Digiwell Marketing
← Back to Resources
Deliverability May 9, 2026 9 min read

Email Deliverability Audit Checklist for Marketing Teams

A structured email deliverability audit checklist covering authentication, sender reputation, list health, content, and inbox monitoring — so marketing teams can find and fix the gaps before they cost you inbox placement.

By Digiwell Marketing Team Deliverability & Sender Reputation
Deliverability audit dashboard with health scores and diagnostic steps

Most deliverability problems do not announce themselves. Inbox placement erodes gradually — a slight uptick in spam folder landings, a dip in open rates that looks like a content problem, a complaint rate that creeps above threshold. By the time the signals are obvious, the damage to your sender reputation may already be weeks old.

A structured email deliverability audit gives you a systematic way to surface those problems before they compound. Rather than reacting to symptoms, you are running a proactive review across every layer of your sending infrastructure — authentication, reputation, list health, content, and monitoring — and closing the gaps before inbox providers close your route to the inbox.

This checklist is organized by audit area. Work through each section in order, document your findings, and assign remediation owners before moving on. The goal is a clear picture of where your program stands and a prioritized action list coming out the other side.

Section 1: Authentication Records

Authentication is the foundation of deliverability. Without it, inbox providers cannot verify that your mail is actually coming from you — and unverified mail is treated with proportionally higher suspicion. Google's bulk sender requirements and Yahoo's sender standards both mandate proper authentication as a baseline condition for inbox placement.

SPF (Sender Policy Framework)

  • [ ] An SPF record exists for every domain you send from
  • [ ] The record lists all authorized sending sources — your ESP, any third-party tools, CRMs, and transactional platforms
  • [ ] The record ends with ~all (softfail) or -all (hardfail) — not +all, which authorizes everything and offers no protection
  • [ ] The record includes no more than 10 DNS lookups (SPF permerror is a common and often overlooked failure mode)
  • [ ] Verify at: MXToolbox SPF Lookup

DKIM (DomainKeys Identified Mail)

  • [ ] DKIM signing is enabled in your ESP and any transactional sending platform
  • [ ] DKIM keys are at least 1024 bits — 2048-bit keys are the current recommended standard
  • [ ] The signing domain matches or aligns with your From: address domain
  • [ ] Verify DKIM records are published correctly in DNS and are passing on outbound mail

DMARC (Domain-based Message Authentication, Reporting & Conformance)

  • [ ] A DMARC record exists for your sending domain
  • [ ] The record specifies a policy — p=none for monitoring, p=quarantine or p=reject for enforcement
  • [ ] A reporting address (rua=) is set so you receive aggregate reports from inbox providers
  • [ ] DMARC alignment is passing — your SPF or DKIM authenticated domain matches the From: domain
  • [ ] If you are on p=none, document a timeline for moving to p=quarantine or p=reject

BIMI (Brand Indicators for Message Identification)

  • [ ] If applicable: DMARC is at p=quarantine or p=reject (required for BIMI)
  • [ ] A Verified Mark Certificate (VMC) has been obtained from an approved certifying authority
  • [ ] BIMI DNS record is published with a pointer to an SVG brand logo

Section 2: Sender Reputation

Your sender reputation exists at two levels: your IP address and your sending domain. Both feed into inbox placement decisions, and both need to be audited separately. Google Postmaster Tools makes this easier for Gmail-bound mail — it surfaces reputation ratings and spam rate trends in one place.

Domain Reputation

  • [ ] Domain reputation in Google Postmaster Tools is rated Good or High
  • [ ] Spam rate reported in Postmaster Tools is below 0.10% — caution zone starts here per Google's published thresholds
  • [ ] No domain-level blocklist entries (check via MXToolbox Blacklist Check)
  • [ ] Sending domain has been in use for a reasonable period — newly registered domains are treated with higher suspicion by inbox providers
  • [ ] Subdomain strategy is deliberate: if you send marketing mail from a subdomain (e.g., news.yourdomain.com), its reputation is tracked separately from your root domain

IP Reputation

  • [ ] IP address(es) used for sending have no active blacklist entries
  • [ ] If on a dedicated IP: IP reputation in Google Postmaster Tools is rated Good
  • [ ] If on a dedicated IP: IP warmup was completed correctly before full-volume sends
  • [ ] If on a shared IP: ESP's pool quality and compliance enforcement practices have been reviewed
  • [ ] Sending volume is consistent — irregular sending spikes trigger filtering at major inbox providers

Complaint Rate Monitoring

  • [ ] Complaint rates are tracked per campaign, not just as a rolling average
  • [ ] Complaint rate has not exceeded 0.10% on any send in the past 90 days
  • [ ] Feedback loop integrations are active with major providers (most ESPs handle this automatically — verify)
  • [ ] Any complaint spike in the past 90 days has been investigated and attributed to a specific list segment or send
Want a faster path to better conversions? Get a free Conversion Infrastructure Audit and we will review your site, score your conversion path, and walk through the highest-leverage fixes on a live call.

Section 3: List Health

List quality is one of the most direct inputs to sender reputation. Mailing bad addresses, spam traps, and chronically unengaged contacts all generate the negative signals that inbox providers use to filter your mail. A deliverability audit without a list health review is incomplete.

Bounce Management

  • [ ] Hard bounce suppression is enabled in your ESP and is confirmed to be triggering automatically
  • [ ] Hard bounce rate on the last 10 sends is below 2% — a higher rate indicates list acquisition or hygiene problems
  • [ ] Hard-bounced addresses are not being re-imported via CRM syncs or list uploads
  • [ ] Soft bounce tracking is configured: addresses with three or more consecutive soft bounces are flagged for review
  • [ ] A process exists to periodically audit the suppression list and confirm it has not been bypassed

Engagement Segmentation

  • [ ] Active and inactive subscriber segments are defined with documented time windows
  • [ ] Re-engagement campaigns are running on a scheduled cadence for inactive segments
  • [ ] Subscribers who do not respond to re-engagement are suppressed — not deleted, but suppressed
  • [ ] Engagement metrics (open rate, click rate) are tracked per segment, not just at the list level
  • [ ] Your most engaged segment (opens in last 30 days) is identifiable and can be used as a seed audience for warmup or reputation recovery sends

The mechanics of keeping subscribers engaged long-term — before they reach the inactive threshold — are covered in our newsletter retention and churn reduction guide.

List Acquisition Quality

  • [ ] All active acquisition sources use confirmed opt-in (double opt-in)
  • [ ] Forms include real-time email syntax and domain validation
  • [ ] Imported lists (event leads, partner lists, CRM exports) are verified before first send
  • [ ] Role-based addresses (info@, support@, admin@) are suppressed or excluded from marketing sends
  • [ ] Purchased or rented lists are not in use — this is a primary cause of spam trap hits and complaint spikes

Unsubscribe Processing

  • [ ] List-Unsubscribe and List-Unsubscribe-Post (RFC 8058) headers are present on all outbound campaigns
  • [ ] One-click unsubscribe is functional — test it manually on a recent send
  • [ ] Unsubscribe requests are processed within 24 hours (Google and Yahoo both require processing within two business days; same-day is the safe standard)
  • [ ] Unsubscribes from all channels (email link, reply, abuse complaint) are consolidated into a single suppression list

Section 4: Content and Technical Configuration

Content and technical factors interact with authentication and reputation to determine final inbox placement. Spam filters evaluate message structure, headers, and content signals alongside sender reputation — a strong reputation gives you more tolerance, but it does not override obvious content-level red flags.

Message Headers and Configuration

  • [ ] The From: name is recognizable and consistent — inbox providers and recipients both use it as a trust signal
  • [ ] The From: address domain matches or clearly aligns with your sending domain
  • [ ] Reply-To: address is monitored — unmonitored Reply-To addresses miss opt-out and complaint signals that come via reply rather than formal unsubscribe
  • [ ] Message-ID headers are unique per send and generated by your ESP (not duplicated or missing)
  • [ ] Preheader text is populated — empty preheaders are a minor deliverability signal and a significant engagement signal

HTML and Content Structure

  • [ ] HTML is valid and renders correctly across major email clients (run through Litmus or Email on Acid)
  • [ ] Text-to-image ratio is reasonable — image-heavy emails with minimal text are a spam filter trigger
  • [ ] A plain-text alternative (multipart/alternative MIME type) is included alongside HTML
  • [ ] No URL shorteners are used for tracked links — shared URL shortener domains carry third-party reputation risk
  • [ ] Tracked links resolve to domains with clean reputations — check tracked link domains against blacklists
  • [ ] Unsubscribe link is clearly visible and functional in the email body

Subject Lines and Engagement

  • [ ] Subject lines are not using excessive capitalization, punctuation spam patterns, or misleading claims
  • [ ] Subject lines are tested against your audience — low open rates depress engagement scores that feed into deliverability
  • [ ] Preheader and subject line are coordinated to maximize open rate without being deceptive

Subject line performance has a direct deliverability downstream effect — low open rates are a negative engagement signal. Our guide to subject lines that get opened covers the frameworks that improve open rates in both warm and cold segments.

Section 5: Infrastructure and Sending Practices

The operational layer of your email program — how, when, and from where you send — shapes deliverability independently of content and list quality. These are the factors that are easiest to overlook because they live outside the campaign creation workflow.

ESP and Sending Configuration

  • [ ] Your ESP has a strong deliverability reputation and active postmaster relationships with major inbox providers
  • [ ] Sending domain is authenticated and verified within your ESP
  • [ ] If using multiple ESPs or platforms (marketing + transactional), authentication and suppression lists are consistent across all systems
  • [ ] IP configuration (shared vs. dedicated) matches your sending volume and program maturity
  • [ ] Transactional and marketing email are sent from separate IP addresses or sending streams — cross-contamination of complaint signals is a common and avoidable problem

Sending Cadence and Volume

  • [ ] Sending volume is consistent week-over-week — large volume spikes without warmup or segmentation preparation trigger filtering
  • [ ] Major list-wide sends are not sent at full volume simultaneously — consider staggered sends or segment rollouts for high-volume campaigns
  • [ ] Sending frequency matches subscriber expectations set at opt-in — frequency mismatches are a leading driver of complaint rate increases

Monitoring and Alerting

  • [ ] Google Postmaster Tools is set up and monitored for every domain you send from
  • [ ] Yahoo Postmaster is configured and reviewed (Yahoo Sender Hub provides access)
  • [ ] ESP deliverability dashboards are reviewed after every campaign, not just when problems are visible
  • [ ] An alert threshold is defined for bounce rate and complaint rate spikes — campaigns that breach threshold trigger a review before the next send

Section 6: Ongoing Audit Cadence

A one-time audit is a snapshot. Deliverability is a continuous state, and the factors that shape it shift over time as your list, sending patterns, and inbox provider rules evolve.

After every send:

  • [ ] Review bounce rate, complaint rate, and unsubscribe rate — compare to prior sends
  • [ ] Confirm no new blacklist entries on sending IP and domain
  • [ ] Flag any significant drop in open rate for investigation before the next campaign

Monthly:

  • [ ] Review Google Postmaster Tools domain and IP reputation ratings
  • [ ] Audit suppression list integrity — confirm no hard-bounced or unsubscribed addresses have re-entered active segments
  • [ ] Review soft bounce accumulation — suppress addresses at the three-bounce threshold
  • [ ] Spot-check DKIM, SPF, and DMARC pass rates in your ESP's authentication reporting

Quarterly:

  • [ ] Run re-engagement campaign for all subscribers inactive in the past 90 days
  • [ ] Review complaint rate trends across the quarter — identify any segments, subject line patterns, or send types correlated with higher complaint rates
  • [ ] Audit List-Unsubscribe header implementation across all sending platforms
  • [ ] Review acquisition sources for bounce and complaint contribution — suppress or remediate high-risk sources

Annually:

  • [ ] Full authentication review — confirm SPF, DKIM, and DMARC records are current and reflect your actual sending infrastructure
  • [ ] Review DMARC policy level — move toward or maintain enforcement (p=quarantine or p=reject)
  • [ ] Rotate DKIM keys as a security practice
  • [ ] Benchmark active subscriber rate against prior year — a declining ratio of engaged to total subscribers is an early warning sign

Frequently Asked Questions

How long does a deliverability audit take?

A thorough audit across all six sections can be completed in a day by a single team member with access to your ESP, DNS records, and Google Postmaster Tools. Authentication checks are fast. List health analysis takes longer if your ESP requires custom segmentation to surface bounce and engagement data. Plan for a half-day minimum.

What should I fix first if I find multiple issues?

Prioritize in this order: authentication failures (SPF/DKIM/DMARC), active blacklist entries, complaint rate breaches, hard bounce suppression failures. These have the most immediate impact on inbox placement and are the easiest for inbox providers to act on against your domain.

How do I know if my deliverability problems are reputation-based or content-based?

Send a plain-text email with no tracking links to your most engaged segment (opens in the last 30 days). If that email delivers normally, your content or tracking infrastructure is likely the issue. If it also lands in spam, the problem is at the reputation layer. Google Postmaster Tools is the most reliable direct signal — check your domain reputation rating there.

Does a deliverability audit need to be done by a specialist?

Not necessarily. The checklist above can be completed internally with access to your sending platform and basic DNS tools. Where specialist expertise adds value is in interpreting edge cases — unusual bounce patterns, DMARC misalignment on complex sending architectures, or reputation recovery after a significant complaint rate event.

What is the difference between inbox placement rate and open rate?

Open rate measures the percentage of delivered emails that were opened. Inbox placement rate measures whether delivered emails went to the inbox versus the spam folder. A low open rate might mean your subject lines need work. A low inbox placement rate means your deliverability is failing — even subscribers who would open are not seeing your mail. Seed testing tools (GlockApps, Litmus Spam Testing) can measure inbox placement rate directly.

Read Next

Want a Second Set of Eyes on Your Program?

Running through this checklist yourself surfaces what you know to look for. An independent audit surfaces what you do not.

Request a free deliverability audit and we will review your authentication setup, sender reputation signals, list health metrics, and sending infrastructure — then give you a prioritized remediation plan based on what we find.