An email deliverability audit is a systematic examination of every factor affecting whether your emails reach the inbox. Unlike troubleshooting a single campaign, a full audit covers your entire sending infrastructure — authentication, reputation, content quality, list health, and engagement patterns — to identify both acute problems and chronic risks before they cause a deliverability crisis. This guide walks through the complete audit process with a checklist you can run today.
⚡ Skip the manual work: Run the free Email Auditor → — automates this audit from your raw headers. No signup.
When to Run a Deliverability Audit
TL;DR: Run a deliverability audit quarterly as standard practice, and immediately before any major sending event, list expansion, or ESP migration. Reactive auditing — waiting until open rates drop — misses chronic issues that erode performance gradually over months.
Most teams only audit when something is visibly broken — open rates have dropped, a campaign performed unusually poorly, or a customer complained they didn’t receive a message. That reactive approach misses chronic issues that erode performance slowly over time.
Run a full deliverability audit in these situations:
- Before migrating to a new ESP or sending infrastructure
- Before any major list expansion (adding a new acquisition source)
- Quarterly as a standard operational practice
- When open rates drop 20%+ from your historical baseline
- When bounce rates exceed 2% on a campaign
- After any sending pause of 60+ days
- Before a high-stakes campaign (product launch, Black Friday, etc.)
Category 1: Email Authentication Audit
TL;DR: Authentication is the non-negotiable foundation of deliverability — SPF, DKIM, and DMARC must all be configured, aligned, and passing. Mailbox providers will filter or reject mail that fails DMARC regardless of your list quality or sending reputation.
Authentication is the foundation. No amount of list quality or engagement optimization compensates for broken authentication — mailbox providers will filter or reject mail that fails DMARC regardless of reputation.
- SPF record exists and is valid: Run
dig TXT yourdomain.comand verify an SPF record is present. Confirm it covers all sending sources (ESP, CRM, transactional service). Ensure the record does not exceed 10 DNS lookups (a common SPF failure mode). - DKIM is configured on all sending streams: Verify DKIM signatures are present in email headers. Check that the public key in DNS matches the private key your ESP is signing with. Ensure your DKIM key is at least 2048-bit (1024-bit keys are increasingly rejected).
- DMARC record exists with at least p=none: Check
dig TXT _dmarc.yourdomain.com. If you have no DMARC record, add one immediately — evenv=DMARC1; p=none; rua=mailto:reports@yourdomain.comstarts giving you aggregate report data. - DMARC alignment is passing: Both SPF and DKIM must align with the
From:domain. A common failure: your ESP sends from your domain but their SPF record only covers their own infrastructure. - DMARC policy is at p=quarantine or p=reject: A
p=nonepolicy provides zero protection against phishing using your domain. Escalate top=quarantineafter confirming all legitimate mail is DMARC-passing. - DMARC reports are being received and reviewed: Aggregate reports (RUA) contain critical data about authentication failures. If you’re not reading them, you’re flying blind.
- BIMI record (if applicable): Brand Indicators for Message Identification shows your logo in supporting email clients. Requires a verified DMARC record at p=quarantine or p=reject plus a VMC certificate for full Gmail support.
For a comprehensive deep-dive into authentication, see our guide: DMARC, DKIM, and SPF: The Complete Email Authentication Guide
Category 2: Sender Reputation Audit
TL;DR: Sender reputation is tracked separately at the IP level and domain level, checked via Google Postmaster Tools, Outlook SNDS, and major RBL services like Spamhaus. Sustained complaint rates above 0.10% at Gmail and any Spamhaus SBL or ZEN listing require immediate remediation.
Authentication tells providers your mail is legitimate. Reputation tells them whether it’s wanted. Check both IP and domain reputation across all major surfaces.
- Check Google Postmaster Tools domain reputation: Log in and verify your domain is registered. Check the Domain Reputation section — target “High” status. If showing “Bad” or “Low,” treat it as a critical incident.
- Check Outlook SNDS for your sending IPs: Verify complaint rate and trap hit data. A red status in SNDS means Outlook is actively filtering your mail.
- Run a blacklist check across major RBLs: Check Spamhaus (SBL, XBL, ZEN, DBL), Barracuda, SORBS, and SpamCop at minimum. A listing on Spamhaus SBL or ZEN is a critical finding requiring immediate action.
- Check your complaint rate via feedback loops: Register for Gmail FBL (via Postmaster Tools), Yahoo FBL, and Outlook JMRP if not already enrolled. Review complaint rates per campaign — sustained rates above 0.10% at Gmail are a threshold violation.
- Check Validity Sender Score (if on dedicated IP): Scores below 70 warrant investigation; scores below 50 indicate serious problems.
- Review bounce rate trends across the past 90 days: Bounce rates above 2% consistently indicate list hygiene problems. Segment by bounce type (hard vs. soft) and by acquisition source.
Category 3: List Health Audit
TL;DR: List health is measured by hard bounce rate (keep below 0.5%), spam complaint rate (keep below 0.05%), and the share of subscribers who are actively engaging. Hard-bounced addresses must be permanently suppressed, and subscribers inactive for 180+ days should be removed from core sending or routed to a re-engagement flow.
Your list is a direct input to your reputation. Audit it rigorously.
| Metric | Healthy Range | Warning Zone | Critical |
|---|---|---|---|
| Hard bounce rate (per send) | < 0.5% | 0.5–2% | > 2% |
| Spam complaint rate | < 0.05% | 0.05–0.10% | > 0.10% |
| Unsubscribe rate (per send) | < 0.2% | 0.2–0.5% | > 0.5% |
| Open rate trend (90-day) | Stable or rising | Declining 10–20% | Declining >20% |
| Active subscribers (opened in 90 days) | > 30% of list | 15–30% | < 15% |
- Identify and remove all hard-bounced addresses: These must never be re-mailed. Verify your ESP is automatically suppressing them.
- Segment by engagement recency: Flag all subscribers who haven’t opened in 180+ days. Do not include them in core campaigns — route them to a re-engagement flow or suppress.
- Audit acquisition sources for each list segment: High bounce rates or complaint rates often trace to a specific source (co-registration, content download, webinar list, etc.). Identifying the source is the fix.
- Run the list through an email verification service: Tools like NeverBounce, ZeroBounce, or BriteVerify catch invalid, role-based, and disposable addresses that inflate your bounce rate.
- Confirm double opt-in is in place (or document why it isn’t): Double opt-in mechanically prevents typos and fake submissions. If you’re on single opt-in, accept that your list requires more aggressive ongoing hygiene.
Category 4: Content and Technical Audit
TL;DR: Content issues — poor image-to-text ratio, blacklisted links, missing one-click unsubscribe — can trigger spam filters independently of your authentication and reputation. Test every email against a spam filter checker before sending, and verify the List-Unsubscribe header is present and RFC 8058 compliant.
- Test emails in a spam filter checker: Tools like Mail-Tester or GlockApps score your email against common spam rules. Identify and fix any triggers before sending to your full list.
- Check link reputation: Every link in your email must resolve cleanly. Use a URL reputation checker to verify none of your links point to blacklisted domains. Shortened URLs are a common red flag for filters.
- Check image-to-text ratio: Emails that are all images with no text content are a classic spam signal. Maintain at least a 60/40 text-to-image ratio.
- Verify your unsubscribe link is functional and one-click compliant: Gmail and Yahoo’s 2024 requirements mandate one-click unsubscribe (RFC 8058) for bulk senders. Verify the List-Unsubscribe header is present and functional.
- Check sending domain alignment in headers: The
From:address,Reply-To:, and message header domain should be consistent. Mismatches are spam signals. - Review subject line and preheader: Excessive caps, multiple exclamation marks, and known spam trigger words in subject lines reduce inbox placement.
Category 5: Infrastructure Audit
TL;DR: Infrastructure factors — PTR records, TLS encryption, and IP pool segmentation — are evaluated by receiving servers on every message but are invisible to most senders. Transactional and marketing mail must run on separate IP pools so a complaint spike in one stream cannot contaminate the other.
- Verify reverse DNS (PTR record) for dedicated IPs: Your sending IP’s PTR record should resolve to your sending domain or your ESP’s domain. A missing or generic PTR record is a spam signal for many providers.
- Confirm TLS encryption is in place: All email should be transmitted over TLS. Most major ESPs handle this, but verify it in email headers.
- Review sending IP pool setup: If you’re on dedicated IPs, confirm you have appropriate separation between transactional and marketing mail streams. Never mix them — a spam event in marketing should never contaminate transactional delivery.
- Check MX records for your sending domain: Your sending domain should have MX records capable of receiving bounces and replies. A domain with no MX records looks suspicious to receiving servers.
How InboxStack Brain Automates Your Deliverability Audit
TL;DR: InboxStack Brain replaces the quarterly manual audit with continuous daily monitoring across authentication, blacklists, complaint rates, bounce trends, and inbox placement — alerting you immediately when issues emerge so you fix small problems before they become crises.
Run a Continuous Audit, Not a Quarterly Snapshot
InboxStack Brain runs the equivalent of a full deliverability audit on your sending infrastructure every day — not just when you remember to check. Brain monitors authentication status, blacklist presence, complaint rates, bounce trends, inbox placement, and engagement health in real time, surfacing findings with severity ratings and specific remediation steps.
When an issue is detected — a DMARC failure, a new blacklist listing, a spike in complaints — Brain alerts you immediately with root-cause context, so you’re fixing a small problem, not managing a crisis. For teams without a dedicated deliverability engineer, Brain functions as that expert layer running continuously in the background.
Run the free version of this audit right now — no signup: Start Your Free Audit →
Want it running continuously instead of once? Start a free Brain trial →, see how InboxStack Brain works, and compare plans and pricing.
Frequently Asked Questions
How often should I run a deliverability audit?
A full manual audit should be run quarterly at minimum. For high-volume senders (>500K/month), monthly audits are advisable. Between manual audits, continuous monitoring via a tool like InboxStack Brain replaces the need to run manual checks — issues are surfaced as they emerge rather than discovered weeks later.
What’s the most important part of a deliverability audit?
Authentication is the foundation — broken SPF, DKIM, or DMARC creates problems that no amount of list hygiene or content optimization can fix. After authentication, list health (specifically complaint rate and bounce rate trends) is the most impactful area. Most deliverability problems trace to one of these two categories.
Can I do a deliverability audit myself or do I need a specialist?
The technical checks in this guide are executable without specialized expertise — most require only browser access to postmaster tools and DNS lookup tools. However, interpreting DMARC aggregate reports, diagnosing provider-specific filtering patterns, and correlating signals across data sources does require experience. Tools like InboxStack Brain provide the interpretive layer that would otherwise require a specialist.
What should I fix first if my audit turns up multiple issues?
Prioritize in this order: (1) authentication failures — fix broken SPF/DKIM/DMARC immediately; (2) active blacklist listings — request removal after identifying and fixing the root cause; (3) complaint rate violations — pause or suppress affected segments; (4) hard bounce rate — clean your list; (5) engagement and content issues — these are important but rarely cause acute deliverability failures on their own.
How do I know if my emails are going to spam vs. the inbox?
Your ESP’s open rate is an unreliable proxy for inbox placement — it conflates inbox placement with whether recipients choose to open. For accurate placement data, use a seed list testing tool (GlockApps, Mailtrap, or 250ok) to send to instrumented addresses at major providers and see where mail actually lands. InboxStack Brain includes inbox placement monitoring as part of its continuous monitoring suite.
The InboxStack Brief
Stay ahead of every inbox change
Weekly digest — authentication shifts, blacklist actions, provider policy updates. Free.
