Find what is actually preventing your email from reaching the inbox
Most deliverability problems have specific, diagnosable causes. A structured audit identifies whether the problem is your infrastructure, your authentication, your list quality, your sending behavior — or a combination — before you spend time or budget on the wrong fix.
Seven diagnostic layers, each with specific findings
Deliverability problems are almost always multi-causal. An audit that only checks authentication misses list quality problems. An audit that only checks IP reputation misses DMARC misalignment. Each layer produces independent findings that may or may not be connected to the presenting problem.
SMTP Infrastructure Review
MTA configuration analysis: virtual-MTA pool architecture, domain block throttle settings, retry configuration, per-ISP routing, spool and queue configuration.
Authentication Alignment
Full SPF, DKIM, and DMARC verification. Alignment testing across all active sending paths. PTR record verification. BIMI readiness assessment where applicable.
IP Reputation Assessment
All sending IPs checked against Spamhaus (SBL, XBL, PBL), Barracuda, SpamCop, SURBL, and major ISP-specific blocklists. SNDS enrollment status for Microsoft IPs.
Per-ISP Delivery Metrics
Accounting log analysis for deferral rate by destination ISP. Google Postmaster Tools domain and IP reputation review. Yahoo/AOL postmaster data where accessible.
List Quality Evaluation
Hard bounce rate analysis by list segment and acquisition source. Complaint rate distribution. Inactive subscriber analysis. Unsubscribe rate trends and suppression system integrity.
Message Content Review
Header analysis from sent messages. HTML structure evaluation for spam filter triggers. Tracking domain reputation check. List-Unsubscribe compliance verification.
Written report with prioritised findings
The audit produces a written report structured as: (1) critical findings requiring immediate action, (2) significant findings affecting deliverability, (3) optimisation recommendations, and (4) infrastructure improvement roadmap. Each finding includes the specific evidence, the technical explanation, and the recommended resolution.
Discovery and data collection
We request access to: Google Postmaster Tools data export, SMTP accounting logs, sample message headers (10–20 messages), current MTA/ESP configuration, and sending domain DNS records. No production system access required.
Infrastructure and authentication analysis
Review of all configuration and DNS data against production best practices. Identification of misconfiguration, misalignment, and missing controls.
Reputation and delivery data analysis
Per-ISP deferral rate analysis. Blacklist status across all IPs. Postmaster Tools reputation tier assessment. SNDS data review where available.
List and behavioral analysis
Bounce category distribution analysis. Complaint rate patterns by segment or campaign type. Frequency and recency analysis of engagement data.
Report delivery and walkthrough
Written report delivered within 5 business days of receiving all data. Optional 60-minute technical walkthrough to discuss findings and prioritise next steps.
to written report
examined
per IP
access required
How long does an audit take?
Data collection takes 1–3 business days depending on how quickly access to Postmaster Tools and accounting logs can be arranged. Analysis and report writing takes 2–3 business days. Total elapsed time is typically 5–7 business days from engagement start to report delivery.
Do you need access to our servers?
No. The audit is conducted entirely from externally accessible data: DNS records, blacklist queries, Postmaster Tools exports, and log files you provide. We do not require SSH access, API credentials, or any production system access.
Can the audit be conducted while we continue sending?
Yes. The audit is entirely passive — it does not affect your current sending operations. Some senders prefer to continue sending during the audit period so we can observe live delivery pattern data.
Does the audit include implementation of the recommendations?
The audit produces findings and recommendations. Implementation is a separate engagement. Many clients use the audit report to prioritise what to fix internally; others engage us to implement the recommended changes as a managed infrastructure project.
What a Deliverability Audit Examines
A deliverability audit is a structured technical assessment of every layer of your email infrastructure that affects inbox placement. It covers authentication configuration, sending IP reputation, list composition, content and header characteristics, ISP-specific delivery data, and the operational practices that produce or degrade sender reputation over time. The output is a prioritized list of specific, actionable findings — not a generic checklist.
Authentication and DNS Layer
The audit starts with authentication because authentication failures affect every send until corrected. The assessment verifies: SPF record syntax and IP coverage, DKIM key size and rotation status, DMARC policy tier and alignment mode, PTR records for every active sending IP, and BIMI readiness for domains with established DMARC enforcement.
- SPF record analysis: Does it authorize all sending IPs? Does it approach the 10 DNS-lookup limit? Is -all (hard fail) or ~all (soft fail) in use?
- DKIM key audit: Are 2048-bit keys in use? When were keys last rotated? Is the signing domain correctly aligned with the From: header domain for DMARC?
- DMARC verification: What policy tier (none/quarantine/reject)? Are aggregate reports being collected and reviewed? Is BIMI configured for high-value domains?
- PTR verification for all sending IPs: Does every IP have a PTR record? Does it resolve correctly back to the sending domain?
IP Reputation Assessment
Each sending IP is assessed across multiple reputation systems: Google Postmaster Tools (domain and IP reputation tiers), Microsoft SNDS (per-IP status, complaint rate, trap hit data), major DNS blacklists (Spamhaus ZEN, Barracuda, SORBS), and proprietary reputation databases used by major ISPs. IPs with reputation data are compared against each other to identify pool members with disproportionate deferral rates.
| Reputation System | Data Points | Access Method | Update Frequency |
|---|---|---|---|
| Google Postmaster Tools | Domain reputation, IP reputation, spam rate, auth rates | postmaster.google.com (verified domain required) | 24-72 hour lag |
| Microsoft SNDS | Per-IP complaint rate, trap hits, GREEN/YELLOW/RED status | sendersupport.olc.protection.outlook.com/snds | 24-48 hour lag |
| Spamhaus ZEN | SBL/XBL/PBL listings (covers most blocking decisions) | DNS query per IP | Real-time |
| Barracuda | IP reputation scoring (widely used by corporate email) | barracudacentral.org/lookups | Real-time |
| MXToolbox aggregated | 25+ blacklist check in one query | mxtoolbox.com/blacklists.aspx | Real-time |
Sending Infrastructure Audit
If the audit covers your PowerMTA deployment, the assessment examines configuration alignment with current ISP best practices: per-ISP domain block configuration, max-smtp-out values relative to IP reputation tiers, retry-after intervals, bounce classification handling, FBL enrollment status, and accounting log data for delivery rate trends across ISPs.
Deliverability Audit Deliverables
The audit produces a structured report organized by priority: Critical Issues (configuration or reputation problems causing active delivery failures), High Priority (problems degrading inbox placement that will worsen without intervention), Medium Priority (suboptimal configurations that reduce deliverability ceiling), and Recommendations (best practices not yet implemented that would improve long-term performance).
- Technical findings with specific configuration evidence — not generic observations
- Priority ranking with estimated inbox placement impact per finding
- Step-by-step remediation instructions for each issue
- Baseline metrics at audit time for comparison against post-remediation results
- 30-day re-check to verify remediation effectiveness
When a Deliverability Audit Is Most Valuable
Deliverability audits are most valuable at four points in an infrastructure's lifecycle: before a major volume increase (to address issues before they scale), after a significant inbox placement decline (to diagnose the cause), before a domain or IP change (to establish a clean baseline), and annually as a routine health check for high-volume sending programs.
The audit cannot fix problems that exist at the list or content layer — those require operational changes to sending practices. But it provides the technical clarity needed to separate infrastructure-caused deliverability problems from content or list-caused problems, which is prerequisite to addressing the right layer.
Infrastructure-vs-list-quality distinction
The most frequent deliverability misdiagnosis is treating a list quality problem (high complaint rate, unengaged subscribers) as an infrastructure problem. A deliverability audit distinguishes between the two by examining which signals are elevated. High deferral rates with clean authentication and normal complaint rates = infrastructure issue. High complaint rates with no ISP blocking = list quality issue. Many senders waste months improving infrastructure when the problem is in the list.
Ready to find out what is actually causing your delivery problems?
Contact us with a brief description of the symptoms you are observing. We will confirm whether an audit is the appropriate starting point or whether the situation indicates a more targeted assessment.
Related Resources
Audit packages
Three depths of audit, calibrated to where you are in the deliverability problem. The Express audit is for senders who need a fast diagnosis; Standard for those wanting full remediation guidance; Premium for organizations rebuilding from a serious incident.
48-hour delivery
- Authentication audit (SPF, DKIM, DMARC)
- IP and domain reputation snapshot
- Top 5 deliverability issues identified
- Prioritized remediation list
- 1-page executive summary
- 30-min review call
2-week engagement
- Everything in Express
- Per-ISP delivery analysis (Gmail, Yahoo, Outlook, GMX, others)
- List quality and engagement segmentation review
- Content and template audit
- Postmaster Tools and SNDS interpretation
- Detailed 15–25 page report
- Two 60-min review calls
- 30-day post-delivery email support
4-week engagement
- Everything in Standard
- Live deliverability incident response
- Direct remediation work (DNS changes, MTA tuning)
- Custom monitoring dashboard setup
- Weekly status calls during engagement
- 90-day post-delivery support retainer
- Optional transition to ongoing managed services
All packages include a written report, recommended actions ranked by impact, and a follow-up call. Premium engagements often transition into ongoing PowerMTA Managed Retainer relationships at customer option.