The terms behind B2B outbound.

Sender Policy Framework. DNS record that authorizes IPs/servers to send mail for a domain. Defined by RFC 7208. SPF is a TXT record at the apex of a sending domain that lists the IP ranges, hostnames, and includes authorized to send mail. Receivers perform up to 10 DNS lookups to evaluate the record; exceeding that limit causes SPF to PermError. The policy qualifier at the end (~all softfail, -all hardfail) signals to receivers how strictly to treat unauthorized senders.

DomainKeys Identified Mail. Cryptographic signature in the mail header that proves the message wasn't tampered with in transit. Defined by RFC 6376. The sending server signs each outbound message with a private key; receivers fetch the corresponding public key from DNS at <selector>._domainkey.<domain> and verify the signature. Modern senders use 2048-bit keys; the 1024-bit keys common before 2022 are now considered weak. Canonicalization mode (simple vs relaxed) affects whether forwarders break the signature.

Domain-based Message Authentication, Reporting, and Conformance. The policy layer that tells receivers what to do when SPF or DKIM fails. Defined by RFC 7489. Published as a TXT record at _dmarc.<domain>. The policy values p=none, p=quarantine, p=reject are commonly misunderstood as a deployment progression — but p=none is a monitoring posture, not protection, and remaining there indefinitely is the single most common DMARC configuration error.

Whether the domain that passes SPF/DKIM matches the From: header domain. DMARC requires alignment between authenticated identifiers and the visible From: header domain. Strict alignment requires exact domain match; relaxed alignment allows subdomain matches. Misalignment is why forwarded mail and third-party senders often fail DMARC even when SPF and DKIM individually pass.

DMARC aggregate report. Daily XML reports listing authentication results across all mail claiming to be from your domain. Specified in the DMARC record as rua=mailto:dmarc-reports@example.com. Receivers send aggregate (RUA) reports daily — high volume, low detail. Without a parsing tool (DMARCian, Postmark, Valimail, dmarcanalyzer), they're unreadable. Most domains publish DMARC without an RUA field, which means they have no visibility into authentication failures.

DMARC forensic report. Per-message detail report for failed authentication. Largely deprecated for privacy reasons. RUF (forensic / failure reports) deliver per-message details including raw headers and partial body content. Most major receivers (Gmail, Yahoo) stopped sending RUF reports years ago for privacy and bandwidth reasons. Modern DMARC deployments rely on RUA aggregate reports only.

A label that identifies which DKIM key to use. Allows multiple keys per domain. DKIM signatures reference a selector (e.g. s=google in the DKIM-Signature header), and receivers look up the public key at <selector>._domainkey.<domain>. Multiple selectors enable key rotation without downtime, and multiple sending services (Google Workspace, SendGrid, etc.) to coexist on the same domain.

Mail Transfer Agent Strict Transport Security. Forces TLS for inbound mail and prevents downgrade attacks. Defined by RFC 8461. Published as a TXT record at _mta-sts.<domain> plus a policy file at https://mta-sts.<domain>/.well-known/mta-sts.txt. The policy modes are testing, enforce, and none. Without MTA-STS, an attacker who can intercept network traffic can downgrade an SMTP TLS connection to plaintext.

TLS Reporting. Daily reports on TLS failures and MTA-STS policy mismatches. Defined by RFC 8460. Published as a TXT record at _smtp._tls.<domain>. Reports surface receivers that couldn't establish TLS to your domain — diagnoses whether MTA-STS is breaking legitimate mail, and whether opportunistic-TLS receivers are downgrading.

Brand Indicators for Message Identification. Displays a brand logo next to authenticated mail in the inbox. Currently an IETF draft. Requires DMARC at p=quarantine or p=reject. The logo is published as a square SVG at a public URL and referenced in a TXT record at default._bimi.<domain>. Gmail and Yahoo require a Verified Mark Certificate (VMC) — a $1,500-$3,000/year trademark-backed certificate — before they'll display the logo.

Verified Mark Certificate. The $1,500-3,000/yr certificate required for BIMI logo display at Gmail/Yahoo. Issued by DigiCert or Entrust after trademark verification. The trademark must be registered with one of a small set of recognized authorities (USPTO, EUIPO, etc.) — descriptive marks and pending applications don't qualify. The VMC investment makes sense for established brands with high mail volume; rarely makes sense for early-stage companies.

Authenticated Received Chain. Lets forwarded mail survive DMARC by preserving the original authentication result. Defined by RFC 8617. When a forwarder (mailing list, alumni alias, autoforwarder) modifies a message, the original DKIM signature breaks. ARC seals the original authentication results at each forwarding hop so receivers can trust the chain. Gmail and Outlook both honor ARC; many smaller receivers do not.

Gradual volume ramp on a new sending domain or mailbox to establish receiver reputation. Receivers track sending reputation per IP, per domain, and per mailbox. Sudden volume from a previously-silent identity looks like a compromised account. Healthy warmup ramps over 21-28 days, prioritizing high-engagement mail (replies, opens to opt-in lists) over cold prospecting. Synthetic warmup networks that simulate engagement are increasingly detected at Gmail and Outlook.

How long a domain has existed. New domains (under 90 days) face a reputation cold-start curve. WHOIS-visible domain age is one of many reputation inputs at major receivers. A 90-day cold-start applies even to fully-authenticated, perfectly-configured new domains — receivers throttle them until enough engagement accumulates. Aged drop-catch domains compress this but carry their own reputation risk if the prior owner abused them.

Sending from a separate domain/subdomain than your corporate mail to protect reputation. Corporate domain (company.com) carries founder, payroll, and customer mail. Sending domain (companyalt.com or mail.companyalt.com) carries cold outbound. A single bad campaign that tanks reputation should not affect inbound payroll. The right boundary is a separate registered domain, not a subdomain — receivers do reputation rollup across subdomains.

Gmail/Yahoo Feb 2024 rules: 5000+ msgs/day = SPF + DKIM + DMARC + one-click unsubscribe + spam rate under 0.3%. Took effect February 2024 for senders exceeding 5,000 messages per day to Gmail or Yahoo. Requires SPF, DKIM, and DMARC at p=none or stricter; one-click unsubscribe via List-Unsubscribe-Post (RFC 8058); user-reported spam rate under 0.3% measured via Postmaster Tools; alignment between the From: header and authenticated domains.

RFC 8058 List-Unsubscribe-Post header that lets recipients unsubscribe without leaving their mail client. Required for bulk senders under the Gmail/Yahoo Feb 2024 rules. The List-Unsubscribe header lists an unsubscribe URL; List-Unsubscribe=One-Click is set to enable POST-without-confirmation. Receivers send a POST to the URL on user click; the sender must process it and stop sending within 48 hours (Gmail enforces this strictly).

Gmail's free dashboard exposing per-domain reputation, spam rate, authentication pass rate, and feedback loops. Available at postmaster.google.com after verifying domain ownership via DNS. Surfaces user-reported spam rate (the metric that drives most deliverability problems), domain and IP reputation, authentication pass rates, encryption mode, and inbound spam rate. Most senders never enroll — it's the single highest-ROI deliverability monitoring step.

Smart Network Data Services. Microsoft's equivalent of Postmaster Tools for Outlook/Hotmail reputation. Microsoft's Smart Network Data Services at sendersupport.olc.protection.outlook.com. Reports IP reputation (red/yellow/green status), trap hits, complaint rate. Less granular than Gmail Postmaster but the only window into Microsoft inbox placement.

Categories of SMTP failure: hard (5xx, permanent), soft (4xx, retry), transient, auto-reply. Defined by RFC 5321 (SMTP codes) and RFC 3463 (enhanced status codes). Hard bounces (5xx) indicate permanent failure — the address should be suppressed immediately. Soft bounces (4xx) indicate transient failure and should be retried with backoff. Confusing the two is the most common suppression-list error and the fastest way to burn domain reputation.

A list of mailboxes across Gmail, Outlook, Yahoo, etc. used to measure where a campaign lands. Inbox placement testing services (GlockApps, Inbox Inspector, MailGenius, EmailKarma) maintain seed-list networks across all major receivers. A campaign sent to the seed list reports where each message landed: primary inbox, promotions tab, spam folder, missing. Critical signal that user-side metrics (open rate) hide — opens to spam folder still count as opens.

Gmail's first inbox tab. The target of cold outbound. Gmail sorts inbound mail into Primary, Promotions, Social, Updates, and Forums tabs (when tabs are enabled). Promotions tab placement reduces open and reply rates by ~5x. Primary-tab placement is determined by sender reputation, mail content (signals like images, links, marketing language), and per-recipient engagement history.

Distinguishing legitimate human replies from out-of-office, bounces, and automated responses. Cold email platforms use the In-Reply-To and References headers (RFC 5322) to thread inbound replies, then classify them via heuristics (auto-reply patterns, message length, sender domain). Misclassification causes legitimate replies to be marked as bounces (suppression-list error) or out-of-office to be routed to sales reps (workflow noise).

Social Selling Index. LinkedIn's 0-100 score of profile completeness, network strength, and engagement. Visible at linkedin.com/sales/ssi. Four pillars: establish your professional brand (profile), find the right people (search), engage with insights (content), build relationships (connections). SSI above 70 unlocks higher daily action limits; SSI under 40 correlates with restriction events. Sales Navigator subscribers see live SSI; free accounts see the score only.

LinkedIn's premium tier for sales teams. ~$99/seat/mo. Higher search limits, InMail credits, lead recommendations. Required for high-volume LinkedIn outreach. Provides advanced search filters (seniority, company size, job change), 50 InMail credits/month, saved lead lists, and CRM sync. Without Sales Navigator, daily action limits hit much earlier (~80 connection requests/wk vs ~150 with Sales Nav).

LinkedIn's paid-message system. Lets you message a member without being connected. Sales Navigator includes 50 InMail credits/month; refunded if the recipient replies within 90 days. Reply rates to InMail run 15-25% well below cold email (acceptance + reply via connection-request path averages 8-12%). Best for senior buyers and gated audiences where connection acceptance is unreliable.

LinkedIn's weekly cap on connection requests sent. ~80-100 for free accounts, ~150 for Sales Nav. Enforced as a rolling 7-day window. Exceeding the limit triggers a soft restriction (account flagged for review) or hard restriction (24-72 hour pause). The limit varies per account based on SSI, account age, prior restriction history, and the proportion of accepted vs unaccepted past requests.

IP address sourced from real consumer broadband, used to make LinkedIn automation look like a real user. LinkedIn classifies traffic by IP residency class. Datacenter IPs (AWS, GCP) get aggressive bot scrutiny. Residential proxies (Bright Data, Oxylabs, Smartproxy) route requests through real consumer ISPs, dramatically reducing detection signals. Cost ~$5-15/GB. Critical for multi-account architectures.

Landmark case on LinkedIn scraping. After multiple rulings, current status is uncertain — public data scraping is legal but breach-of-contract risk remains. hiQ Labs scraped public LinkedIn profiles for HR products. LinkedIn sent a cease-and-desist citing the Computer Fraud and Abuse Act (CFAA). The 9th Circuit ruled in 2019 that scraping public data isn't a CFAA violation. Supreme Court remanded in 2021. In 2022 the 9th Circuit largely affirmed for hiQ. But a separate 2022 ruling on breach-of-contract for ToS violations means scrapers can still face civil liability.

Ideal Customer Profile. The narrow segment most likely to buy and succeed with your product. Not the same as 'target market' (broader, marketing concept). ICP is operationally specific: industry, company size, role of buyer, current technology stack, growth stage. Derived from closed-won deconstruction (what existing customers have in common), not from desk research or addressable-market estimates.

Reverse-engineering ICP from existing paying customers by extracting common attributes. Even three friendly logos generate signal. Extract attributes (size, industry, geography, role, tech stack, growth signal) and look for unexpected commonalities. The pattern that surfaces is the first ICP hypothesis — to be tested against new prospects, not assumed true.

Structured database of target accounts and contacts with relationships, signals, and history. Goes beyond a flat contact list. Captures account-to-contact relationships (who reports to whom), buying-committee mapping, prior interactions, content engagement, intent signals. The substrate that makes multi-thread outbound and account-based motions possible. CRM is the storage layer; the graph is the schema on top.

Third-party signals indicating an account is researching a category. Bombora, 6sense, ZoomInfo are the major providers. Aggregated from publisher-site content consumption (CB Insights, TechCrunch, vendor review sites) and search-engine traffic patterns. Surfaces accounts that have spiked research activity for a topic. Highly valuable for ABM but expensive ($50K-300K/year) and noisy — most spikes don't translate to active buying intent.

Adding firmographic and contact data to prospect records. Apollo, Clay, Ocean, ZoomInfo are common providers. Waterfall enrichment routes a name+company through multiple providers to maximize coverage and minimize cost. Per-record cost ranges $0.02 (Apollo) to $0.50+ (ZoomInfo specific fields). Accuracy varies wildly by region and seniority — director+ titles tend to be 80%+ accurate; individual contributors much lower.

Tailoring outbound to a specific person or account beyond first-name/company substitution. Three tiers. Tier 1 (token replacement): name, company, title. Tier 2 (account-level): recent funding, hiring trends, product launches. Tier 3 (person-level): podcast appearances, tweets, conference talks. Reply rates roughly scale 1x / 2.5x / 5x respectively, but Tier 3 doesn't scale linearly with volume. AI-assisted Tier 2-3 is the operational frontier.

Pre-defined cadence of multiple outbound touches across email and/or LinkedIn over time. Industry-standard cadence: 3-7 touches over 2-4 weeks. Reply rates compound over the sequence (touch 1 may reply 1-3%, touch 4 may reply 0.5-1.5%) — total sequence reply often 5-12%. Diminishing returns sharply after touch 6. Modern operators sequence shorter (3-4 touches) with higher per-touch quality rather than 8+ generic follow-ups.

Budget, Authority, Need, Timeline. The classic qualification framework. Suited to $5K-50K ACV transactional sales. Developed at IBM in the 1960s. Four binary questions: does the prospect have budget allocated, the authority to spend it, an explicit need, and a timeline to act? Works well for short cycles where the buyer holds all the information. Fails in modern enterprise SaaS where buying committees, multi-year contracts, and consensus dynamics dominate.

Metrics, Economic Buyer, Decision Criteria, Decision Process, Identify Pain, Champion. Enterprise qualification framework. Developed at PTC in the 1990s. The structural advantage over BANT: explicitly maps the buying committee (Economic Buyer + Champion) and the decision process (Criteria + Process). Suited to $100K+ ACV multi-stakeholder sales. Variants include MEDDPICC (adds Paper Process + Competition).

Situation, Pain, Impact, Critical Event, Decision. Modern qualification framework from Winning by Design. Reframes qualification as discovery: what's the current situation, what pain does it cause, what's the business impact, what critical event forces a decision, and what's the decision process? Better suited to SaaS sales cycles where pain is often vaguely understood at first contact.

An internal advocate at the prospect company actively selling your product to the buying committee. Distinct from the Economic Buyer (signs the check) and the End User (uses the product). The Champion has authority and political capital to push the deal forward — and a personal stake in your product winning. Single-thread deals depending only on a champion close at 8-15%; multi-thread deals (3+ stakeholders engaged) close at 35-50%.

An early customer who provides product feedback and case-study cooperation in exchange for free or discounted access during product development. Distinct from a free trial user or beta tester. Bound by a structured agreement (3-9 month term, scope, exchange of value). The early-stage operating system for B2B SaaS pre-PMF — compresses 18 months of customer discovery into 6 months and produces the first 2-3 reference logos. 30-60% convert to paid at end-of-term in well-run programs.

The 4-6 week outbound motion before a conference. Where pipeline gets built. Most teams skip it. 78% of conference attendees never get touched by exhibitors pre-event. The teams that run a multi-touch pre-event sequence to ICP-filtered attendees book 4-6x the on-floor meetings of teams that wait. The deliverability handoff (warmed sending estate, primary-tab placement) is the prerequisite — there's no time to fix infrastructure during the run-up.

A hosted dinner during a conference for 8-12 ICP attendees. The highest-conversion conference format. Converts at 5-10x per attendee vs booth conversations and 20-30x vs cold outbound for the same audience. Invite math: 30 invited → 12 confirmed → 8 attended is typical. Venue selection (proximity to conference, food quality), co-host strategy (when you don't have the brand to fill it alone), and day-after follow-up architecture determine whether the dinner produces pipeline.