Your campaigns show 98% delivery rate. But the meetings are not coming in. The open rates are flat. The clicks are minimal. What the delivery rate does not tell you is that half those emails landed in spam — and inbox providers count that as “delivered.”
An email deliverability audit finds what the surface metrics hide. This guide walks through every layer of an email deliverability audit, from authentication and infrastructure to list quality, sender reputation, and content scoring, in the exact sequence that produces actionable fixes.
What an Email Deliverability Audit Actually Checks
An email deliverability audit is a systematic review of every factor inbox providers evaluate when deciding where to route your email — inbox, promotions tab, spam, or outright rejection.
There are five layers to a complete email deliverability audit:
- Authentication configuration (SPF, DKIM, DMARC)
- Sender and domain reputation
- List quality and email verification status
- Infrastructure (IP address, sending domain, MX records)
- Content quality and engagement patterns
Each layer is independently capable of causing inbox placement failure. A sender with perfect authentication and a strong domain reputation can still land in spam because of list quality issues. A sender with a perfectly clean list can still be blocked because DMARC is misconfigured.
The email deliverability audit works by isolating each layer, diagnosing the specific failure, and implementing a fix without introducing new variables.
Layer 1: Authentication Audit (SPF, DKIM, DMARC)
Authentication is the foundation of inbox placement. Gmail, Yahoo, and Outlook use SPF, DKIM, and DMARC to verify that an email claiming to come from your domain actually originated from an authorized server.
SPF (Sender Policy Framework) defines which mail servers are authorized to send email on behalf of your domain. An SPF record that is missing, misconfigured, or over-includes too many IPs will fail or cause alignment issues.
Run an SPF check using MXToolbox or Google’s Admin Toolbox. Look for:
- SPF record exists and includes all your sending sources (ESP, CRM, outreach tool)
- SPF record does not exceed 10 DNS lookups (a common misconfiguration)
- SPF alignment is set to pass for your primary sending domain
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every outbound email. Inbox providers verify this signature to confirm the email was not tampered with in transit.
Check DKIM status by inspecting the raw email headers of a sent message. Look for:
- DKIM signature present and valid
- DKIM key length is 2048 bits (1024-bit keys are considered weak)
- DKIM alignment matches your sending domain
DMARC tells inbox providers what to do when SPF or DKIM fails. A DMARC policy of p=none provides visibility but no protection. A policy of quarantine or rejection actively protects your domain from spoofing.
For the email deliverability audit:
- Confirm DMARC record exists
- Check DMARC policy is p=quarantine or p=reject (not just p=none)
- Confirm that a rua email address is set to receive aggregate reports
- Review DMARC reports in Google Postmaster Tools or a DMARC analyzer
Gmail’s 2024 bulk sender rules require DMARC at minimum p=none. For inbox placement, quarantine or higher is the standard worth targeting.
Layer 2: Sender Reputation Audit
Sender reputation is a score assigned to your domain and IP address by inbox providers based on your historical sending behavior. An email deliverability audit cannot skip this layer.
Domain reputation reflects how Gmail and Outlook assess your sending domain based on complaint rates, bounce rates, engagement, and spam reports. Check domain reputation in Google Postmaster Tools (free, requires domain verification).
What to look for in Postmaster Tools:
- Domain reputation score: High is the target. Medium means action is needed. Low or Bad means you have an active reputation problem.
- Spam rate: Should be below 0.1%. Google enforces a 0.3% threshold; above that, deliverability degrades rapidly.
- Delivery errors: Identify specific rejection reasons and SMTP error codes.
IP reputation is a separate score assigned to the IP address your mail server sends from. Shared IP addresses (common on platforms like Mailchimp and Klaviyo) mean your reputation is partly influenced by other senders on the same IP pool.
Run an email blacklist check against major blocklists: Spamhaus ZEN, Barracuda, SORBS, and SpamCop. Any active listing requires immediate investigation and removal request.
Sender Score (from Validity) is a third-party reputation metric scored 0–100. Scores below 70 correlate with inbox placement problems. Scores above 90 indicate a strong sending history.
A thorough email deliverability audit cross-references all three reputation signals — domain reputation, IP reputation, and Sender Score — before drawing conclusions.
Layer 3: List Quality Audit and Email Verification
List quality is the most frequently neglected layer in an email deliverability audit, and it is often the root cause of reputation problems.
Every unverified email list contains a mix of valid, invalid, catch-all, disposable, and risky addresses. Sending to this mix without running email verification first is the fastest way to spike bounce rates and trigger spam filters.
For the email deliverability audit:
Check your current bounce rate — Hard bounce rate above 2% is an immediate red flag. In Google Postmaster Tools, delivery errors that reference “mailbox does not exist” or “address not found” indicate invalid addresses that should have been caught by email verification.
Audit your list acquisition sources — Where did each contact segment come from? Lists acquired through scraping, purchased databases, or older CRM imports typically have higher invalid rates than lists from double opt-in forms.
Run email verification on existing lists — Even lists that have been used before need email verification re-run after 90 days of dormancy. Email addresses decay at approximately 2% per month. A list verified six months ago may now contain 10–12% additional invalid addresses.
Check for spam trap exposure — Email verification tools with spam trap detection identify known honeypot addresses and recycled spam trap addresses that ISPs use to catch senders with poor list hygiene.
Assess catch-all address volume — Catch-all domains accept mail to any address, regardless of whether the inbox exists. A list with more than 20% catch-all addresses requires segmentation — send to catch-all segments only with a higher tolerance for bounce risk, or exclude them from cold campaigns entirely.
Layer 4: Infrastructure and IP Audit
Infrastructure problems in an email deliverability audit often appear as intermittent delivery failures — some campaigns perform well while others fail without an obvious cause.
Check your reverse DNS (PTR record) — Your sending IP should have a PTR record that resolves back to your sending domain. Missing or mismatched PTR records are a common reason for Outlook filtering.
Evaluate your sending domain age — New domains (under 3 months) carry inherently weaker reputation signals. An email deliverability audit on a new domain should flag this as a structural limitation, not a fixable configuration error.
Check MX records — Ensure your MX records are properly configured and resolve to the correct mail servers. MX misconfigurations cause delivery failures that are invisible in most analytics tools.
Audit redirect domains — If your emails contain tracked links that redirect through a third-party domain, check that redirect domain against spam blacklists. A clean sending domain can still be penalized for linking to a blacklisted redirect domain.
SMTP error log review — Access your ESP’s bounce log or SMTP error data. Patterns in 5XX error codes identify permanent infrastructure failures. Patterns in 4XX errors indicate temporary issues or rate-limiting by receiving servers.
Layer 5: Content and Engagement Audit
Content is the final layer in an email deliverability audit. Inbox providers evaluate not just authentication and sender reputation, but the content of each email and how recipients respond to it.
Spam filter scoring — Run your email template through a spam checker (Mail Tester, GlockApps, or Litmus Spam Testing) before sending. Spam scores above 3.0 indicate content patterns that trigger filters.
Common content issues flagged by spam filters:
- Excessive use of spam trigger words (free, guaranteed, act now, no obligation)
- Image-to-text ratio that is heavily skewed toward images
- Broken or suspicious links in the email body
- Missing or incorrect unsubscribe links
- Emails sent as HTML with no plain text alternative
Engagement audit — Inbox providers use engagement data to refine routing decisions. Low open rates, zero replies, and high delete-without-open rates all signal to Gmail that your emails may not be wanted.
Segment your list by engagement tier. Send re-engagement campaigns to inactive segments before suppressing them. Continuing to send to chronically unengaged contacts degrades domain reputation over time — the same way sending to invalid addresses does.
Unsubscribe compliance audit — Every marketing email must include a one-click unsubscribe mechanism. Under Gmail’s 2024 rules, bulk senders must honor unsubscribe requests within two days. Failure to comply results in spam filtering enforcement.
Building a Deliverability Audit Schedule
An email deliverability audit is not a one-time project. The sending environment changes constantly: algorithms update, reputation shifts, lists decay, and authentication configuration can break during platform migrations.
A practical audit schedule:
- Weekly: Check Postmaster Tools for spam rate and domain reputation signals
- Monthly: Run spam checker on active email templates; review bounce data and re-run email verification on high-volume send segments.
- Quarterly: Full five-layer email deliverability audit,t including authentication check, reputation review, list quality audit with email verification, infrastructure inspection, and content scoring
- After any platform migration: Re-verify authentication configuration, especially SPF and DKIM, which commonly break during ESP or CRM migrations.
Key Takeaways
- An email deliverability audit covers five layers: authentication, sender reputation, list quality, infrastructure, and content.
- DMARC should be at p=quarantine or p=reject. p=none provides visibility but no protection.
- Domain reputation in Google Postmaster Tools is the most direct signal of inbox placement health.
- Email verification is a required component of any list quality audit. Unverified lists degrade reputation regardless of how strong other signals are.
- Spam rate must stay below 0.1% to maintain consistent inbox placement.
- An email deliverability audit is a recurring process, not a one-time fix.
Frequently Asked Questions
Check Google Postmaster Tools for domain reputation. Run a seed list test using GlockApps or Litmus — these services show you inbox vs. spam placement across major providers in real time.
Email verification prevents future reputation damage by eliminating invalid contacts. It cannot reverse historical damage to the domain’s reputation. Reputation recovery requires consistent sending of clean, engaged-with campaigns over 4–8 weeks.
Google enforces a 0.3% spam complaint threshold for bulk senders. Best-in-class senders maintain below 0.08%. Above 0.3%, Gmail actively throttles and filters your mail.
Email verification removes invalid, risky, and spam-trap addresses. Sending to these addresses generates hard bounces and spam complaints — the two metrics inbox providers weigh most heavily in routing decisions. Lower bounce rate and lower complaint rate, achieved through email verification, directly correlate with better inbox placement.
A thorough five-layer email deliverability audit takes approximately 3–5 hours for an experienced deliverability practitioner. Running email verification on a large list (100K+) takes an additional 30–60 minutes. The full audit produces a prioritized remediation list, typically with 3–7 actionable fixes.
Conclusion
The delivery rate metric is the most misleading number in email marketing. It measures whether your email reached a server — not whether it reached a human. An email deliverability audit breaks through that ambiguity by examining every layer that actually determines inbox placement.
The most common finding in any email deliverability audit is list quality. Most senders have authentication configured correctly. Many monitor their domain reputation. But email verification — the discipline of keeping contact lists clean and removing invalid addresses before they generate bounces — is still the most frequently skipped step.
The senders who run consistent email deliverability audits and integrate email verification into their workflow are the ones who hold inbox placement when Gmail updates its algorithms. The rest discover the problem only after their sender reputation has already deteriorated.
