Key Takeaways

  • An email deliverability audit is a systematic review of your authentication setup, sender reputation, list quality, content practices, and inbox placement rates to identify what is preventing your emails from reaching the inbox.
  • Most audit guides stop at authentication and reputation checks. The critical missing piece is list-level verification, where 80% of deliverability failures originate from sending to invalid, disposable, or role-based addresses.
  • Gmail, Yahoo, and Microsoft now enforce bulk sender requirements that make authentication mandatory and complaint rates actionable. Non-compliant senders face permanent rejection starting in 2025-2026.
  • A quarterly audit cadence catches authentication drift, list decay, and reputation degradation before they compound into inbox placement crises.
  • Each audit step maps to a specific remediation action, with email verification serving as the highest-ROI fix for the most common failure: dirty list data.

An email deliverability audit is the most effective way to diagnose why your emails are not reaching inboxes. Unlike troubleshooting a single campaign failure, a structured audit examines every layer of your email infrastructure systematically, from DNS records to list quality to content patterns, and identifies the root causes that are dragging down your inbox placement.

Most audit guides available today focus heavily on authentication (SPF, DKIM, DMARC) and sender reputation, which are important but incomplete. The deliverability audits that actually fix problems go deeper, into the quality of the addresses you are sending to. Industry data consistently shows that 80% of deliverability failures trace back to list quality issues: invalid addresses, disposable signups, role-based accounts, and dormant contacts that accumulate over time.

This checklist covers every audit dimension in the order you should evaluate them, with specific pass/fail thresholds and the exact remediation action for each finding.

Step 1: Authentication Audit

Authentication is the foundation. Without it, no other optimization matters. Gmail, Yahoo, and Microsoft now reject or spam-filter bulk email from domains that fail authentication checks.

SPF (Sender Policy Framework): Verify your domain has exactly one SPF TXT record listing all authorized sending IPs. Run dig TXT yourdomain.com and confirm it passes. Critical threshold: your SPF record must stay under 10 DNS lookups. Each include: directive counts as a lookup, and nested includes count too. If you use multiple sending services (ESP, CRM, cold email tool, transactional service), you can easily exceed this limit, causing SPF to fail silently.

DKIM (DomainKeys Identified Mail): Confirm DKIM signing is active with a 2048-bit key (1024-bit minimum). Keys should be rotated every 6-12 months. Test by sending an email and inspecting the raw headers for a valid DKIM-Signature.

DMARC: Verify a DMARC record is published with at least p=none and an rua reporting address. For established senders, progress toward p=quarantine or p=reject. DMARC alignment requires that either SPF or DKIM (preferably both) align with the From: domain.

Common Mistake Having two SPF records on the same domain. Only one is allowed. When two exist, both fail, and your authentication breaks completely. This happens frequently when switching ESPs, and the old record is not removed.

Step 2: Sender Reputation Check

Sender reputation operates at two levels: IP reputation and domain reputation. In 2026, domain reputation is the dominant factor at Gmail and Microsoft, making it impossible to escape a bad sending history by simply switching IPs.

Google Postmaster Tools: Register your domain and review reputation dashboards. Domain reputation should be "High" or "Medium." Anything below indicates active problems. Monitor spam rate (must stay under 0.3%, target under 0.1%) and authentication success rates.

Microsoft SNDS (Smart Network Data Services): Register your sending IPs to see how Microsoft classifies your traffic. If your IP shows "yellow" or "red" status, your Outlook placement is being actively filtered.

Blacklist check: Query major blacklists (Spamhaus, SORBS, Barracuda, UCEPROTECT) for your sending IPs and domains. A single listing on Spamhaus can reduce your inbox placement to near zero across all providers.

17.7% of legitimate marketing emails never reach the inbox. Source: Validity 2026 Email Deliverability Benchmark Report

Step 3: List Quality Verification (The Step Most Audits Skip)

This is where the majority of deliverability problems originate, and where existing audit guides are weakest. Authentication and reputation are outputs. List quality is the input that determines them.

Bounce rate analysis: Pull your bounce rate from the last 90 days. If it exceeds 2%, your list contains a significant number of invalid addresses. Target under 1% for optimal deliverability. Every bounce during warmup or normal sending degrades your domain reputation.

Full list verification: Run your entire active database through a bulk email verifier to identify addresses that will hard bounce, have expired mailboxes, or belong to domains that no longer accept mail. Remove all addresses with status: failed immediately.

Disposable email audit: Check what percentage of your list uses disposable email services. These addresses produce zero engagement and waste sending credits. The isDisposable flag from your verification response identifies them instantly. Any disposable percentage above 1% indicates a gap in your signup validation.

Role-based address segmentation: Identify addresses like info@, sales@, and support@ using the isRoleAccount flag. These should be excluded from marketing sends and restricted to transactional communication only, as they carry elevated bounce and complaint risk.

Engagement segmentation: Review contacts that have not opened or clicked in 90+ days. These inactive subscribers should be moved to a re-engagement segment or suppressed. Continuing to send to chronically disengaged contacts trains mailbox providers to deprioritize all of your email.

Pro Tip Schedule your list verification to complete 24-48 hours before each quarterly audit. This gives you fresh data to evaluate and ensures your suppression lists are current. Use pay-as-you-go email validation credits to verify the entire list in a single pass, rather than sampling.

Step 4: Content and Infrastructure Review

One-click unsubscribe: Confirm your marketing emails include both a visible unsubscribe link and the List-Unsubscribe and List-Unsubscribe-Post headers required by Gmail and Yahoo for bulk senders. This is now a compliance requirement, not a best practice.

TLS encryption: Verify your sending infrastructure uses TLS for email transmission. Most modern ESPs handle this automatically, but custom SMTP configurations may need manual verification.

Content quality: Review recent campaign templates for excessive images, link density, and HTML complexity. Emails with clean HTML, a proper text alternative, and a balanced text-to-image ratio perform better across all providers. Avoid URL shorteners in email content, as they are frequently associated with phishing.

Sending patterns: Audit your daily and weekly send volumes for consistency. Document the peak and trough volumes over the last 30 days. If your volume varies by more than 50% between days, this inconsistency itself can trigger filtering. Mailbox providers prefer senders with predictable patterns.

Sender identity consistency: Verify that your From name, From address, and reply-to address are consistent across all campaigns. Switching sender identities frequently looks suspicious to filtering algorithms. Your visible From address should match the domain authenticated by SPF and DKIM.

Link domain hygiene: Check that all links in your emails point to domains you control and that those domains have valid SSL certificates. Broken links, redirect chains through URL shorteners, and links to domains with poor reputation all contribute to spam scoring. Use your primary domain or a branded subdomain for all links rather than third-party shorteners.

Audit your daily and weekly Sudden spikes trigger throttling algorithms at Gmail and Microsoft. If you need to increase volume, ramp gradually following warmup best practices.

Step 5: Inbox Placement Testing

The final step validates whether your emails actually reach the inbox at each major provider. Delivery rate (did the server accept it?) and inbox placement (did it land in Primary/Inbox vs. Spam?) are different metrics, and the gap between them is where most deliverability problems hide.

Use seed-list testing tools to send test emails to accounts at Gmail, Yahoo, Microsoft (Outlook/Hotmail), and Apple Mail. Document where each email lands: Primary inbox, Promotions/Updates tab, or Spam folder. Test separately for each provider, as they use different filtering logic.

If your Gmail inbox placement is below 85%, authentication or engagement problems are likely. If your Microsoft placement is below 60%, you have a critical issue that needs immediate attention. Microsoft is where most B2B deliverability problems surface first because Outlook''s filtering is more aggressive than Gmail''s for domains with mixed reputation signals.

After completing the audit, prioritize remediation using an impact-effort matrix. List verification is typically the highest-impact, lowest-effort fix because a single bulk verification pass immediately removes the addresses causing bounces, complaints, and engagement suppression. Use verify email addresses online for a quick spot-check, or the email validation API reference for programmatic integration into your audit workflow.

Building a Repeatable Audit Cadence

A one-time audit fixes current problems. A recurring audit prevents future ones. Establish a quarterly cadence where each cycle compares current metrics against your previous baseline. Document your numbers in a shared spreadsheet so you can spot regression before it becomes a crisis.

Over time, consistent auditing compounds: cleaner lists feed better reputation scores, which earn more favorable filtering, which drives higher engagement. The cycle reinforces itself. Organizations that implement this framework typically see inbox placement improvements of 15-25% within the first two audit cycles.

Frequently Asked Questions

How often should I run an email deliverability audit?

Quarterly is the recommended minimum for most organizations. High-volume senders (50,000+ emails per month) benefit from monthly audits. At minimum, run an audit any time you notice a sudden drop in open rates, a spike in bounce rates, or a blacklist notification. Between full audits, monitor Google Postmaster Tools and Microsoft SNDS weekly for early warning signals.

What is the most common deliverability problem found in audits?

List quality issues, specifically sending to invalid, disposable, and role-based addresses, account for approximately 80% of deliverability problems discovered during audits. Authentication misconfigurations are the second most common finding, followed by complaint rate violations. Fixing list quality through verification typically produces the fastest and most measurable improvement in inbox placement.

Can I perform a deliverability audit myself or do I need an expert?

Basic audits covering authentication, blacklists, and list verification can be performed by any marketing or operations team using free tools like Google Postmaster, MXToolbox, and a verification API. For complex sending infrastructures with multiple ESPs, dedicated IPs, and high-volume transactional email, a deliverability consultant can identify issues that automated tools miss.

What inbox placement rate should I target?

Target 90%+ inbox placement at Gmail and Yahoo, and 80%+ at Microsoft (which applies more aggressive filtering). If your overall placement across providers drops below 85%, start a full audit immediately. Placement below 70% at any single provider indicates a critical issue that requires urgent remediation.