23 years from Stockholm
Sending layers compared · SMTP relay, API, MTA

Sending Layers Compared

Three distinct email sending layers exist in 2026, each with different operational profiles, different infrastructure requirements, different authentication posture, different reputation management approaches, and different compliance treatment. Transactional email is triggered by user action — password resets, order confirmations, receipts, account alerts — with the recipient actively expecting the message. Marketing email is bulk sending to opt-in lists — newsletters, promotions, re-engagement campaigns — with the recipient having consented but not triggered the specific send. Cold email is outbound prospecting to recipients who have not explicitly consented — B2B sales outreach, demand generation, partnership inquiries. These three layers differ by orders of magnitude in engagement patterns, bounce tolerance, complaint risk, compliance treatment and provider acceptance. Mixing them on shared infrastructure damages the higher-quality streams' reputation; the Gmail and Yahoo February 2024 bulk-sender requirements essentially codify the industry consensus that transactional and marketing need separation, and cold email needs isolation from both. Data verified April 2026 against provider documentation, Gmail Postmaster Tools guidance, Yahoo bulk-sender policy, Spamhaus June 2025 position, and GDPR/CAN-SPAM/CASL compliance frameworks.

Why sending layers need different infrastructure

At the SMTP protocol level, all email is the same — envelope sender, headers, body, MIME encoding. The differences between transactional, marketing and cold email are not protocol-level but operational: who the recipient is, whether they expected the email, how engaged they are likely to be, how bounce-prone the target list is, how much complaint risk the sending carries, and how the receiving ISP's reputation model will treat the sending pattern.

A transactional password-reset email to a user who just clicked "forgot password" is expected, valuable and immediately-actionable — receiver engagement signals (opens, clicks, absence of spam complaints) will be overwhelmingly positive. A marketing newsletter to a 50,000-subscriber opt-in list will have engagement signals that are solid but meaningfully weaker — a typical 25% open rate means 75% of recipients didn't engage with the content, and some fraction will mark it as spam despite having consented. A cold email to a prospect list scraped or enriched from public sources will have engagement signals that are weaker still — higher bounce from list decay, lower open rate from uninterested recipients, higher complaint rate from recipients who didn't expect the contact. These differences compound: when all three streams share the same IP, the cold email's reputation damage and the marketing's bounce variability both drag down the transactional's delivery rate.

The Gmail and Yahoo February 2024 bulk-sender requirements codified this operational reality as policy. Senders exceeding 5,000 emails per day to their users must maintain complaint rate under 0.3%, implement one-click unsubscribe, authenticate via aligned SPF/DKIM/DMARC, and honor unsubscribe within two days. The 0.3% complaint rate threshold is tight enough that cold email programs routinely breach it, which is why cold email has increasingly required isolated infrastructure that doesn't share reputation with transactional or opt-in marketing streams.

Transactional email — the foundation layer

Transactional email is the simplest layer operationally and the one that most directly affects user experience. Password resets, order confirmations, shipping notifications, receipts, security alerts, account activation links, two-factor authentication codes — these emails are triggered by user actions and sent to individual recipients who are actively expecting the message. When transactional email fails to deliver, users can't log in, orders fail to confirm, and customer support ticket volume spikes within minutes.

The operational profile: 80%+ open rates typical (users actively look for the email), bounce rates under 1% on healthy lists (address comes from user signup), complaint rates negligible (users wanted the email), volume correlates directly with product usage (steady with gradual growth as user base scales), and inbox placement target 98%+ because failures directly harm user experience. Delivery speed matters — sub-2 seconds from API call to inbox arrival is the industry benchmark for time-sensitive alerts like 2FA codes.

The authentication posture is strict: SPF records properly scoped, DKIM keys on root or dedicated transactional subdomain, DMARC p=reject policy on the sending domain to prevent spoofing of critical mail. The subdomain strategy can go either way — some organizations use root domain for transactional (maximum trust signal) while separating marketing to subdomain; others isolate transactional to its own subdomain (transactional.example.com) to protect root-domain reputation from any sending shape. Both approaches are defensible; the consistency of applying it matters more than which specific pattern is chosen.

Infrastructure for transactional: shared IP pool works well for sub-50K/month volumes (leveraging the pool's pre-warmed reputation); dedicated IPs become justified at 100K+/month where reputation isolation protects against marketing or other streams' variability. Authorize Hosting's SMTP Relay and Email API products both address transactional sending as a primary use case, with dedicated IPs bundled from entry tier for teams who need isolation.

Marketing email — the permission-based layer

Marketing email is bulk or segmented sending to recipients who have opted in to receive promotional content. Newsletters, product announcements, promotional campaigns, cart abandonment recovery, re-engagement campaigns, educational content series — these emails require prior consent (explicit opt-in under GDPR, functional unsubscribe under CAN-SPAM) and are sent at higher volumes than transactional but with meaningfully lower per-message engagement.

The operational profile: 20-35% open rates typical for well-engaged opt-in lists (declining across the industry as inbox overload increases), 1-3% bounce rates tolerable (some list decay is normal), complaint rates of 0.1-0.3% common (not everyone who consented remembers consenting), volume campaign-based rather than user-triggered (batches with gaps between sends), and inbox placement target 90%+ with acknowledgment that some promotional mail will land in Gmail's Promotions tab regardless of sender effort. Delivery speed is less critical — hours acceptable for non-urgent newsletters.

The authentication posture is also strict but differs in subdomain strategy. Marketing should use a dedicated subdomain (marketing.example.com, news.example.com, email.example.com) with its own DKIM keys and DMARC policy (typically p=quarantine or p=reject). This isolates marketing reputation from root-domain reputation — a campaign problem doesn't affect transactional delivery through the root domain. BIMI authentication (Brand Indicators for Message Identification) is applicable and recommended on marketing subdomains where brand recognition protects recipient trust and signals quality to receivers.

Infrastructure for marketing: dedicated IPs become operationally justified around 50-100K/month as sending patterns stabilize into predictable weekly volumes. Multiple dedicated IPs allow stream segmentation (promotional vs educational vs re-engagement), which isolates reputation risks between campaign types. Gmail and Yahoo's February 2024 requirements apply directly to marketing email at 5,000+/day volumes — one-click unsubscribe, functional within 2 days, aligned authentication, and 0.3% complaint rate ceiling are structural requirements rather than optimizations. Authorize Hosting's SMTP Relay and Email API products address opt-in marketing through the same infrastructure as transactional with subdomain separation enforced at onboarding.

Cold email — the outbound prospecting layer

Cold email is outbound prospecting to recipients who have not explicitly consented to receive the email — B2B sales outreach, demand generation campaigns, partnership inquiries, recruiting outreach. The recipient did not sign up, did not click a subscription form, did not make a purchase that would trigger transactional mail. The sender initiated the contact based on public information (LinkedIn profile, company contact page, enriched prospect database) or some form of implied interest signal.

The operational profile is distinctly harder than transactional or opt-in marketing. Expected metrics on well-executed cold email: 30-50% open rates on well-warmed cousin domains with quality lists, 5-10% bounce rates expected due to list decay and reliance on third-party data sources, complaint rates elevated (0.3%+ common without careful discipline), volume sequence-based (trigger-and-follow-up patterns with precise pacing to avoid triggering anti-abuse heuristics), and inbox placement target 80%+ reflecting the operational reality of unsolicited contact. The Spamhaus June 19, 2025 position explicitly stated that cold email without consent constitutes spam, which doesn't make cold email illegal but does mean it's treated more aggressively by receiver filtering regardless of legal compliance.

The compliance complexity is the most nuanced of the three layers. GDPR (EU) requires either explicit consent or demonstrable legitimate interest with a documented balancing test — and the Spamhaus 2025 guidance effectively narrows the legitimate-interest defense. CAN-SPAM (US) permits cold B2B email with functional unsubscribe and physical address disclosure. CASL (Canada) prohibits cold email without implied or express consent. CCPA/CPRA (California) overlays privacy-related consent on cold B2C email. Cold email programs operating across jurisdictions require per-jurisdiction compliance logic, not a single blanket policy — and the jurisdictional logic is typically implemented at the targeting stage (filtering recipients by country before sending) rather than at the sending stage.

The infrastructure requirement is structural isolation. Cousin domains entirely separate from brand domain (example-outreach.com, example-connect.com, getexample.com) protect brand-domain reputation from cold email's inherent risks. Dedicated IPs per cousin domain isolate reputation at the IP level. PowerMTA or KumoMTA infrastructure with per-ISP throttling handles the pacing discipline that cold email requires. Warming is longer than transactional or marketing (4-6 weeks typical) because cousin domains start with zero domain reputation as well as zero IP reputation. Brevo explicitly prohibits cold email in terms of service, Postmark shuts down broadcast accounts when cold email is detected, SendGrid throttles aggressively when cold email signals appear — these provider rejections are why cold email programs require purpose-built infrastructure rather than shared-pool ESPs.

Authorize Hosting's Cold Email Infrastructure product line (€1,799-€3,799/month) addresses this layer specifically: cousin domain provisioning and management, isolated reputation segmentation, PowerMTA default MTA with per-ISP throttling, operator-led warming tuned for cold email's elevated-complaint profile, and receiver-relationship work across Gmail, Microsoft, Yahoo Postmaster Tools. It's structurally separate from our SMTP Relay and Email API products because the operational profile doesn't belong in shared infrastructure with transactional and opt-in marketing.

The essential comparison at a glance

Twenty dimensions of comparison across engagement, compliance, authentication, infrastructure, operator expertise, and provider acceptance. Data verified April 2026 against Gmail Postmaster Tools guidance, Yahoo bulk sender policy, Spamhaus June 2025 cold email position, GDPR/CAN-SPAM/CASL framework requirements, and provider terms of service across major ESPs.

Transactional vs Marketing vs Cold Email — 20-dimension comparison, April 2026
DimensionTransactionalMarketing (opt-in)Cold Email
Recipient relationshipActive user with pending action; email expectedConsented list member; email anticipated but not triggeredProspect with no prior consent; email unsolicited
Trigger sourceUser action (signup, purchase, password reset, 2FA)Sender-initiated campaign to consented listSender-initiated outreach to prospect database
Expected open rate80%+ on healthy transactional programs20-35% on well-engaged opt-in lists30-50% on warmed cousin-domain programs with quality lists
Bounce rate toleranceUnder 1% (user-provided addresses are accurate)1-3% tolerable (some list decay normal)5-10% expected (third-party data, list decay)
Complaint rate ceilingUnder 0.05% (negligible; users wanted email)Under 0.3% (Gmail/Yahoo 2024 requirement)Typically 0.3%+ common; isolation protects other streams
Delivery speed requirementSub-2 seconds for time-sensitive alertsHours acceptable; batch sending tolerablePacing discipline more important than speed
Volume profileCorrelates with user activity; steady growthCampaign-based; batch sends with gapsSequence-based; daily cap per cousin domain
DMARC policy recommendationp=reject on sending domainp=quarantine or p=reject on marketing subdomainp=quarantine or p=reject on cousin domain
Subdomain strategyRoot domain or transactional subdomainMarketing subdomain (marketing.example.com)Cousin domain entirely separate from brand
BIMI applicabilityYes — brand recognition protects trustYes on marketing subdomainNo — brand recognition from unsolicited contact is counterproductive
Unsubscribe requirementNot required for pure transactional contentRequired: one-click per RFC 8058, honor within 2 daysJurisdiction-dependent; CAN-SPAM and CASL require; GDPR recommends
GDPR compliance basisLegitimate interest (contract performance)Explicit consent or demonstrable legitimate interestLegitimate interest with documented balancing test; Spamhaus 2025 narrows defense
CAN-SPAM treatmentTransactional exception (commercial content minor)Full CAN-SPAM compliance requiredPermitted with functional unsubscribe and physical address
Inbox placement target98%+90%+80%+ (operational reality of unsolicited)
IP infrastructureShared pool under 50K/mo; dedicated at 100K+/moDedicated IPs at 50-100K/mo, multiple for stream segmentationDedicated IPs per cousin domain; 10+ for enterprise prospecting
Warming timeline14-28 days operator-led; less if migrating from warm reputation14-28 days operator-led; longer if bounce-prone list4-6 weeks per cousin domain; cousin domains warm independently
Provider acceptanceUniversal — all ESPs acceptUniversal on opt-in lists — all ESPs acceptRestricted — Brevo prohibits; Postmark shuts down; SendGrid throttles; purpose-built providers required
Authorize Hosting productSMTP Relay (€399-€1,499/mo) or Email API (€469-€1,729/mo)SMTP Relay or Email API with subdomain separationCold Email Infrastructure (€1,799-€3,799/mo) — purpose-built
Typical monthly volumeCorrelates with active users (10K-10M+ per business)Opt-in list size (1K-1M+ subscribers)Prospect database scale (10K-500K outreach attempts monthly)
Honest recommendationFoundation layer — always isolate from marketing and coldIsolate from transactional with subdomain strategy; isolate from cold infrastructure entirelyStructural isolation required — cousin domains, dedicated IPs, purpose-built provider

When layers can mix and when they must not

The question of whether to mix or separate sending layers is often framed as optimization (for better deliverability) rather than as structural requirement (for operational viability). The 2026 reality leans toward structural requirement — Gmail and Yahoo's bulk sender requirements, increasing receiver-filter aggressiveness, and the documented provider rejections of cold email make layer separation operationally necessary above certain thresholds.

Mix possible: all three under 10K/month combined

At very low combined volumes (under 10,000 emails per month across all layers), sending from a single shared-pool provider with subdomain separation is often workable. The volume doesn't generate enough reputation signal for receivers to strongly differentiate the streams, and careful list hygiene on each layer prevents cross-contamination. This is the starting position for most early-stage programs. Upgrade to separated infrastructure when any one layer approaches 10K/month independently.

Separate: transactional + marketing at 50K+/mo

Above 50,000 emails per month combined across transactional and marketing, subdomain separation becomes structurally required to protect transactional reputation from marketing's higher bounce and complaint rates. Gmail and Yahoo's 2024 bulk sender requirements apply at 5,000+/day which is roughly 150K/month — below this, the requirements are best practice; above, they're enforcement triggers. Dedicated IPs for transactional isolate further, though shared-pool transactional often still works if complaint rates stay very low.

Isolate: cold email from any other layer

Cold email belongs on isolated infrastructure regardless of volume. Even at 5,000 cold email sends per month, the reputation risk of mixing cold with transactional or opt-in marketing concentrates damage that the shared infrastructure can't dilute. Cousin domains, dedicated IPs, purpose-built provider (Authorize Hosting Cold Email Infrastructure, Instantly Light Speed, Smartlead, equivalent) — these aren't optimization choices, they're structural requirements because providers increasingly enforce cold-email isolation through account shutdowns when detected.

Multi-IP segmentation: 100K+/mo marketing

Above 100,000 marketing emails per month, multiple dedicated IPs segmented by campaign type (promotional vs educational vs re-engagement) isolate reputation risks between streams. A bad promotional blast shouldn't affect educational nurture delivery. A re-engagement campaign's higher bounce rate shouldn't drag down new-product announcement reputation. Authorize Hosting's SMTP Relay entry tier includes 10 IPs specifically to enable this multi-stream segmentation pattern from day one.

Cross-jurisdiction: per-jurisdiction compliance

Sending across US, EU, Canada and other jurisdictions requires per-jurisdiction compliance logic at the targeting stage rather than uniform sending practice. Cold B2B email permitted under CAN-SPAM US is prohibited under CASL Canada without consent. Marketing email permitted with functional unsubscribe US requires explicit opt-in EU. This typically means jurisdiction-based list segmentation before sending — EU recipients on opt-in-only streams, US recipients on consent-optional streams, Canada recipients on implied-consent-minimum streams. The infrastructure accommodates this through list-scoping before it reaches the sending layer.

Regulated industries: isolation regardless of volume

Financial services, healthcare, legal and other regulated industries often require transactional infrastructure isolated from promotional infrastructure for audit purposes regardless of volume. HIPAA, FINRA, GDPR Article 5(1)(f) all have provisions that favor isolated transactional infrastructure for sensitive mail. At the infrastructure level, this typically means separate provider contracts for transactional vs promotional, with documented segregation that compliance auditors can verify. Authorize Hosting's product line structure accommodates this naturally — separate product subscriptions for SMTP Relay vs Cold Email Infrastructure produce the isolated infrastructure compliance requires.

Infrastructure mapping: which product serves which layer

Authorize Hosting operates six product lines from Sweden, and the layer-to-product mapping isn't 1-to-1 by accident — it reflects how sending layers actually work in production. Teams that treat "email sending" as one homogeneous infrastructure decision routinely end up with cross-layer reputation problems six to twelve months in. The mapping below documents how each product line serves each layer and why the separation exists.

SMTP Relay Service (€399-€1,499/month) is the right fit for transactional sending and opt-in marketing where volume is in the 10K-300K emails/day range and standard SMTP is the integration pattern. It bundles 10-20 dedicated IPs with operator-led warming, making subdomain separation across transactional and marketing layers structurally possible from day one rather than requiring additional plan tiers. For teams running WordPress, Shopify, custom SaaS backends, or any system where SMTP credentials are the integration surface, SMTP Relay is typically the starting point. Cross-layer usage requires subdomain isolation discipline on the customer side — the infrastructure supports it, but the subdomain strategy is customer-driven.

Email API (€469-€1,729/month) serves the same transactional and opt-in marketing profile but with REST API integration, webhooks for bounce and complaint processing, and idempotency keys for at-least-once delivery guarantees. For product teams building event-driven sending (user signup flows, order confirmations, password resets, transactional notifications triggered by backend events), the Email API is structurally the right choice because the integration pattern matches how modern applications emit these events. Cold email programs do not typically use the Email API — the webhook and idempotency features are designed for transactional patterns, not outbound prospecting.

Cold Email Infrastructure (€1,799-€3,799/month) is a purpose-built product line for outbound prospecting with entirely separate infrastructure from transactional and marketing. It includes cousin-domain provisioning (example-outreach.com, example-connect.com patterns), separate dedicated IP pools not shared with SMTP Relay or Email API customers, warmup sequencing appropriate for cold-start outbound patterns, and suppression-list management that coordinates across multiple cousin domains. Teams using Authorize Hosting for cold email should not route that traffic through SMTP Relay — the cross-layer reputation risk is exactly what Cold Email Infrastructure exists to prevent.

PowerMTA Servers (€899-€2,799/month), Dedicated Email Servers (€995-€2,100/month) and Managed Deliverability (€1,200-€3,500/month) serve cross-layer customers with specific architectural or operational requirements that the abstracted product lines don't accommodate. PowerMTA Servers are the right fit when customers need PowerMTA's virtual-MTA configuration granularity for multi-tenant ESP patterns or enterprise deliverability requirements. Dedicated Email Servers accommodate customer-choice MTA across any layer (PowerMTA, KumoMTA, Postfix, custom) for teams wanting full infrastructure control. Managed Deliverability is MTA-agnostic consulting that layers over any infrastructure — customer's own MTA, our MTA, or third-party infrastructure.

Cross-layer reputation interactions and subdomain strategy

The single most consequential operational decision in multi-layer sending is subdomain strategy, and the decision is usually made implicitly in the first month of a sending program and inherited for years afterward. Getting it wrong creates cross-layer reputation contamination that is difficult to recover from without expensive domain migration. Getting it right requires essentially no additional infrastructure cost but significant upfront planning.

The structural model: root brand domain reserved for transactional sending at the strictest possible DMARC policy (p=reject, aspf=s, adkim=s). Marketing traffic isolated on a dedicated subdomain — typical patterns are marketing.example.com, news.example.com, or email.example.com — with its own DKIM keys and its own DMARC policy (often p=quarantine during ramp, p=reject once complaint rates stabilize). Cold email traffic isolated on cousin domains entirely separate from the brand domain — example-outreach.com, example-connect.com, or getexample.com — with standalone DMARC policies and DKIM keys that don't touch the brand domain DNS zone.

The failure mode that this structure prevents: a marketing campaign triggers elevated complaint rates, which would normally degrade root-domain reputation at Gmail or Microsoft, which in turn would degrade transactional delivery speed, inbox placement, and eventually trigger deferrals on password reset emails, order confirmations, and billing notifications. By isolating marketing to a subdomain with its own reputation, the marketing problem stays contained. The cold email isolation on cousin domains serves the same function at a higher-risk layer — cold email complaint rates are structurally higher than marketing, and routing that risk through any domain that touches the brand is operationally dangerous.

BIMI (Brand Indicators for Message Identification) display amplifies the subdomain strategy's importance. BIMI requires p=reject DMARC, VMC (Verified Mark Certificate), and consistent enforcement history. BIMI brand-logo display is appropriate for transactional and opt-in marketing where brand recognition protects recipient trust. BIMI display is structurally inappropriate on cold email where unsolicited contact from a recognizable brand damages brand reputation rather than protecting it. The subdomain isolation enables selective BIMI deployment by layer rather than all-or-nothing by brand domain.

Authorize Hosting's product structure assumes layer separation as the operational default. The Stockholm-operated infrastructure provisions cousin domains on Cold Email Infrastructure subscriptions, coordinates DNS setup across subdomains on SMTP Relay subscriptions, and documents subdomain strategies during onboarding scoping calls. For teams with existing sending programs where the subdomain strategy is legacy-inherited and suboptimal, the Managed Deliverability retainer includes subdomain migration planning — typically a 4-6 week project that isolates layers without service disruption. The cost of doing the subdomain strategy correctly from day one is negligible; the cost of retrofitting it after cross-layer reputation contamination has occurred is material.

Frequently asked questions about sending layers

FAQ

Direct answers on transactional, marketing and cold email infrastructure

What's the difference between transactional, marketing and cold email?

Three distinct sending layers with different operational profiles. Transactional email is triggered by a user action and sent to an individual recipient expecting it — password resets, order confirmations, account notifications, receipts, security alerts. The recipient has an active relationship with the sender and is waiting for the email. Marketing email is bulk or segmented sending to a list of recipients who have opted in — newsletters, promotional campaigns, product announcements, re-engagement. The recipient has consented to receive marketing but did not trigger any specific email. Cold email is outbound prospecting sent to recipients who have not explicitly consented — B2B sales outreach, demand generation, partnership inquiries. The recipient did not request the email. These three layers differ structurally in engagement patterns (transactional 80%+ open rate, marketing 20-35%, cold 30-50% expected), bounce rate tolerance (transactional under 1%, marketing under 3%, cold expected 5-10%), complaint rate risk (transactional negligible, marketing moderate, cold elevated), and compliance treatment (transactional universally permitted, marketing requires opt-in consent, cold requires GDPR legitimate interest or explicit consent depending on jurisdiction). Mixing them on shared infrastructure damages the higher-quality streams' reputation.

Can I send all three layers from the same IP?

Technically yes, operationally no. Sending transactional, marketing and cold email from the same IP causes the reputation damage from cold email and marketing bounce-rate spikes to affect transactional delivery — meaning password resets and order confirmations land in spam because a prospecting campaign triggered complaints. Industry best practice from 2024 forward (and codified in Gmail and Yahoo's February 2024 bulk sender requirements) is to separate transactional from marketing on different sending infrastructure. Cold email requires isolation from both — Brevo explicitly prohibits cold email in their terms of service, Postmark shuts down broadcast accounts when detected, SendGrid throttles aggressively. The structural answer: separate dedicated IPs per layer minimum, separate subdomains per layer, separate DMARC policies per subdomain, ideally separate infrastructure entirely for cold email. Authorize Hosting's product line structure reflects this: SMTP Relay and Email API for transactional and opt-in marketing, Cold Email Infrastructure as a purpose-built product for prospecting with isolated reputation segmentation.

What authentication posture does each layer require?

All three layers require SPF, DKIM and DMARC properly configured. The differences are in policy strictness and subdomain strategy. Transactional email should use strict DMARC policy (p=reject) on the sending subdomain to prevent spoofing of critical mail. Marketing email typically uses p=quarantine or p=reject on its own subdomain (marketing.example.com or similar) to isolate marketing reputation from root-domain reputation. Cold email requires p=quarantine or p=reject on isolated subdomains (outbound.example.com or cousin domains entirely separate from brand domain) because receiver filters treat cold email more skeptically and alignment failures amplify that skepticism. BIMI authentication (Brand Indicators for Message Identification) only applies to transactional and opt-in marketing where brand recognition protects recipient trust; it's not applicable to cold email where brand recognition from unsolicited contact would damage rather than protect reputation. The subdomain strategy enables DMARC policy differentiation — root domain at strict policy for transactional, marketing subdomain at quarantine/reject for promotional, outbound subdomain or cousin domain for prospecting.

What are Gmail and Yahoo's February 2024 bulk sender requirements?

In February 2024, Gmail and Yahoo jointly implemented new requirements for senders exceeding 5,000 emails per day to a single receiver. The requirements: (1) SPF, DKIM and DMARC must all be properly configured with alignment; (2) complaint rate must stay under 0.3% (monitored at Postmaster Tools); (3) one-click unsubscribe must be implemented per RFC 8058; (4) unsubscribe must be honored within 2 days; (5) sending from unbranded consumer free email addresses (gmail.com, yahoo.com as From domain) is prohibited. These requirements apply across all three sending layers and are codified as sender access requirements rather than optional best practices. Compliance is enforced through increased filtering aggressiveness for non-compliant senders. For marketing email, the 0.3% complaint rate threshold is particularly relevant — it's stricter than many providers' previous internal thresholds. For cold email, the requirements create a compliance ceiling above which sending volume requires stricter reputation discipline than most cold email programs maintain; this is a primary reason why isolated infrastructure for cold email has become structurally required rather than optional.

What's the compliance treatment for each layer?

Transactional email is universally permitted across jurisdictions because the recipient has an active account relationship or made a purchase triggering the email — GDPR legitimate interest applies, CAN-SPAM's transactional exception applies, CASL's implied consent applies. Unsubscribe links are not required for purely transactional content (receipts, alerts, password resets). Marketing email requires opt-in consent. GDPR (EU): explicit consent or demonstrable legitimate interest, with right-to-withdraw implemented via one-click unsubscribe. CAN-SPAM (US): no opt-in required but functional unsubscribe mandatory and physical address disclosure required. CASL (Canada): express or implied consent with strict interpretation. One-click unsubscribe must be honored within legally-specified timeframes (10 business days CAN-SPAM, without undue delay GDPR, 10 business days CASL). Cold email is the most complex compliance layer. GDPR: legitimate interest basis requires documented balancing test weighing sender interest against recipient reasonable expectations — the June 19, 2025 Spamhaus guidance explicitly stated that cold email without consent constitutes spam. CAN-SPAM (US): cold B2B email is permitted with functional unsubscribe and physical address disclosure. CASL (Canada): cold email is prohibited without consent, implied or express. Cold email programs operating across jurisdictions require per-jurisdiction compliance logic, not a single blanket policy.

Why do providers prohibit cold email but allow marketing?

Shared-pool reputation damage. Cold email sending profiles (higher bounce from list decay, lower engagement from recipients who didn't consent, elevated complaint risk from unsolicited contact) harm shared-pool reputation in ways that affect other senders using the same infrastructure. Brevo explicitly prohibits cold email in terms of service to protect pool senders. Postmark shuts down broadcast accounts when cold email sending patterns are detected. SendGrid throttles aggressively when cold email signals appear. Mailgun is more permissive but adjusts reputation thresholds. The structural reason isn't moral — it's operational: a shared pool can absorb opt-in marketing's moderate engagement patterns, but cold email's elevated complaint risk concentrates damage that pool-level reputation can't dilute without harming other senders. Cold email programs therefore require either dedicated infrastructure with isolated reputation segmentation (Authorize Hosting Cold Email Infrastructure), dedicated-SMTP providers that accept cold email on dedicated IPs without shared-pool concerns, or self-hosted infrastructure that assumes all reputation risk directly. Mixing cold email into shared-pool ESPs produces short-term sending with long-term account termination.

What's the per-layer volume and engagement profile?

Transactional: 80%+ open rate expected, sub-1% bounce rate, sub-0.05% complaint rate, volume correlates with user activity (typically steady or growing with user base). Delivery speed matters (sub-2 second expected for time-sensitive alerts). Inbox placement target 98%+. Marketing: 20-35% open rate typical for well-engaged opt-in lists, 1-3% bounce rate tolerated, 0.1-0.3% complaint rate common, volume campaign-based (batch sends with gaps). Delivery speed less critical (hours acceptable). Inbox placement target 90%+. Cold email: 30-50% open rate targeted on well-warmed cousin domains with quality lists, 5-10% bounce rate expected due to list decay, complaint risk elevated (0.3%+ common without careful discipline), volume sequence-based (trigger-and-follow-up patterns with precise pacing). Delivery speed secondary to reputation preservation. Inbox placement target 80%+ (lower target reflects the operational reality of unsolicited contact). The volume per IP per layer varies: transactional can sustain high volumes on single IPs; marketing benefits from 2-3 IPs for stream segmentation; cold email typically uses 10+ cousin-domain IPs for reputation isolation across prospecting sequences.

How does Authorize Hosting address each layer?

Through product-line specialization. SMTP Relay Service (€399-€1,499/month) handles transactional and opt-in marketing on dedicated-IP infrastructure with operator-led warming — the bundled 10+ IPs enable subdomain isolation between transactional and marketing streams from entry tier. Email API (€469-€1,729/month) addresses the same transactional plus opt-in marketing use case with developer-native API surface, webhook delivery and idempotency controls. Cold Email Infrastructure (€1,799-€3,799/month) is purpose-built for prospecting with cousin domains, isolated reputation segmentation, PowerMTA-default MTA, and operator-led warming specifically tuned for cold email's elevated-complaint profile. PowerMTA Servers (€899-€2,799/month) provide managed PowerMTA infrastructure for customers with specific MTA requirements across all three layers. Dedicated Email Servers (€995-€2,100/month) accommodate customer-choice MTA across any layer. Managed Deliverability (€1,200-€3,500/month) provides MTA-agnostic consulting applicable across all three layers. The product-to-layer mapping isn't always 1-to-1 — many customers use SMTP Relay for transactional-plus-marketing AND Cold Email Infrastructure for prospecting in parallel, with subdomain separation isolating reputation between the product lines.

Can the same domain be used across all three layers?

Structurally inadvisable. Root brand domain should be reserved for transactional sending at strict DMARC policy (p=reject). Marketing should use a dedicated subdomain (marketing.example.com, news.example.com, email.example.com) with its own DKIM keys and DMARC policy — this isolates marketing reputation from root-domain reputation, so a marketing campaign problem doesn't affect transactional delivery. Cold email should use cousin domains entirely separate from brand domain (example-outreach.com, example-connect.com, getexample.com) because cold email's elevated complaint risk should not touch brand-domain reputation at all. The cousin-domain approach for cold email is standard practice in 2026 — Authorize Hosting's Cold Email Infrastructure includes cousin-domain provisioning and management as part of the product. The subdomain strategy enables BIMI brand display only on transactional and opt-in marketing where brand recognition protects recipient trust, not on cold email where unsolicited contact from a recognizable brand would damage brand reputation. For single-domain sending programs, the volume threshold for needing layer separation is approximately 100,000 emails per month combined across layers — below that, shared-infrastructure with careful list hygiene can work; above that, structural separation becomes operationally required.

When should I invest in separate infrastructure for each layer?

Three triggers indicate the need for layer-separated infrastructure. First, volume threshold: above 100,000 emails per month combined across layers, shared infrastructure starts showing cross-layer reputation damage. Second, stream risk concentration: if marketing or cold email represents more than 20% of combined volume, the risk of marketing or cold complaints affecting transactional delivery justifies separation. Third, compliance requirements: regulated industries (financial services, healthcare) often require transactional infrastructure isolated from promotional infrastructure for audit reasons regardless of volume. The separation pattern: dedicated IPs per layer (minimum 3-5 total for transactional plus marketing, 10+ additional for cold email), subdomains per layer with distinct DMARC policies, distinct authentication keys where possible. Cost at small scale: roughly 2-3x single-infrastructure cost for full separation. Cost at larger scale: marginal — the dedicated IP and subdomain infrastructure absorbs additional volume without linear cost growth. Authorize Hosting's product structure assumes layer separation is the operational default — SMTP Relay's entry tier includes 10 IPs specifically to enable subdomain separation from day one without requiring additional plan tiers.