic |
| Failover on throttling | Error lands in your logs | Next eligible mailbox takes the send |
| Suppression | Per-list manual database | Workspace-level enforcement |
| Events / webhooks | Per-mailbox provider; you normalise | Canonical shape across providers |
| Team delegation | Credentials per person, or shared logins | Per-resource RBAC + audit log |
| Analytics | Log parsing and custom dashboards | Per-mailbox, per-domain, per-campaign rollups |
| Replies | Mailbox inbox | Mailbox inbox (out of scope here too) |
| Delivery cost | Paid to mailbox / SMTP providers | Paid to mailbox / SMTP providers; no resale |
Mailbox operations orchestration handles
1. Burn-down per mailbox
Every mailbox has a daily cap. The router tracks remaining capacity and picks the next eligible mailbox so no single account goes over its cap. On raw SMTP this is your cron job.
2. Warmup-friendly pacing
New mailboxes need a gradual ramp. Setting per-hour and per-day caps to the current warmup point and raising them over time is the standard pattern. Mailers.io does not perform warmup itself, but it respects the caps you set so your warmup plan translates into actual send behaviour.
3. Throttle-aware failover
When a provider returns a 421 greylisting or a provider-specific throttling error, the next send picks a different mailbox. The workload does not stop because one mailbox hiccuped.
4. Domain and mailbox grouping
Cold operators commonly organise mailboxes into pools (e.g. by identity, brand, or customer). Priority and caps are set at the provider level and pools are expressed with tags and priorities.
5. Suppression discipline
Global suppression plus per-list do-not-contact stops compliance incidents before they happen. Every send checks suppression before the mailbox is selected.
Three cold email scenarios
Scenario A — 3 to 5 mailboxes, one operator
Raw SMTP or a simple sequencer is workable. Daily capacity is low enough that a manual rotation, with clear per-mailbox caps, can be maintained. Orchestration is not wrong here, but the pressure to adopt is modest.
Scenario B — 20 to 100 mailboxes across multiple domains
Raw SMTP starts to fall over. Per-mailbox caps vary. Warmup states vary. A single spreadsheet is no longer tracking reality. Operators at this size typically either write a custom rotation service or adopt orchestration. Mailers.io handles this directly — each mailbox is a provider with its own caps, priority, and audit trail.
Scenario C — Agency running cold outbound for multiple clients
Raw SMTP is no longer plausible. Per-client isolation, per-client reporting, per-client access, and per-client suppression are all requirements. Mailers.io models this natively: each client is a sub-workspace with its own mailboxes, domains, and team members. Agency-oriented details at /platform/agency-email-platform.
Pros and cons
When raw SMTP is still the right call
- Very small mailbox count, single operator.
- Purely manual operation with no ambition to scale.
- Strict regulatory constraints prevent any third-party orchestration.
When orchestration is right
- Ten or more mailboxes, any multi-domain setup, or any team.
- Need for per-mailbox caps enforced automatically.
- Workflows across multiple clients or brands.
- Desire for a clean audit trail and per-resource access.
- Intention to keep cold outbound operating during provider hiccups.
Who should choose what
Solo operators with a handful of mailboxes can stay on raw SMTP. Anyone running cold outbound at meaningful volume, across multiple domains or on behalf of multiple clients, will find orchestration pays back its cost in operator hours and reduced mistakes. The decision ultimately lives in the answer to one question: how many hours per week are currently spent managing mailbox rotation, suppression, and reporting by hand?
How to decide
A quick honest audit:
- How many mailboxes are currently in active rotation?
- How is per-mailbox daily cap enforced today?
- How are bounces and unsubscribes recorded and applied?
- If a mailbox suspended tomorrow, how long before your outbound notices and adjusts?
Acceptable answers at small scale look like "a script" and "manually". At larger scale they become operational exposure. Plan and pricing details at /pricing; mailbox provider attachments at /integrations.
Runbooks are underrated. A good runbook is not a PDF nobody opens; it is a checklist that includes who is allowed to do what, what “pause sending” does in your configuration, and how to verify suppression state after an incident. Mailers.io is built as orchestration and policy on infrastructure you connect—useful when you have multiple paths, shared templates, and need consistent governance across teams. It is the wrong product if the primary pain is a missing CRM surface or a guarantee that mail will “land in primary.”
Finally, treat deliverability talk as a constraint problem, not a battle of slogans. Recipients, mailbox providers, and local IT policies are not under your vendor’s control. What you can control is list provenance, authentication, throttles, content hygiene, and how fast you stop repeating mistakes. The organizations that do well here look boring: fewer surprises, fewer “unknown unknowns” in audits, and operators who can show receipts.
Related depth for “Article”: operators often underestimate how much time is spent on credential lifecycle (API keys, SMTP passwords, domain delegation) and how little time is left for improving message quality. Rebalance that intentionally if revenue depends on reliable outbound. Multi-provider routing can reduce provider-specific lock-in and separate blast radius, but it does not remove your obligation to own consent, suppression, and record-keeping. Not legal advice. Where GDPR, CCPA/CPRA, or similar apply, align with counsel. We do not use generic marketing copy to assert SOC 2 or ISO 27001.
Procurement and security questions often ask for certifications as shorthand. The better question is: what logs exist, for how long, and who can access them? A control plane can unify routing, but you still need your own data map for personal data, subprocessors, and incident response. This article is educational; align final commitments with your counsel and your customer contracts. We do not claim outcomes we cannot own (placement, read rates, or a unified sales inbox) because that would mis-sell the product’s shape.
Testing discipline for guide-style problems usually improves when you separate “content experiments” from “infrastructure changes.” If you must change both, sequence them: stabilize the path, then test creative, or you will not know which variable moved the signal you care about. If you are comparing providers, do it with the same list ethics and the same segment definitions; otherwise the comparison is a story, not a measurement.
Related depth for “Article”: operators often underestimate how much time is spent on credential lifecycle (API keys, SMTP passwords, domain delegation) and how little time is left for improving message quality. Rebalance that intentionally if revenue depends on reliable outbound. Multi-provider routing can reduce provider-specific lock-in and separate blast radius, but it does not remove your obligation to own consent, suppression, and record-keeping. Not legal advice. Where GDPR, CCPA/CPRA, or similar apply, align with counsel. We do not use generic marketing copy to assert SOC 2 or ISO 27001.
When you operationalize Article at scale, the durable win is a repeatable review loop: weekly metrics that surface drift before leadership notices. That usually means bounces and complaints as first-class series—not vanity engagement charts—paired with a written rule for when a program pauses. This matters whether your stack is a single console or a multi-provider layer; the work is the same even when “Article” is the public label on the project.
Cross-functional alignment fails quietly: Marketing ships a new domain, Data updates a list export, and Engineering rotates an API key—each change reasonable alone, but together they break assumptions about identity and suppression. A useful discipline is a lightweight change log for anything that touches a live sending identity, even if the change is “small.” The goal is not paperwork theatre; the goal is that the next on-call can reconstruct state without heroics.
Related depth for “Article”: operators often underestimate how much time is spent on credential lifecycle (API keys, SMTP passwords, domain delegation) and how little time is left for improving message quality. Rebalance that intentionally if revenue depends on reliable outbound. Multi-provider routing can reduce provider-specific lock-in and separate blast radius, but it does not remove your obligation to own consent, suppression, and record-keeping. Not legal advice. Where GDPR, CCPA/CPRA, or similar apply, align with counsel. We do not use generic marketing copy to assert SOC 2 or ISO 27001.
Runbooks are underrated. A good runbook is not a PDF nobody opens; it is a checklist that includes who is allowed to do what, what “pause sending” does in your configuration, and how to verify suppression state after an incident. Mailers.io is built as orchestration and policy on infrastructure you connect—useful when you have multiple paths, shared templates, and need consistent governance across teams. It is the wrong product if the primary pain is a missing CRM surface or a guarantee that mail will “land in primary.”
Finally, treat deliverability talk as a constraint problem, not a battle of slogans. Recipients, mailbox providers, and local IT policies are not under your vendor’s control. What you can control is list provenance, authentication, throttles, content hygiene, and how fast you stop repeating mistakes. The organizations that do well here look boring: fewer surprises, fewer “unknown unknowns” in audits, and operators who can show receipts.