Email Deliverability Audit: The DIY Checklist to Find and Fix Your Inbox Issues

TL;DR

• Full audit takes: 30-45 minutes using free tools. Should be done monthly during active campaigns.
• 5 audit categories: Authentication, reputation, content, infrastructure, and blacklists
• Most common issue: DKIM not enabled in Google Workspace (it's not on by default—must be manually activated)
• Free tools needed: MXToolbox, Google Postmaster Tools, Mail-Tester.com, and your email platform's analytics
• When to audit: Before first campaign, monthly during active sending, and immediately when you notice declining open/reply rates

When You Need a Deliverability Audit

A deliverability audit is the first step to diagnosing why your cold emails aren't reaching the inbox. You need one if you're experiencing any of these symptoms:

• Open rates dropped below 30% (adjusted for Apple Mail Privacy)
• Reply rates dropped by 50% or more compared to previous campaigns
• Google Postmaster Tools shows domain reputation at "Low" or "Bad"
• Bounce rates exceeding 3% on verified lists
• You're setting up a new domain or mailbox for the first time
• It's been more than 30 days since your last audit

Category 1: Authentication Audit

Check 1.1: SPF Record

Tool: MXToolbox SPF Checker

What to check:

• SPF record exists and is valid (no syntax errors)
• All sending services are included (Google Workspace, Microsoft 365, sending platforms)
• DNS lookup count is 10 or fewer (SPF lookup limit)
• Record ends with ~all or -all (not +all, which allows anyone to send)

Common issues: Exceeding 10 lookups (use SPF flattening), missing includes for sending tools, multiple SPF records (only one is allowed per domain).

Check 1.2: DKIM Signing

Tool: Send a test email to check-auth@verifier.port25.com or use Mail-Tester.com

What to check:

• DKIM signature is present in email headers
• DKIM signature verifies successfully
• DKIM selector matches your DNS records

Common issues: DKIM not enabled in Google Workspace Admin Console (this is the #1 missed step), incorrect CNAME/TXT records in DNS, key rotation not completed.

Check 1.3: DMARC Record

Tool: MXToolbox DMARC Checker

What to check:

• DMARC record exists at _dmarc.yourdomain.com
• Policy is set (p=none minimum, p=quarantine or p=reject preferred)
• Reporting email (rua=) is receiving reports
• SPF and DKIM alignment passes (both must align with the From: domain)

Check 1.4: Composite Score

Tool: Mail-Tester.com (send a test email and get a 1-10 score)

Target: Score of 9 or above. Below 7 indicates significant authentication or content issues.

Category 2: Reputation Audit

Check 2.1: Google Postmaster Tools

• Domain reputation: should be "High" or "Medium"
• Spam rate: should be below 0.1% (critical threshold: 0.3%)
• Authentication success rates: SPF, DKIM, DMARC all above 95%

Check 2.2: Microsoft SNDS

Microsoft's Smart Network Data Services provides similar reputation data for Outlook delivery. Check your IP reputation and complaint feedback.

Check 2.3: Sender Score

Tool: senderscore.org

Check your sending IP's sender score (0-100). Scores above 80 are good, above 90 are excellent. Below 70 indicates reputation problems.

Category 3: Content Audit

Check 3.1: Spam Trigger Words

Review your email templates for known spam trigger words and phrases. While modern spam filters use ML rather than simple word matching, certain patterns still increase spam probability:

• Excessive urgency: "act now," "limited time," "urgent"
• Financial promises: "free," "guaranteed ROI," "money back"
• Suspicious phrases: "click here," "buy now," "no obligation"

Check 3.2: Link Analysis

• No more than 1-2 links per email (including unsubscribe)
• No shortened URLs (bit.ly, etc.)—they're associated with phishing
• Custom tracking domain configured (not using shared tracking domains)
• All links point to HTTPS pages

Check 3.3: HTML/Text Balance

• Plain text cold emails generally outperform HTML
• If using HTML, maintain high text-to-image ratio
• Include a plain text alternative for HTML emails
• Avoid embedding images in cold emails

Category 4: Infrastructure Audit

Check 4.1: Sending Patterns

• Daily volume is consistent (no dramatic spikes)
• Sending happens during business hours (not 3 AM)
• Each mailbox sends 30-50 emails/day maximum
• Warmup is running alongside campaigns

Check 4.2: Domain Age and Setup

• Sending domain is at least 14 days old (ideally 30+)
• Domain has a basic website with SSL
• MX records are properly configured
• Domain WHOIS information is not privacy-protected (optional but recommended)

Category 5: Blacklist Audit

Check 5.1: Domain Blacklists

Tool: MXToolbox Blacklist Check

Check your domain against all major blacklists. Being on even one blacklist can reduce delivery by 10-30% depending on the list.

Check 5.2: IP Blacklists

If using dedicated IPs, check them against Spamhaus, Barracuda, SORBS, and other major IP blacklists. For shared IPs (Google Workspace, Microsoft 365), this is less critical as the provider manages IP reputation.

Fix Priority Order

If your audit revealed multiple issues, fix them in this order:

1. Authentication (highest priority): Without SPF, DKIM, and DMARC, nothing else matters
2. Blacklist removal: Active blacklistings override all other positive signals
3. Warmup activation: Start or increase warmup to rebuild reputation
4. Content fixes: Remove spam triggers, reduce links, simplify HTML
5. Infrastructure optimization: Adjust volume, timing, and mailbox distribution

A deliverability audit isn't a one-time event—it's a recurring practice that keeps your cold email infrastructure healthy. Build the habit of running this checklist monthly, and you'll catch issues before they become reputation-damaging problems.