Outbound Email Infrastructure Checklist 2026: Setup to Scale
TL;DR
Cold email campaigns fail because of infrastructure problems, not bad copywriting. This outbound email infrastructure checklist covers every component you need, from secondary domains and DNS authentication to warmup schedules, sending limits, and ongoing monitoring. Without proper authentication alone, deliverability drops 40 to 60%. Follow the sequence below and you’ll outperform the vast majority of senders who skip straight to writing copy.
Most outbound campaigns die before a single prospect reads a word. The copy never gets a chance because the infrastructure underneath it is broken, misconfigured, or missing entirely.
Practitioners on Reddit’s r/coldemail confirm this repeatedly: infrastructure is where “almost everyone screws up.” Sending from your main domain, skipping warmup, ignoring DNS records. These aren’t minor oversights. They’re campaign killers.
Cold email in 2026 is an infrastructure problem first, a data quality problem second, and a copywriting problem third. Get those in order and you’ll outperform 90% of senders.
This outbound email infrastructure checklist is organized as a glossary you can reference any time, but it’s also sequenced in the order you should actually build things. Each term comes with a plain definition, why it matters, and exactly what to do about it. If you want a complete cold outreach guide that covers strategy beyond infrastructure, start there.
If you’d rather have an experienced outbound operator handle all of this, SalesPipe can help.
One important caveat before we start. The best-performing outbound teams treat infrastructure as an interconnected system, not a one-time checklist. Every component below affects the others. A perfect DNS setup means nothing if your list is dirty. A clean list means nothing if your domains aren’t warmed. Think of this checklist as your reference for building that system, piece by piece.
Outbound Email Infrastructure Checklist (Quick Answer)
If you only need the high-level checklist, this is the order to build your outbound email infrastructure.
Step | Task | Required? |
|---|---|---|
1 | Buy secondary domains | ✅ |
2 | Set up Google Workspace or Microsoft 365 | ✅ |
3 | Configure SPF | ✅ |
4 | Configure DKIM | ✅ |
5 | Configure DMARC | ✅ |
6 | Verify DNS authentication | ✅ |
7 | Create 2–3 inboxes per domain | ✅ |
8 | Start inbox warmup | ✅ |
9 | Verify email lists | ✅ |
10 | Configure inbox rotation | ✅ |
11 | Set sending limits | ✅ |
12 | Monitor Postmaster Tools weekly | ✅ |
13 | Review DMARC reports monthly | ✅ |
14 | Rotate DKIM keys annually | ✅ |
Key takeaway: Cold email success depends on infrastructure first, targeting second, and messaging third. Even great copy cannot overcome poor authentication or a damaged sender reputation.
Section 1: Domain Infrastructure
Secondary (Outbound) Domain
What it is: A domain you purchase specifically for sending cold emails, separate from your company’s primary domain.
Why it matters: Your primary domain handles inbound email, your website, and your brand reputation. If cold outbound triggers spam complaints or blacklisting, you want that damage contained to a secondary domain, not your main one.
What to do: Never send cold email from your primary domain. Buy 2 to 3 close variants of your company name (e.g., yourcompanyhq.com, tryyourcompany.com) and use those exclusively for outbound.
Domain Variants
What it is: Multiple secondary domains that are slight variations of your brand name, all used for outbound sending.
Why it matters: Spreading your outbound volume across multiple domains reduces the load on any single domain’s reputation. If one domain gets flagged, your other domains keep running.
What to do: Purchase 2 to 3 variants per campaign track. Forward each one to your main website so prospects who type the domain into a browser still reach your company’s site.
Domain Age
What it is: How long a domain has been registered.
Why it matters: Less than you might think. A domain that’s 10 years old but has never sent email carries no sending reputation. Mailbox providers don’t care about age. They care about behavior. A brand-new domain that’s properly warmed can outperform an old, unused one.
What to do: Don’t pay premium prices for aged domains expecting a shortcut. Focus on buying fresh domains and warming them correctly.
Domain Reputation
What it is: The score that mailbox providers assign to your domain based on its sending history, including bounce rates, spam complaints, and engagement patterns.
Why it matters: Domain reputation is the single biggest factor in whether your email reaches the inbox or gets filtered to spam.
What to do: Protect it ruthlessly. Every other item on this outbound email infrastructure checklist exists to build and maintain domain reputation.
Section 2: DNS Authentication
This is where most teams either get it right and gain a genuine competitive advantage, or skip steps and watch deliverability collapse. Without authentication, delivery rates drop 40 to 60% on major providers. That’s not a gradual decline. It’s an immediate penalty.
Here’s the striking part: only about 18% of top domains have valid DMARC records, and just 7 to 8% enforce quarantine or reject policies. Proper authentication is table stakes, but almost nobody does it fully. That’s your edge.
SPF (Sender Policy Framework)
What it is: A DNS record that defines which mail servers are allowed to send email on behalf of your domain.
Why it matters: Without SPF, any server can claim to send email from your domain. Recipient servers check SPF to verify that the sending server is authorized.
What to do:
Create exactly one SPF record per domain. Not two, not three. Multiple SPF records confuse recipient servers and can cause outright authentication failures.
Stay under the 10 DNS lookup limit. Every “include” mechanism in your SPF record counts toward this limit. Exceed it and your SPF record effectively breaks.
Audit your SPF includes every time you add or remove a sending tool.
DKIM (DomainKeys Identified Mail)
What it is: A digital signature added to your outgoing emails that proves they weren’t altered in transit. The recipient server checks this signature against a public key published in your DNS.
Why it matters: DKIM gives recipient servers confidence that the email genuinely came from you and wasn’t tampered with. It’s a trust signal that directly affects inbox placement.
What to do:
Enable DKIM with a 2048-bit key in your mailbox provider. Most providers (Google Workspace, Microsoft 365) make this straightforward.
Rotate DKIM keys at least annually. This is a maintenance task most teams forget, which creates long-term vulnerability.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
What it is: A policy that aligns SPF and DKIM, then tells recipient servers what to do when emails fail authentication: accept them (none), send them to spam (quarantine), or reject them outright (reject).
Why it matters: DMARC closes the gap that SPF and DKIM leave open. Without it, a recipient server knows an email failed authentication but has no instruction on how to handle it.
What to do: Follow a safe rollout sequence:
Set up SPF and DKIM first.
Add a DMARC record set to p=none with reporting enabled. This lets you monitor failures without blocking any email.
Review DMARC reports for a few weeks to identify legitimate sending sources you might have missed.
Tighten to p=quarantine once you’re confident in your setup.
Move to p=reject when everything is clean.
The sequence matters because jumping straight to reject can block legitimate email if you missed a sending source in your SPF record.
Understanding how authentication feeds into email sequence performance helps you connect these technical decisions to actual pipeline outcomes.
DNS Lookup Limit
What it is: SPF records are limited to 10 DNS lookups. Each “include,” “redirect,” or “a” mechanism in your SPF record triggers a lookup.
Why it matters: Exceed 10 lookups and your entire SPF record becomes invalid. This is a common problem for companies using multiple email tools (CRM, marketing automation, cold email platform, helpdesk).
What to do: Count your lookups using MXToolbox. If you’re approaching the limit, consolidate tools or use SPF flattening services.
DNS Authentication Checklist
Record | Purpose | Minimum Recommendation |
|---|---|---|
SPF | Authorize sending servers | One SPF record |
DKIM | Cryptographic signing | 2048-bit key |
DMARC | Enforcement policy | p=reject after monitoring |
MX | Mail routing | Verify after setup |
Reverse DNS | Server trust | Configure if self-hosted |
Section 3: Mailbox Setup
Mailbox Provider
What it is: The service that hosts your email accounts, such as Google Workspace or Microsoft 365.
Why it matters: Not all mailbox providers carry equal weight with recipient servers. Google Workspace and Microsoft 365 are significantly more trusted than budget hosting services for cold outreach deliverability.
What to do: Stick with Google Workspace (around $6 to $7 per user per month) or Microsoft 365 (around $6 per user per month). Practitioners on Reddit warn against $3-per-inbox reseller deals that float around online. Those cheap inboxes get suspended fast, and rebuilding domain reputation takes months.
Google Workspace vs Microsoft 365 Comparison
Feature | Google Workspace | Microsoft 365 |
|---|---|---|
Gmail deliverability | Excellent | Good |
Outlook deliverability | Good | Excellent |
Setup difficulty | Easy | Moderate |
Cold email popularity | Higher | High |
Enterprise targeting | Good | Excellent |
Cost | Similar | Similar |
Mailbox-Per-Domain Ratio
What it is: The number of email accounts you create on each secondary domain.
Why it matters: Too many inboxes on a single domain concentrates risk. If that domain gets flagged, you lose all those accounts at once.
What to do: Set up 2 to 3 inboxes per secondary domain. This gives you enough sending capacity per domain without overloading it.
If you’re evaluating whether to build this in-house or work with someone who handles it daily, explore how SalesPipe approaches it.
Section 4: Inbox Warmup
Domain/Inbox Warmup
What it is: The process of gradually increasing the volume of emails sent from a new domain or inbox to establish a positive sending reputation with internet service providers (ISPs).
Why it matters: A brand-new inbox that suddenly sends 50 cold emails looks like a spammer. ISPs expect to see gradual, natural-looking sending behavior before they trust a new sender.
Warmup Schedule
What to do:
Plan for 4 to 8 weeks of warmup before any new domain is ready for production cold outbound. Faster than 4 weeks is too aggressive.
Start slow: send 10 to 20 emails per inbox per day during the first week.
Ramp up gradually: increase daily volume by 10 to 20% each week.
Warm up every new account for a minimum of 21 days before sending a single cold email.
Keep warmup running after you launch campaigns. Warmup is not a one-time setup. It’s an ongoing activity that maintains your sender reputation.
Warmup Tool
What it is: Software that automates the warmup process by sending emails between your inbox and a network of other real inboxes, generating opens, replies, and positive engagement signals.
Why it matters: Manual warmup is impractical at scale. Warmup tools simulate natural email behavior so ISPs see your inbox as active and trustworthy.
What to do: Use a reputable warmup tool. Keep it running continuously alongside your campaigns, not just during setup.
Multi-Mailbox Warmup Caution
This is a mistake many teams make. If you plan to have multiple email accounts sending from the same domain, don’t start warming them all at once. Warm up with one mailbox first, get the domain to a good baseline reputation, and then gradually add additional mailboxes.
One practitioner on r/Entrepreneur shared that they went from 3 domains to 7 (capping at 26 emails per day each) and watched bounce rates drop from 11% to under 2%. Patience in the warmup phase pays compound returns later.
Common Warmup Mistakes
Mistake | Result |
|---|---|
Sending 100 emails on Day 1 | Spam folder |
Warming multiple inboxes simultaneously | Domain reputation issues |
Stopping warmup after launch | Deliverability decline |
Using poor-quality warmup tools | Weak reputation signals |
Ignoring reply rates | Missed reputation warnings |
Skipping or rushing warmup is one of the most common cold emailing mistakes that tanks campaigns before they start.
Section 5: Sending Limits and Rotation
Daily Send Limit
What it is: The maximum number of cold emails you should send from a single inbox per day.
Why it matters: Exceeding safe sending limits triggers spam filters and damages your sender reputation, often permanently for that inbox.
What to do: In 2026, the safe daily sending limit per inbox is 30 to 50 emails for live campaigns, once fully warmed. Some teams push to 100, but that carries real risk. If you need more volume, the answer is always more inboxes, not more sends per inbox.
Inbox Rotation
What it is: Automatically distributing your sends across multiple inboxes and domains so no single inbox carries too much load.
Why it matters: Rotation protects individual inbox reputations, ensures consistent deliverability, and makes your sending patterns look natural to ISPs.
What to do: Most modern cold email sequencers handle inbox rotation natively. Configure it so sends alternate across your inboxes throughout the day rather than sending in bursts from one account.
Volume Scaling Math
This is where teams consistently underestimate what’s needed. Here’s the math:
Target: 400 emails per day
At 35 to 40 emails per inbox per day, you need 10 to 12 inboxes
At 2 to 3 inboxes per domain, you need roughly 4 to 6 secondary domains
Each domain needs its own DNS authentication, warmup period, and monitoring
Most teams set up 2 to 3 domains, push volume too high, and wonder why deliverability craters after week two. Plan your domain count based on your target volume from day one.
How Many Domains Do You Need?
Daily Emails | Inboxes Needed | Domains Needed |
|---|---|---|
100 | 3 | 1–2 |
250 | 7 | 3 |
500 | 13 | 5–6 |
1000 | 26 | 10–12 |
2000 | 52 | 20–24 |
Understanding how email sequences distribute across inboxes helps you right-size your infrastructure.
Section 6: Custom Tracking Domains
Custom Tracking Domain
What it is: A branded subdomain (e.g., track.yourdomain.com) that replaces the generic tracking links your email platform uses by default.
Why it matters: Default tracking domains are shared by thousands of senders. If other users on that shared domain are flagged as spammers, your deliverability suffers too. A custom tracking domain isolates your reputation.
What to do: Set up a custom tracking domain in your cold email platform. It’s usually a simple CNAME record pointing your subdomain to the platform’s tracking server.
Open Tracking vs. Reply Tracking
Open tracking uses a tiny invisible pixel embedded in the email. When the recipient’s email client loads the pixel, it registers an “open.”
Reply tracking simply monitors whether the recipient responded.
The tradeoff: The presence of a tracking pixel adds a small but measurable deliverability cost. Many cold email operators disable open tracking entirely for deliverability-sensitive campaigns and rely only on reply tracking.
Best practice for first emails: The first email in a sequence should have no links, tracking pixels, or otherwise. Links in first emails hurt deliverability even with a perfect custom tracking setup. Save links for follow-ups.
Section 7: List Quality and Verification
Data quality is the layer most outbound email infrastructure checklists skip, and it’s the fastest way to destroy everything else you build. Sending to invalid addresses, spam traps, and honeypots tanks your sender reputation faster than any misconfiguration.
Email Verification
What it is: The process of checking whether an email address is valid, active, and safe to send to before you actually send.
Why it matters: Every bounced email damages your sender reputation. Email service providers use bounce rates as a primary reputation signal.
What to do: Verify every address in your list before sending. Use a dedicated verification tool (ZeroBounce, NeverBounce, or similar). Run verification close to send time, not weeks in advance, because addresses go stale.
Bounce Rate
What it is: The percentage of your sent emails that are returned as undeliverable.
Why it matters: Cross 2% bounce rate consistently and you trigger algorithmic penalties. One practitioner on r/Entrepreneur documented their bounce rate dropping from 11% to under 2% simply by scaling infrastructure and cleaning lists.
What to do: Keep bounce rates below 2%. If you hit 2% or above on any campaign, pause sending, clean your list, and investigate the data source.
Spam Traps and Honeypots
What it is: Email addresses operated by ISPs and anti-spam organizations specifically to catch senders who use purchased lists or scrape addresses indiscriminately.
Why it matters: Hitting even one spam trap can land your domain on a blacklist.
What to do: Never buy scraped lists. Use reputable data providers. Verify every address. Remove addresses that haven’t engaged in 90+ days from ongoing campaigns.
Spam Complaint Rate
What it is: The percentage of recipients who mark your email as spam.
Why it matters: Google’s spam complaint limit is 0.1%. Exceed it and you face deliverability penalties across all of Gmail.
What to do: Target staying below 0.08%. This requires good list quality, relevant messaging, and working unsubscribe links. If you’re building your lists from scratch, here are tactics for building B2B email lists that reduce complaint risk.
Reddit data from practitioners shows the impact of targeting on complaint rates: spray-and-pray campaigns over 1,000 recipients pull a 2.1% reply rate, while targeted campaigns under 50 recipients hit 5.8% or higher. Smaller, more targeted lists aren’t just better for replies. They generate fewer complaints too.
Email Deliverability Metrics You Should Monitor
Metric | Good | Warning |
|---|---|---|
Inbox placement | 85%+ | Below 80% |
Bounce rate | Under 2% | Above 2% |
Spam complaints | Under 0.08% | Above 0.1% |
Reply rate | 3–5% | Under 2% |
Open rate | 40%+ | Under 25% |
Section 8: Compliance
Compliance belongs in your outbound email infrastructure checklist, not as a separate afterthought. Getting this wrong doesn’t just hurt deliverability. It creates legal exposure.
CAN-SPAM
What it is: The U.S. federal law governing commercial email. It requires accurate sender identification, a physical mailing address, and a working unsubscribe mechanism in every commercial email.
Why it matters: Each non-compliant email carries a penalty of up to $53,088, effective January 17, 2025.
What to do: Include your company name, a physical address, and a working one-click unsubscribe link in every cold email. These aren’t optional, even for B2B outbound.
GDPR and Legitimate Interest
What it is: The EU’s General Data Protection Regulation. Contrary to popular belief, GDPR does not ban cold email. Article 6(1)(f) permits B2B cold outreach under “legitimate interests” when you pass a three-part test: purpose, necessity, and balancing.
Why it matters: If you’re emailing prospects in the EU or UK, you need a defensible legitimate interest basis. You also need to honor opt-out requests promptly.
What to do: Document your legitimate interest assessment. Make it easy for recipients to opt out. Process opt-outs quickly and completely.
Suppression Lists
What it is: A master list of email addresses that have opted out and must never receive another email from you.
Why it matters: Manual opt-out processing at scale generates GDPR exposure and spam complaints. Automated suppression lists are not optional. They are the operational backbone of compliant cold email.
What to do: Automate suppression list management in your cold email platform. Every unsubscribe should instantly add the address to your suppression list across all campaigns and all inboxes.
Infrastructure Problems vs Messaging Problems
Problem | Infrastructure Issue | Copy Issue |
|---|---|---|
Spam folder | ✅ | ❌ |
High bounce rate | ✅ | ❌ |
Low replies | Sometimes | ✅ |
Authentication failures | ✅ | ❌ |
High unsubscribe rate | ❌ | ✅ |
Section 9: Monitoring and Maintenance
Setting up infrastructure is half the job. The other half is keeping it healthy. For cold email teams, infrastructure is not a one-time setup. It’s an ongoing operational discipline.
Google Postmaster Tools
What it is: A free tool from Google that shows how Gmail views your sending domain, including spam rate, authentication status, and delivery errors.
Why it matters: Gmail is the dominant B2B email provider. Postmaster Tools gives you direct visibility into how Google treats your emails.
What to do: Set up Google Postmaster Tools for every sending domain. Check it weekly for reputation changes, spam rate spikes, or authentication failures.
MXToolbox
What it is: A diagnostic tool for checking DNS records, blacklist status, and email authentication configuration.
Why it matters: Misconfigurations in SPF, DKIM, or DMARC records can silently break your authentication. MXToolbox catches these problems before they damage deliverability.
What to do: Run MXToolbox checks after any DNS change. Do a biweekly blacklist check across all your sending domains.
Mail Tester
What it is: A tool that scores a test email on a 1 to 10 scale, checking authentication, content, and blacklist status.
Why it matters: It gives you a quick, objective score before you start sending from a new inbox.
What to do: Aim for a score of 9 or higher before launching any campaign from a new inbox.
DMARC Aggregate Reports
What it is: Reports generated by recipient servers showing which emails passed or failed authentication checks for your domain.
Why it matters: These reports reveal unauthorized senders using your domain and authentication failures you might not otherwise notice.
What to do: Review DMARC aggregate reports monthly. Most DMARC reporting services (Postmark, dmarcian) provide dashboards that make this manageable.
Ongoing Maintenance Cadence
Here’s the maintenance schedule that experienced outbound operators follow:
Weekly: Check Google Postmaster Tools, review bounce rates and complaint rates
Biweekly: Run blacklist checks on all sending domains via MXToolbox
Monthly: Review DMARC aggregate reports, audit active sending volumes against safe limits
Quarterly: Verify list hygiene across all active campaigns, review domain health
Annually: Rotate DKIM keys, audit SPF includes for all sending domains, retire underperforming domains and replace with fresh ones
Understanding how your cold email structure interacts with deliverability signals helps you troubleshoot problems that monitoring surfaces.
Outbound Email Maintenance Calendar
Frequency | Tasks |
|---|---|
Daily | Monitor sending volume |
Weekly | Check Postmaster |
Biweekly | Review blacklists |
Monthly | Review DMARC |
Quarterly | Review domains |
Annually | Rotate DKIM |
The Real Cost of an Outbound Email Infrastructure Stack
One thing missing from most outbound email infrastructure checklists is what this all actually costs. Here’s a rough budget for a team sending 400 emails per day:
Component | Estimated Monthly Cost |
|---|---|
10 to 12 secondary domains | $10 to $15 per domain per year ($8 to $15/month total) |
20 to 36 mailboxes (Google Workspace) | $120 to $250/month |
Warmup tool | $30 to $100/month |
Email verification | $30 to $80/month |
Cold email sending platform | $50 to $200/month |
Monitoring tools | Free to $50/month |
Total | $240 to $700/month |
That’s before anyone’s time. The time cost of managing DNS records, monitoring deliverability, warming new inboxes, cleaning lists, replacing burned domains, and maintaining compliance is significant. It’s the reason many founders and sales leaders decide this work is better handled by someone who does it every day.
2026 Benchmarks: What Good Looks Like
These numbers give you targets to measure your infrastructure against:
Metric | Benchmark |
|---|---|
Average cold email reply rate | 3.43% |
Top quartile reply rate | 5.5%+ |
Elite campaign reply rate | 10%+ |
Average B2B cold email open rate | 44% |
Global inbox placement rate | 83.1 to 83.5% |
Gmail inbox placement (properly warmed) | 87 to 95% |
Outlook inbox placement | ~75.6% |
Safe daily sends per inbox | 30 to 50 |
Bounce rate danger threshold | 2% |
Google spam complaint limit | 0.1% |
If your inbox placement is below 83%, your infrastructure has a problem. If your reply rate is below 3.43%, it could be infrastructure, data quality, or messaging, in that order of likelihood.
The System Behind the Checklist
This outbound email infrastructure checklist gives you every component you need to build and maintain a production-ready cold email system. But the truth practitioners have learned the hard way is that the agencies and teams that thrived were those that treated infrastructure as a system, not a checklist.
Every piece connects. Your domain strategy determines your scaling capacity. Your DNS authentication determines your inbox placement baseline. Your warmup discipline determines how quickly you can reach that baseline. Your list quality determines whether you keep it. Your monitoring determines how fast you catch problems before they compound.
Building this system is possible for any team willing to invest the time and discipline. Maintaining it month after month, across multiple clients or campaigns, while staying current with changing ISP policies, is where the real work lives.
If you’d rather focus on closing deals while someone else handles the infrastructure, talk to SalesPipe.
FAQ
How long does it take to set up outbound email infrastructure from scratch?
Expect 4 to 8 weeks minimum. The biggest bottleneck is inbox warmup, which requires at least 21 days before you can send a single cold email. DNS authentication and domain setup can be done in a day, but the warmup period cannot be skipped or meaningfully shortened.
Can I use my primary domain for cold outbound?
No. This is one of the most common and damaging mistakes. If your cold outbound triggers spam complaints or blacklisting, it will affect your primary domain’s ability to receive inbound email, send transactional messages, and maintain your brand’s email reputation. Always use secondary domains.
How many domains do I need for cold email at scale?
It depends on your target daily volume. At 30 to 50 emails per inbox per day and 2 to 3 inboxes per domain, sending 400 emails daily requires roughly 10 to 12 domains. Most teams underestimate this and burn their domains by pushing too much volume through too few.
Is open tracking safe for cold email?
Open tracking adds a small deliverability cost because it inserts a tracking pixel into your email. Many experienced cold email operators disable open tracking entirely for deliverability-sensitive campaigns and track only replies. At minimum, never include tracking pixels in the first email of a sequence.
What’s the difference between SPF, DKIM, and DMARC?
SPF tells recipient servers which mail servers can send on your behalf. DKIM proves the email wasn’t altered in transit by adding a digital signature. DMARC aligns SPF and DKIM and tells recipient servers what to do when authentication fails (accept, quarantine, or reject). You need all three.
Does GDPR prohibit cold email to European prospects?
No. GDPR Article 6(1)(f) permits B2B cold outreach under “legitimate interests” when you can demonstrate a valid purpose, necessity, and balanced consideration of the recipient’s rights. You do need to document your reasoning and make it easy for recipients to opt out.
How often should I rotate DKIM keys?
At least annually. DKIM key rotation is a maintenance task most teams forget, but it’s important for long-term security. If a key is compromised, anyone could sign emails as your domain. Set a calendar reminder and treat it as part of your regular infrastructure maintenance.
What bounce rate should trigger an immediate pause?
If you cross 2% bounce rate on any campaign, pause sending immediately. Clean your list, investigate the data source, and don’t resume until you’ve identified and fixed the problem. Email service providers use bounce rates as a primary signal for sender reputation, and crossing 2% consistently triggers algorithmic penalties that are hard to reverse.