Skip to content

Audit · Senior engineer

Stop guessing why your emails land in spam. Pay once, find out.

An end-to-end deliverability audit by a senior engineer — DNS, rDNS, MTA configuration, IP reputation, content, list hygiene, engagement signals, ARC chain — delivered as a written remediation roadmap your team can ship from. From € 299 one-off.

  • DNS + rDNS + DMARC
  • MTA config review
  • ARC chain validation
  • Seed pool placement test
  • Written roadmap
  • From € 299

The problem

Your emails are landing somewhere. You do not know where, and your tools will not tell you.

Delivery rate is not the same as inbox placement. Most senders stare at a delivery number north of 98% and assume their email programme is healthy. Then replies trend down for a quarter, a product launch underperforms, a cold campaign that should have booked thirty meetings books five, and nobody can tell you why. The answer, almost always, is that your mail is being delivered — to the spam folder, the Promotions tab, or a quarantine queue your recipients never open.

The gap between the two numbers is the business problem. Validity's 2026 benchmark report puts global average inbox placement at 87.2% — but the same dataset shows Microsoft Outlook landing under 27%, Office 365 at 50.7%, and Google Workspace down to 53%. If your sender base is B2B, the headline 87% number is not your reality. Your reality is that one in two emails to corporate inboxes never reaches a human, and the SMTP success log does not say so.

The SaaS deliverability tools — GlockApps, MailReach, Folderly, Inbox Radar — are genuinely useful for what they do. They run seed-list tests, score your authentication records and show you a dashboard. None of them can tell you why Gmail has quietly derated your sending domain, or why your PTR records are set on the wrong IP in the subnet, or why the 2024-era MTA-STS policy on your domain is silently rejecting half of Microsoft 365. That requires a human to read your setup and your history the way a mechanic reads a car.

Our deliverability audit is that mechanic. A senior engineer — not a chatbot, not an SDR with a checklist — spends the time your programme deserves and writes you the report your team can actually ship from.

DNS at engineering depth

Not a pass/fail checklist. We verify SPF include chains, DKIM key lengths and rotation cadence, DMARC policy against aggregate report data, MTA-STS and TLS-RPT, BIMI VMC readiness, ARC consumption and production, and the rDNS chain across every IP in your block.

Reputation history read

We pull the actual sending pattern of your IPs and domains over the last 90 days, cross-reference it with blacklist hits and ISP throttle signals, and map the correlation to what you did and did not send. You find out what caused the derating, not just that one happened.

MTA configuration review

If you run PowerMTA, Postfix, MailWizz, Acelle, Interspire or a cloud relay with custom rules, we review the configuration against real-world 2026 ISP expectations: per-domain throttling, retry schedules, bounce classification, VMTA pool routing.

Content and engagement

Link authentication, image-to-text ratios, tracking pixel aggressiveness, subject-line risk flags, HTML structure compliance (74% of emails fail this in 2025 benchmarks), and the one thing seed-list tools cannot measure: whether your recipients actually engage with your mail.

2026 reality

The B2B inbox is harder to reach than it has ever been.

Two waves of enforcement have reshaped the inbox between 2024 and 2026. First, the Gmail and Yahoo bulk sender requirements that came into force in February 2024 — mandatory authentication, one-click unsubscribe, sustained spam complaint rates under 0.3%. Then Microsoft's enforcement of equivalent requirements with little advance warning in May 2025. The receivers tightened independently and continuously throughout the period. The chart below tracks where major mailbox providers landed for senders not specifically optimised for the new regime.

Inbox placement decline by mailbox provider — 2024 to 2026

Public benchmark data, percentage of B2B mail landing in primary inbox.

Inbox placement percentage by mailbox provider, by quarter, 2024 to 2026
Categoría Gmail (consumer)Google WorkspaceOffice 365Outlook.com
Q1 2024 89.863.977.449.3
Q3 2024 87.260.170.241.5
Q1 2025 8756.460.833.8
Q3 2025 78.552.953.528.1
Q1 2026 87.253.450.726.8

Sources: Validity State of Email Deliverability 2025 and 2026 reports, Unspam.email 2025 deliverability dataset (Jan–Dec 2025, millions of email tests), Mailmend Q1 2024 to Q1 2026 inbox placement statistics. Note: Q3 2025 dip on Gmail consumer reflects the brief enforcement spike before stabilisation; Microsoft platforms continue declining without recovery.

Two patterns matter for budget owners. First, the corporate mailboxes — where B2B replies actually live — have declined more than the consumer ones, with Outlook.com losing nearly 23 percentage points in two years and reaching just 26.8% inbox placement by Q1 2026. Second, "we have authentication set up" is no longer the protection it was. The 2025 Unspam.email dataset shows that emails with full SPF, DKIM and DMARC alignment still saw spam placement rates exceeding 30% — authentication keeps you accepted, not seen.

An audit in this environment is not optional hygiene. For any sender whose business depends on B2B replies, the gap between your delivery rate and your visible inbox rate is now the single largest unmeasured risk on your email programme.

What the data says

Placement gap — where industry averages land versus where you should be.

Industry-reported average inbox placement in 2026 hovers around 70% for B2C mail and 50–65% for B2B cold outreach, depending on the source. That means even "healthy" programmes bleed a third of their send volume into folders that never open. The chart below is a composite of public data from Validity, Mailtrap inbox placement studies, and our own audit observations from Q3 2025 onwards, contrasted with post-remediation numbers for senders who shipped the fixes we recommended.

Inbox placement by provider — before vs. after audit

Percentage of sent volume landing in primary inbox.

Inbox placement percentages by provider
Categoría Industry average (B2B cold, 2026)After Blue Spirit audit + remediation
Gmail (primary) 4278
Gmail (promo) 189
Outlook.com 2772
Office 365 5183
Yahoo 4481
iCloud 5784
Other ISPs 6289

Sources: Validity State of Email 2026, Mailtrap inbox placement benchmarks Q1 2026, and Blue Spirit Hosting audit dataset (n=47 senders, Jan 2025 – Mar 2026). Post-remediation numbers are measured 90 days after the audit report was actioned.

Decision framework

Do you actually need an audit, or do you need something else?

Every consultant page on the internet wants to sell you an audit. Here is the honest version. An audit is the right answer when you have a deliverability problem you cannot diagnose yourself, when the cost of getting it wrong exceeds the cost of the engagement, and when you have the engineering capacity to ship the fixes once we hand them over. If any of those are missing, an audit will not help you. The decision tree below is the same one we walk customers through on a discovery call.

Do I need a deliverability audit? Sending more than 5,000 emails / month? No Skip the audit. Mail-Tester + MXToolbox + 1h Yes SPF + DKIM + DMARC configured? No Set those up first. Free, well-documented, no audit yet Yes Receiving DMARC aggregate reports from receivers? No Fix reporting first. Then audit makes sense Yes Audit makes sense. Starter (€ 299) for diagnosis only. Standard (€ 599) if you need MTA config + ARC review. If your problem is "we bought a list and it tanked our domain", the answer is list hygiene + warmup, not an audit.

There is one path the tree does not show, because it requires judgement: when you already know what is wrong but want a second opinion before pulling a trigger that costs money. We see this with senders weighing an ESP migration, an IP move, or a domain reset. In those cases the audit is essentially expert validation — a senior engineer reading your situation, agreeing or disagreeing with your diagnosis, and writing it up so your CFO has something more rigorous than your engineer's gut feel to base a decision on. That is also a legitimate use of the audit, and we handle it well.

What it is worth

The number your team is not doing the math on.

Every email sitting in a spam folder is a reply you will not get, a deal you will not close, a subscriber you will not monetise. Most senders never quantify the loss because the loss is invisible — you cannot see the reply that did not happen. Below is a rough model. Plug in your volume and average customer value; the math is almost always uncomfortable.

Estimated monthly revenue lost to inbox placement failure

Illustrative model — adjust to your own volume and ACV.

Estimated monthly revenue lost by sender volume tier
Categoría Estimated monthly revenue lost to spam folder (EUR)
10k/mo · low ACV 420
50k/mo · mid ACV 3800
100k/mo · mid ACV 9500
500k/mo · high ACV 48000
1M/mo · high ACV 110000

Model assumptions: baseline 70% inbox placement, target 90%, delta recaptures proportional to volume × reply-to-revenue conversion. ACV tiers: low = € 200, mid = € 2,000, high = € 20,000. Actuals vary by funnel stage, industry and engagement quality — use this as a floor estimate.

A € 599 audit for a B2B sender doing 100k emails per month at mid-ACV pays for itself in the first week if it recovers even a tenth of the lost revenue. For high-volume or high-ACV senders the math is aggressive enough that not auditing starts to look like negligence.

Cost honesty

SaaS tool, in-house hire, agency retainer, or one-off audit.

There is a four-way decision underneath every "we need to fix our deliverability" conversation. The full menu costs are not advertised next to each other anywhere on the internet, so here is the comparison. These are 2026 EUR figures we see in real procurement decisions; your specific quotes will move plus or minus 20%.

Annual cost of deliverability options — 2026 market

What each path actually costs in a year.

Annual cost in EUR for each deliverability staffing option
Categoría Annual cost in EUR
SaaS tool (year) 3600
In-house specialist (year) 96000
Senior agency retainer (year) 24000
Blue Spirit Standard audit (one-off) 599

SaaS tool benchmark: GlockApps Premium + MailReach + Folderly bundled at typical mid-tier retail. In-house specialist: fully loaded cost (salary + benefits + management overhead) for a mid-level deliverability engineer in Western Europe; rates in nearshore engineering markets (Eastern Europe, Iberia outside major capitals) are 40-60% lower. Senior agency retainer: market average for a US/UK boutique deliverability consultancy on a monthly retainer covering one B2B brand. Blue Spirit Standard audit is a one-off cost; ongoing optional Retainer adds € 250/month on top.

The point of this chart is not that we are cheaper — although we are. The point is that the right answer depends on what kind of problem you have. SaaS tools are excellent for senders who already know their setup is solid and just want continuous monitoring. In-house hires are correct above a certain size where deliverability is a permanent strategic concern. Agency retainers fit organisations that need ongoing senior judgement applied to a continuously-evolving programme. One-off audits — what we sell — are correct when you have a specific question, a specific suspicion, or a specific fire to put out, and you want a senior engineer to deliver an answer in a week and walk away.

If after the audit you decide you need ongoing support, our Retainer tier is € 250/month and gives you an engineer on standby plus a monthly review. We do not pressure customers into the retainer; most of them do the audit, ship the fixes, and call us back six or twelve months later when something else needs eyes.

Audit vs. tools — where each shines

We are not GlockApps. We do not compete with GlockApps. We complete the picture.

If you already run GlockApps, keep running it. It is a better tool than a spreadsheet. But a tool is not a consultation. The chart below is honest about what each type of product does well — and where only a human engineer can take you.

Capability coverage — SaaS tools vs. senior audit

Depth of coverage on a 0–5 scale.

Capability coverage by dimension, scored 0 to 5
Categoría GlockApps / MailReach / FolderlyBlue Spirit Audit (Standard)
DNS depth 25
Reputation history 35
MTA tuning 15
Content analysis 44
List hygiene 15
Remediation plan 25
Human judgement 05

Scoring: SaaS scores reflect average capability across GlockApps, MailReach and Folderly on a feature-parity basis as of Mar 2026. Our scores reflect the Audit Standard deliverable.

What the audit actually contains

The report is not a dump of screenshots from third-party tools glued into a PDF. It is a deliverable your engineering team can action line by line. Structure:

Section 1 — Executive summary. One page. The single most important finding, the three things that will move the needle fastest, and the estimated effort to ship each.

Section 2 — DNS and authentication. Exact current state of SPF (every include resolved, flattening recommendation if you are near the 10-lookup limit), DKIM (selector rotation, key bit-length, signature coverage of headers), DMARC (policy, percentage, reporting addresses, aggregate report sample), MTA-STS (mode and TTL), TLS-RPT, BIMI (VMC readiness), ARC consumption and production. Each item gets a status flag (green / amber / red), the remediation, and the rationale.

Section 3 — rDNS and IP hygiene. Full PTR chain for every sending IP. Hostname consistency. HELO/EHLO alignment. Blacklist exposure across roughly sixty RBLs and what each listing means in practice — not all blacklists are equal, and we score them by receiver impact rather than by listing count. For IPv6 senders, we check the AAAA alignment and IPv6 PTR setup that a surprising number of providers get wrong.

Section 4 — Sending pattern and reputation. 90-day volume curve, bounce-rate trajectory, complaint-rate trajectory, engagement trend. Inflection points correlated with behavioural changes (did you buy a list? did you change MTA config? did you swap warmup providers?). ISP-specific reputation signals where we can read them — Gmail Postmaster Tools data, Yahoo sender hub, Microsoft SNDS.

Section 5 — MTA configuration. If you run your own MTA, we read the config. PowerMTA: VMTA definitions, per-domain throttling, queue settings, feedback loop integration. Postfix: smtpd restrictions, header checks, TLS policy maps. MailWizz / Acelle: delivery server configuration, bounce server, list settings. Cloud relay: the specific configuration of your SendGrid/SES/Mailgun tenant.

Section 6 — Content risk. Subject line patterns flagged by modern spam filters, link reputation (we check your links against the same aggregators Gmail uses), image-to-text ratio, HTML weight, HTML structure compliance (74% of mail fails this in 2025 benchmarks — invalid nesting, missing attributes, accessibility violations all measurably hurt placement), tracking pixel strategy, the "click here" and "unsubscribe" placement. Plain-text alternative quality.

Section 7 — List and engagement. Bounce-code distribution (4xx vs 5xx, transient vs permanent), catch-all domain exposure, role-address concentration, engagement segmentation depth. If you can send us a sample (anonymised if required), we run a list-quality pass that mirrors what a good MX-hygiene tool would do.

Section 8 — Prioritised remediation roadmap. The part most audits never get to. Every finding becomes a ticket: what to ship, in what order, with what effort estimate, and with the specific expected impact. We write these so a competent engineer can close the ticket without further input from us.

Section 9 — Appendix. Full raw data: blacklist check output, seed-list placement JSON, DMARC aggregate samples, ARC chain traces, screenshots where useful. The evidence behind every claim.

Reverse DNS

Why your PTR chain is probably broken on most of your IPs.

Reverse DNS is one of those topics that gets explained in two sentences in every deliverability blog and then never really verified by anyone. The reality is more interesting. Modern receivers do not just check that a PTR exists — they check that the PTR resolves to a hostname, that the hostname's A record resolves back to the same IP (forward-confirmed reverse DNS, or FCrDNS), and that the HELO/EHLO your MTA presents matches that hostname. Three checks, three places to drift. The diagram below shows a healthy chain and the four common ways it breaks in production.

✓ Healthy FCrDNS chain (what receivers expect) Your MTA EHLO mail1.example.com from 198.51.100.10 PTR query DNS PTR record 198.51.100.10 → mail1.example.com A query DNS A record mail1.example.com → 198.51.100.10 ✓ matches ✗ Four failure modes we find in production audits 1. Missing PTR No PTR record at all. Common after IP block expansion. Auto-rejected. 2. Generic ISP PTR 198-51-100-10.provider.net PTR exists but is the ISP's default. Heavily penalised. 3. PTR points nowhere PTR resolves to a host whose A record does not come back to your IP. 4. HELO mismatch HELO presents a name that does not match the PTR hostname. The real-world pattern: failure modes co-exist on the same IP block "IP #1 is healthy. IPs #2-5 have generic PTR. IP #6 has missing PTR. HELO is set globally to mail1 regardless of source IP." This is the most common audit finding: heterogeneous PTR state across an IP block, with the operator unaware that 80% of their sending IPs fail FCrDNS. Receivers route those messages to spam silently — there is no SMTP error, just dropped placement.

When we run an audit, we test the full FCrDNS chain on every IP in your block, not just the first one. We also test that HELO/EHLO is presented consistently across the pool — a surprising number of MTAs ship with HELO hardcoded to the hostname of IP #1, which means failure mode 4 affects every other IP automatically. The fix is usually five minutes of configuration per IP plus a DNS update. The blind spot is that nobody checks the whole block at once. We do.

The findings our competitors do not even look for

A lot of what goes wrong with deliverability in 2026 sits below the level that seed-list tools can see. Five recurring findings from our audit dataset, contributed back as free insight so your team can check for them tomorrow morning.

The DMARC p=none purgatory

Roughly 62% of the B2B senders we audited had a DMARC record in place but with p=none — meaning they told ISPs "observe but do not enforce". Many of those records have been at p=none for over two years, which is where the problem hides. An unenforced DMARC record gives you reports but no protection, and every month it stays in that state, your domain looks to sophisticated spam filters like a sender who set DMARC as a checkbox and then forgot about it. That reputational signal is subtle and cumulative. Moving to p=quarantine pct=10, then pct=50, then p=reject over a six-week window is the single highest-ROI change in most audits. The 2025 industry data confirms how rare proper DMARC enforcement is: only 7.6% of the top 10 million domains had p=quarantine or p=reject configured.

PTR chain drift across an IP block

When you add IPs to a sending pool over time, it is common for the PTR on the first IP to be set correctly (mail1.example.com with forward/reverse confirmation) while the last three IPs in the block have either no PTR or a generic ISP-assigned default (1-2-3-4.provider.net). Gmail and Microsoft penalise non-aligned PTR aggressively — the diagram in the previous section shows the four common breakage patterns. The fix is five minutes of work per IP; the blind spot is that nobody checks the whole block at once.

SPF nesting at the 10-lookup wall

Every DNS lookup in your SPF include chain counts toward a hard cap of 10 (RFC 7208 §4.6.4). Most senders cross that cap when they add a new third-party (a survey tool, a transactional provider, a new payroll vendor) without auditing the existing includes. Once you cross it, SPF evaluation silently fails — returning permerror — which receivers interpret as "this sender cannot authenticate". You can sit in that state for weeks before anyone notices the reputation drop. Our audit counts lookups recursively, identifies the include responsible for tipping you over, and recommends SPF flattening (replacing the include with the resolved IP ranges) where appropriate. We also flag the second silent failure mode: temperror, where one of your includes timed out, which receivers treat as inconclusive and which inflates your spam score for the duration of the outage.

MTA-STS policy mismatch

Senders who publish an MTA-STS policy often mis-configure the policy mode. Running MTA-STS in testing mode is fine; running it in enforce with a policy that does not match your actual MX records causes legitimate mail to get bounced by receivers who honour the standard. We see this most often after a migration where the MX was changed but the MTA-STS policy was not updated, or where a load balancer was added without including the new hostname in the MTA-STS policy file. The fix path matters: you cannot just flip from testing to enforce overnight because of TLS-RPT propagation; the standard pattern is testing for 30 days while watching TLS-RPT reports, then enforce.

ARC chain corruption on forwarded mail

This is the finding most competitors do not look for. ARC (Authenticated Received Chain, RFC 8617) is the protocol that allows mail to survive forwarding through mailing lists, security gateways, ticketing systems and group aliases without breaking SPF and DKIM. If you publish DMARC enforcement (p=quarantine or p=reject) without first checking that your domain consumes ARC headers properly, forwarded legitimate mail starts being quarantined by receivers — and you get blamed for the loss. We check whether your inbound mail path validates ARC chains correctly when present, and whether your sending path is producing ARC headers when it relays for others. ARC misconfiguration is a silent reason "we deployed DMARC enforcement and our reply rates dropped" — the kind of finding that pays back the audit ten times over because the alternative is rolling back DMARC enforcement entirely and losing the reputation gain.

Bounce code taxonomy: what your bounce rate is actually telling you

Most senders look at one number: bounce rate. The benchmark says under 2% is acceptable; theirs is 1.8%; they conclude they are fine. They are not fine. Bounce rate aggregates four very different signals, each of which means something different about your programme. Part of every audit is reading the bounce-code distribution, not just the rate. The reference table below is the same one we use internally to triage findings, with the operational thresholds where each signal becomes a problem.

Bounce signal SMTP code patterns What it actually means Threshold to act
Hard bounce (mailbox) 5.1.1, 5.1.2, 5.7.1 Address does not exist or is deactivated. List quality issue. > 2% sustained = list audit overdue
Hard bounce (policy) 5.7.0, 5.7.26, 5.7.606–5.7.614 Receiver rejected for authentication or reputation reasons. > 0.5% = reputation crisis
Soft bounce (rate) 4.7.0, 4.4.7, 421 Throttled by receiver. You are sending faster than they accept. > 5% = MTA tuning needed
Soft bounce (mailbox) 4.2.2, 4.5.1 Mailbox full or temporarily unavailable. Usually self-resolves. < 2% is normal
Spam rejection (Microsoft) 550 5.7.1 with S0/S1 suffix Outlook spam filter rejected at SMTP. Reputation problem on Microsoft. Any sustained pattern = audit immediately
Gmail temp defer 421-4.7.28, 421-4.7.0 Gmail throttling new IP/domain or suspicious volume curve. > 1% = warmup or trust issue
Spam complaint (FBL) via JMRP / Gmail / Yahoo FBL Recipient marked the mail as spam. Permanent reputation hit. > 0.1% = expectation per Validity 2026

The threshold column is the part nobody publishes. A 2% hard mailbox bounce rate is a list problem you can ignore for another quarter; a 0.5% policy bounce rate is a reputation crisis that will compound if you do nothing. The two get summed into "your bounce rate is 2.5%" by every dashboard, which loses the signal entirely. Reading the distribution is what an audit does that a dashboard does not.

Note also the Validity 2026 update on spam complaint thresholds. The historic guidance was to keep complaint rates under 0.2% or 0.3%; the current expectation from major receivers is under 0.1%. If your dashboard has been showing "0.18% spam complaints — within tolerance" for a year, your dashboard is using outdated thresholds. The real-time signal from Gmail Postmaster and Microsoft SNDS is that you are over the line.

Blacklist taxonomy: which RBLs actually matter, and which are noise

If you check your IP on MXToolbox you will see a list of around eighty blacklists, with maybe two or three showing as "listed". Cue panic. The reality is that the eighty RBLs in that list are not equivalent — they have wildly different methodologies, receiver adoption rates, and operational impact. A Spamhaus SBL listing is a programme-ending event; a UCEPROTECT-3 listing is an information event that no major receiver acts on. Confusing the two is one of the more common ways customers spend two weeks panicking about a non-problem while a real one festers.

RBL What it lists Receiver adoption Impact if listed
Spamhaus SBL Verified spam sources by humans Extremely high (most major receivers) Programme-ending. Stop sending now.
Spamhaus XBL Compromised hosts, exploited proxies, malware Extremely high Severe. Indicates infrastructure compromise.
Spamhaus PBL Dynamic / residential IP ranges that should not send mail directly High for direct-to-MX Severe if you are sending from this range. Use a relay.
Barracuda BRBL Behavioural spam detection High among Barracuda customers Moderate-to-severe for B2B.
SORBS Multiple sub-zones, varied methodology Moderate Moderate. Check sub-zone for context.
SpamCop SCBL Real-time complaint-driven listings Moderate Moderate; usually self-clears within hours.
UCEPROTECT-1 Specific spamming IPs Moderate Moderate. Verify and request removal.
UCEPROTECT-2 / -3 Entire ASN escalations (often automated, often unfair) Low Negligible. Major receivers do not consult these.
"Vanity" RBLs Single-operator lists with opaque criteria Negligible Ignore. No major receiver uses them.

Part of every audit is contextualising your blacklist exposure. We separate the listings into "ship a fix this week", "keep an eye on this", and "ignore — the dashboard is alarmist". This is the kind of judgement that distinguishes a senior engineer from a tool that counts listings: a Spamhaus SBL listing on one of your IPs is a different conversation from twelve UCEPROTECT-3 listings spread across your sending pool, and the dashboards that report both with the same red exclamation mark are doing you no favour.

Who the audit is for (and who it is not for)

Good fit: B2B companies where a missed reply has real dollar cost. Cold outreach teams running Instantly, Smartlead, Lemlist or Apollo who have hit a placement plateau. Newsletter operators with 50k+ subscribers seeing declining open rates that cannot be explained by list fatigue. Transactional senders whose user-facing emails (password reset, invoice, order confirmation) have started showing up in spam complaints. Agencies whose client reporting has gone from "deliverability is great" to "deliverability is a problem". Organisations rolling DMARC from p=none to enforcement who want a senior pair of eyes on the rollout plan before a single message gets quarantined.

Not a good fit: Hobbyist senders on a free SMTP relay sending under 500 emails a month — Mail-Tester plus common sense will get you 80% of the value. Senders who already know their problem is list acquisition and are not ready to fix that. Anyone looking for a dashboard to replace work they should be doing internally. Senders who want a guarantee that placement will hit a specific number — we cannot guarantee receiver behaviour, only the quality of the engineering recommendation.

Four sample findings from real audits (anonymised)

Case 1 — SaaS startup, 80k emails/month, reply-rate drop. Symptom: replies to cold outreach fell 40% in six weeks with no apparent cause. Finding: the new IP block allocated by their provider had correct PTR on IP #1 but the other four IPs were returning the ISP-default PTR. Gmail was quietly routing 70% of mail from those four IPs to Promotions. Fix shipped in 90 minutes; placement recovered over 14 days.

Case 2 — Publisher, 2M newsletter subs, open-rate decline. Symptom: open rates down from 24% to 17% over 4 months. Finding: DKIM rotation happened, but the new selector signed only the From, To and Subject headers, not List-Unsubscribe, Message-ID or the body. Gmail was treating the mail as partially authenticated. Fix: update DKIM signer configuration to sign the canonical set of headers including the body hash. Open rates recovered within 3 weeks.

Case 3 — Agency, white-label audit for a client sending 500k/month. Symptom: placement test showed 40% spam landing in Outlook.com. Finding: SPF had drifted to 11 lookups after the client added a new marketing tool. Resolution was produced as an SPF flattening recipe the client's DNS team shipped; placement returned to 85% over ten days. Bonus finding the client did not pay for: their MTA-STS policy was in enforce mode pointing to a stale MX hostname that had been replaced six months earlier — this had been silently bouncing some Microsoft mail since the migration.

Case 4 — EU e-commerce, 300k transactional/day, regional Microsoft tenants underperforming. Symptom: customers on French and German Office 365 tenants reporting password reset emails arriving 30+ minutes late, while UK and US customers received them within seconds. Finding: the relay's outbound queue was using an IPv4-only egress and Microsoft's Frankfurt/Dublin regional MX was preferring IPv6, falling back to IPv4 with a 60-second penalty per message. Fix: dual-stack the egress with proper PTR on both v4 and v6, and adjust the queue to attempt v6 first. Latency to Microsoft tenants dropped by 95th percentile from 47 minutes to 38 seconds.

How we deliver the audit

Kickoff call (30–60 min depending on scope). We walk through your setup live — you share screens, we ask questions, we log what we see. Materials list gets finalised. You get a small written checklist of what to send us.

Investigation phase (2–4 business days). We pull the data, we run the tests, we read the configs. Mid-way you get a short progress note flagging anything that looks urgent so you can start on it without waiting for the full report.

Report delivery. Written PDF with the sections above. Between 12 and 30 pages depending on scope — we do not pad. Alongside the PDF you get a shared document with the raw data and any scripts we used, so your team can rerun the checks later.

Walkthrough call. 30 or 60 minutes depending on the tier. We talk through the findings, field questions, help you prioritise. Recording on request.

Follow-up window. Two weeks of email/Telegram/Slack access to the engineer who ran the audit, for clarifying questions as you ship the fixes. Retainer customers get this continuously.

The operational angle most US/UK consultancies miss

If your sending footprint is global — or simply not concentrated in the same time zones and ISP estate as a typical US- or London-based deliverability boutique — there are three operational realities that we encounter routinely and most established consultancies either do not see or do not engage with. We do, because our engineering rotation spans EU, Americas and APAC business hours and our audit process explicitly includes regional-specific receiver coverage.

First, regional Microsoft tenants behave differently. Office 365 instances provisioned in non-US/UK datacentres (Frankfurt, Dublin, Amsterdam, Singapore, Sydney) have measurably stricter inbound filtering than US/UK tenants for senders without a long regional reputation history at that specific datacentre. The thresholds at which a domain gets quietly throttled are tighter, and the path to rehabilitation is slower. Audits we do for senders with significant non-US/UK Microsoft exposure include a regional-specific chapter covering the Frankfurt and Dublin tenant behaviour patterns specifically.

Second, the European regional mailbox provider estate (Web.de, GMX, T-Online.de, Orange.fr, Free.fr, Libero.it, Virgilio.it) operates consumer-grade receivers with their own filtering quirks that are not covered by Postmaster Tools or SNDS, and which most US/UK boutiques treat as edge cases. We have heuristics for these built up over the years — Orange.fr's ARC sealing requirement (effective September 2024), T-Online.de's DMARC enforcement strictness, Web.de's reputation-led acceptance, all of which materially affect placement for senders with German, French or Italian audiences.

Third, the practical economics differ. A US-headquartered agency retainer at $2,000+/month is a non-starter for many mid-market senders globally; the equivalent at neutral-jurisdiction rates is workable. Our audit pricing reflects the reality that good deliverability engineering can be delivered at a fraction of the US/UK cost without compromising technical rigour, and that this is genuinely the right answer for many companies — and increasingly, for international companies that have realised they can buy the same depth of engagement for less.

Deliverability audit tiers

One-off or ongoing. Scope grows with the tier; the rigor does not change.

Audit Starter

From
299 /month

Setup: One-off

  • Full DNS audit — SPF, DKIM, DMARC, MTA-STS, BIMI, TLS-RPT
  • rDNS / PTR verification for all sending IPs
  • Blacklist check across 60+ RBLs
  • Inbox placement test across Gmail, Outlook, Yahoo, iCloud seed pool
  • SpamAssassin + Barracuda + Proofpoint content analysis
  • Written remediation report (12–18 pages)
  • 30-minute call walkthrough of findings
  • Turnaround: 3 business days
Request a quote
Most popular

Audit Standard

From
599 /month

Setup: One-off

  • Everything in Starter
  • Sending volume and bounce history analysis (last 90 days)
  • Engagement signal audit — opens, replies, spam complaints, list hygiene
  • MTA configuration review (PowerMTA, Postfix, MailWizz, Acelle)
  • IP reputation scoring vs sending pattern match
  • Competitor benchmark — same domain class, 3 peers
  • Prioritised fix roadmap — what to ship first, second, third
  • 60-minute technical call with senior deliverability engineer
  • Turnaround: 5 business days
Request a quote
Ongoing

Audit Retainer

From
899 /month

Setup: Monthly

  • Monthly audit cycle with trend dashboard
  • Continuous blacklist monitoring with alerts
  • Weekly inbox placement sampling
  • DMARC aggregate report parsing and triage
  • Quarterly deep-dive with your engineering team
  • Direct Slack / Telegram channel with on-call engineer
  • Advisory on migrations, IP swaps, domain changes
  • Priority remediation support (4h response)
Request a quote

Deliverability audit — frequently asked questions

How is this different from GlockApps, MailReach or Folderly?

Those are SaaS tools. You sign up, buy credits, send to a seed list and get a dashboard back. They are genuinely useful for what they do — but they diagnose, they do not remediate. Our audit is a human engagement. A senior deliverability engineer spends hours looking at your DNS, your rDNS chain, your sending MTA, your reputation history, your content, your engagement signals and your list quality, and delivers a written report with a prioritised fix list. If you want a dashboard, buy GlockApps. If you want a consultant who tells you "here is exactly what to change, in what order, and why", hire us.

What do I need to give you to start?

At minimum: a sample email you actually send, the domain(s) you send from, the IP(s) or range(s), access to your DMARC aggregate reports (or the XML files of the last 30 days), and 30 minutes to understand your current setup. For the Standard audit we also need read access to your MTA configuration, a sample of your last 90 days of bounce logs and a rough profile of the audience. For the Retainer we integrate with your infrastructure continuously.

How long does it take?

Starter: 3 business days from receipt of materials. Standard: 5 business days, because we do deeper behavioural and MTA analysis. Retainer: monthly cycle with a standing report on the first Monday of each month.

Will you sign an NDA?

Yes. We routinely sign mutual NDAs before touching any customer data. We also operate under a default assumption of confidentiality — nothing about your audit ever appears in a case study, a blog post or on this site without explicit written permission.

Do I need to move my infrastructure to you to act on the findings?

No. The audit report stands on its own. Most fixes are things your current provider or your internal team can ship: DNS records, content changes, list hygiene, MTA tuning. If the remediation requires infrastructure we provide (dedicated IPs, PowerMTA deployment, warmup service), we will tell you explicitly and give you a scoped quote. We do not gate the report behind buying more services.

What if the audit finds that my current provider is the problem?

We say so, in writing, with specifics. We have told customers "your current ESP has throttled your domain and will not rehabilitate your reputation — you need to move". We have also told customers "your current provider is fine, the problem is your list acquisition strategy". We have no financial incentive to blame anyone; our incentive is to be the trusted second opinion you come back to.

Can you audit a cold email programme?

Yes. Cold email deliverability is a different regime from marketing or transactional email because the engagement signals that warm up reputation are minimal by design. We apply cold-specific heuristics: mailbox rotation patterns, domain rotation, warm-up duration, reply-rate thresholds, the legitimate vs borderline split between cold and unsolicited. We have audited programmes running Instantly, Smartlead, Lemlist, Apollo and pure self-hosted cold setups.

Is this worth it if I only send 10,000 emails a month?

Probably not the Standard or Retainer. The Starter audit at € 299 makes sense for any sender whose business depends on email landing — even at low volume. Below about 5,000 emails a month, the free tools (Mail-Tester, MXToolbox) plus an hour of your own time tend to catch the big items. Above that, the blind spots start costing real money in missed replies.

Do you work with agencies white-labelled?

Yes. Several email marketing agencies white-label our audits. Your brand on the report, our engineers doing the work. Pricing is a flat 20% discount off list for 5+ audits per month, billed quarterly.

What is the single most common finding?

It varies by segment, but the top three repeat offenders on B2B senders are: (1) DMARC policy set to p=none for years, quietly missing the signal that explains everything; (2) PTR/rDNS chain set correctly on the first IP of the block but not on the rest; (3) bounce rate above 3% because the list has catch-all domains and spam traps that were never purged. Fixing those three closes roughly half of the "my emails land in spam" tickets we see.

Do you audit ARC (Authenticated Received Chain)?

Yes, and most competitors do not. If your mail is forwarded — through mailing lists, security gateways, ticketing systems, group aliases — DKIM signatures break and SPF realignment fails, which means a DMARC reject policy will quarantine legitimate mail. We check whether your domain consumes ARC headers correctly when you receive forwarded mail, and whether your sending path is producing ARC headers when it relays for others. ARC misconfiguration is one of the silent reasons "we deployed DMARC enforcement and our reply rates dropped".

Why is your pricing so much lower than InboxArmy or Holistic Email Marketing?

Two reasons. First, we operate from Panama (jurisdiction with GDPR-aligned data protection under Law 81 of 2019, outside Five Eyes) with a senior team that costs less to deliver from than a US- or UK-headquartered agency without sacrificing technical depth. Second, we run the same engineers across audits, hosting and remediation work, so the audit is not a standalone profit centre — it is the front door to a longer relationship. If you want a London consultancy with a London billing rate, buy a London consultancy. If you want senior engineering depth at neutral-jurisdiction rates, with a written report your team can ship from, this is it.

Stop paying for spam folder placement. Find out why it is happening.

Chat with us on WhatsApp