Email Deliverability Audit
An email deliverability audit is a systematic, layer-by-layer diagnosis of why your mail is not reaching inboxes — checking authentication, reputation, blocklists, list quality, sending patterns and content in a fixed order, then producing a prioritised list of what to fix. Unlike troubleshooting one campaign, it examines the whole system. MCSNET runs audits from Toronto and is honest about the finding most guides bury: roughly 80% of deliverability problems are list-quality problems, not the technical settings everyone fixates on.
Key takeaways
- An audit is a structured diagnosis of the whole sending system, not troubleshooting of a single campaign — it finds the cause, in order.
- Order matters: authentication is checked first, and if it fails, it gets fixed before anything else is investigated.
- The uncomfortable truth: about 80% of deliverability failures trace to list quality — invalid, disposable, role-based or dormant addresses — not DNS records.
- You get a prioritised findings report: each problem mapped to a specific fix, ordered by impact, so you know exactly what to do first.
- Run from Toronto: PIPEDA-resident, CASL-aware, and built for complex setups that automated tools miss.
When email stops landing, most teams reach for the wrong tools: they rewrite subject lines, swap send times, and A/B test their way around a problem that lives somewhere else entirely. A deliverability audit replaces that guessing with a structured diagnosis — a layer-by-layer examination of your whole sending system that finds the actual cause and tells you, in priority order, what to fix. This page explains what an audit checks, the order it follows, the finding most guides bury, and what you walk away with.
What is an email deliverability audit?
A deliverability audit is a systematic examination of every layer that decides whether your mail reaches the inbox, from your DNS records down to the quality of the addresses you send to. It differs from troubleshooting in scope and intent. Troubleshooting is reactive and narrow — one campaign underperformed, so you investigate that campaign. An audit is proactive and complete — it inspects the entire system, including the parts that have not yet visibly failed, because the cause of a future incident is usually already present and quietly building. It is diagnostic, telling you what is happening now and why, and a good one folds in a forward-looking risk assessment of what is likely to break next.
The reason a structured audit beats poking at symptoms is that deliverability is a system of many interacting parts. A campaign in spam could stem from an authentication break, a reputation slide, a blocklisting, a content trigger, or a decaying list — and they produce similar symptoms. Only checking each layer in order isolates the real cause instead of treating a guess.
Why audit instead of guessing?
Because guessing is expensive and slow. The classic pattern is a team watching open rates fall, concluding the copy is stale, and spending weeks testing subject lines while the real problem — a growing share of mail being filtered to spam — goes unaddressed and gets worse. Delivery dashboards make this easy to miss: they report mail as delivered when the server accepts it, even as that mail is routed to spam where no one sees it. An audit cuts through by measuring where mail actually lands and tracing every contributing factor, so the fix targets the cause rather than a hunch. The output is not “try writing better emails”; it is “your DKIM is misaligned, your list has a 9% bounce rate, and you are listed on one blocklist — fix them in this order.”
There is also a cost asymmetry that makes auditing worthwhile. The checks themselves are quick — a structured audit of a simple setup takes an hour or two, and even a complex multi-ESP environment is a matter of days — while the cost of guessing wrong runs for weeks and compounds. Every campaign sent into a problem you have not diagnosed makes the underlying reputation worse, so the longer you spend optimising the wrong thing, the deeper the hole. An audit front-loads a small, bounded effort to avoid an open-ended one, which is the same logic as testing before you ship rather than debugging in production.
The six layers we check
A thorough audit works through six layers in a deliberate sequence, because some failures invalidate the checks below them.
| Layer | What we check | Pass looks like |
|---|---|---|
| 1 · Authentication | SPF, DKIM, DMARC present, passing, aligned | All three pass; DMARC past p=none |
| 2 · Reputation | Domain and IP via Postmaster Tools and SNDS | Healthy spam rate, no negative trend |
| 3 · Blocklists | Spamhaus and the major lists | No listings on your IPs or domains |
| 4 · List health | Bounce rate, engagement spread, validation | Bounces under 2%, engaged majority |
| 5 · Sending patterns | Volume consistency, warmup status | Steady volume, no unexplained spikes |
| 6 · Content & technical | HTML, tracking domains, unsubscribe | Clean HTML, one-click unsubscribe present |
Authentication comes first for a reason: if it is broken, mail is rejected or filtered regardless of how clean everything else is, so fixing it is the prerequisite for every other check meaning anything. From there the order moves from the signals that cause outright rejection toward the ones that shape placement, ending with the content checks that matter at the margin.
The finding most guides bury: it’s usually the list
Here is the uncomfortable truth that distinguishes an honest audit from a checklist of DNS records. Industry data consistently puts roughly 80% of deliverability failures down to list quality — invalid addresses, disposable signups, role-based accounts like info@ and sales@, and dormant contacts that have quietly accumulated. Authentication and reputation get the attention because they are technical and satisfying to fix, but they are not where most problems live. A list that has not been verified is the single most common root cause of the bounces, complaints and spam-trap hits that crater a reputation, and a B2B list decays around 28% a year as people change jobs and domains lapse. This is why we treat list verification as a first-class layer of the audit, not a footnote: a perfect DNS configuration sending to a rotten list still fails, and no record fixes bad data. When the audit finds the problem is the list, we say so plainly, even though “clean your data” is less satisfying than “here is a clever technical change.”
Checking list health properly means more than counting hard bounces. Real verification works in layers: a syntax check catches malformed and typo addresses, an MX check confirms the domain can actually receive mail, and mailbox-level verification confirms the specific address exists. On top of that, an audit flags the risky categories that a bounce count alone misses — role-based addresses like info@ and support@ that carry low engagement and high complaint rates, disposable and temporary domains used to grab a signup incentive, and the long tail of contacts who have not engaged in six to twelve months and are decaying toward becoming spam traps. Each of those is a reputation liability sitting quietly in a list that looks fine on a surface delivery report. We measure the engagement distribution too, because a list that is technically valid but mostly disengaged still drags placement down — valid is not the same as wanted.
How we check authentication
Authentication is the foundation, and it fails in specific, recurring ways. We verify that you have exactly one SPF record that lists every legitimate sending source and stays under the 10 DNS-lookup limit, because exceeding it causes a PermError that fails authentication outright. We confirm DKIM is signing with keys that align to your From domain, not just the return path, since alignment is what DMARC actually evaluates. And we check that DMARC is published and progressing past p=none toward enforcement. The single most common finding across every audit we run is the same: a sending source — a new ESP, a CRM, an invoicing tool — added without being included in SPF or given a DKIM key, so a whole stream of legitimate mail quietly fails authentication. It is invisible until you look, and it is exactly the kind of thing a structured audit catches.
How we check reputation, blocklists and placement
With authentication confirmed, we read your reputation through the provider windows — Google Postmaster Tools for the Gmail view and Microsoft SNDS for Outlook — looking at spam rate, authentication success and the trend rather than a single day. We query the major blocklists, including Spamhaus, for your IPs and domains, because a single Spamhaus listing can drop your inbox placement to near zero across providers and needs immediate remediation. And where it matters, we run seed-based inbox placement testing to measure where your mail actually lands by provider, since delivery logs and Postmaster cannot show the primary-versus-promotions-versus-spam split. Together these turn “our reputation feels off” into specific, provider-level facts.
What you get: a prioritised findings report
The deliverable is not a data dump; it is a decision tool. Every check produces a pass or fail against a clear threshold, and every failure maps to a specific remediation, ordered by impact so you know exactly what to do first. A typical report leads with the few high-impact fixes — an authentication gap, a dirty list segment, a blocklisting — and then the smaller refinements.
# mcsnet · deliverability audit · findings [1] auth FAIL new ESP missing from SPF → mail failing alignment [2] list FAIL 9.1% bounce · 22% role-based · last verified: never [3] blocklist warn 1 listing (uceprotect) · low impact, monitor [4] reputation warn gmail spam rate 0.14% trending up [5] auth dmarc pass p=quarantine, aligned priority fix SPF (today) → verify list → recheck in 2 weeks
The point of ordering by impact is that effort goes where it pays: fixing the SPF gap and the list in that example will move the needle far more than any content tweak, and the report makes that obvious rather than leaving you to guess.
How often should you audit?
Treat it as a recurring process, not a one-time rescue. A full audit quarterly catches the slow drift — authentication that broke when a tool was added, a list decaying month over month, reputation easing down — before any of it compounds into a placement crisis. A quick monthly check of authentication, reputation and blocklists keeps the fast-moving signals honest. And any major change — an ESP migration, a domain change, a new sending tool, a volume spike — warrants an immediate audit, because those are exactly the moments authentication and reputation break. The most disciplined teams treat the audit as a release gate before big campaigns: if authentication fails the check, the send waits until it is fixed. Auditing only after deliverability drops means you are always cleaning up rather than preventing.
Why work with us?
Two reasons. First, data and consent: we run audits with your data hosted in Toronto under PIPEDA, and our CASL-aware lens means the audit checks consent and compliance, not just technical pass-fail — which matters because consent problems are reputation problems. Second, operator depth on complex setups: free tools handle a simple single-ESP audit well, and we will tell you when that is all you need. Where an experienced audit earns its place is complexity — multiple ESPs, dedicated IPs, high transactional volume, self-hosted infrastructure — where the issues that automated tools miss tend to hide. You get an operator who has seen the failure modes, not a checklist generator.
Who this is for, and who it is not
It is for senders who have watched deliverability slip and need to find the cause fast, for teams setting up or migrating who want to start compliant, and for anyone with complex sending infrastructure where the problem is hard to isolate. It is not strictly necessary for a small, simple sender on one ESP with healthy metrics — for them the free tools are usually enough, and we will say so. An audit is the honest front door to the rest of the work: it tells you whether you need deliverability services for ongoing management, reputation management for a damaged score, IP warming for a ramp, or simply a cleaner list — and it tells you in priority order, so you spend your effort where it actually moves placement rather than where it merely feels productive.