Skip to content
PROJECT-SCOPED · 5 BUSINESS DAYS

Find every reason your mail goes to spam.
Ranked by impact, with the fix for each.

A senior engineer spends five business days on your sending stack. DNS, authentication, IP and domain reputation across 84 RBLs, infrastructure, content patterns, list quality. You receive a PDF report ranking every issue from highest to lowest deliverability impact, each one with the specific fix.

Most audits surface 8 to 15 issues. About a third are resolvable in an evening of focused work; the rest require ongoing engineering. The report tells you which is which, so you spend your time where it actually matters.

Order on Telegram How the audit works
price €299
delivery 5 business days
format PDF + 30-min walkthrough
NDA mutual, included
why deliverability audits exist

Free checkers tell you what's broken. They don't tell you which broken thing matters.

Run your domain through MXToolbox, Mail-tester, or our own free SPF/DMARC validator and you'll get a checklist of green and red. That's useful. It's also where most senders stop, because the next question is harder. The checklist surfaces 12 things wrong and the audit's actual job is telling you which two you should fix first.

A missing MTA-STS record sounds like a problem. In practice it costs you maybe 1% of inbox placement at the receivers that enforce it strictly, and one of them is Microsoft. A 1024-bit DKIM key sounds like a problem too. It costs you closer to 6% at Gmail and any receiver that runs DMARC alignment scoring. Hard-bounce rate climbing past 1% over the past three campaigns? That's the one that gets you a Spamhaus listing in fourteen days. The first issue is a checkbox. The second one is a checkbox. The third one is the fire.

Free tools don't sort. Audit reports do. That's the difference and it's the €299. We rank by deliverability impact across the receivers that matter for your sending profile, not by how loud the alert sounds.

And we look at things the free tools can't see. Suppression-list hygiene. Per-segment engagement rates. The shape of your last three campaigns. Whether your warmup schedule actually matched what the receivers expected. Most reputation problems come from a stack of small issues compounding, not one big one. The audit finds the stack.

data from 200+ audits we've run

What customers actually gain after fixing.

Median inbox-placement improvement per fix category, measured 30 days after remediation. Hover bars for frequency. The categories at the top are where the audit pays for itself; the bottom ones are mostly hygiene.

Median inbox-placement gain by fix category

List quality cleanup
+28%
in 64% of audits
Authentication gaps (SPF/DKIM/DMARC)
+22%
in 71% of audits
rDNS / FCrDNS misalignment
+18%
in 39% of audits
Content pattern issues
+14%
in 52% of audits
Suppression-list hygiene
+12%
in 47% of audits
TLS / encryption gaps
+7%
in 28% of audits
Subdomain / pool architecture
+9%
in 22% of audits

Sample: 207 audits delivered 2023-2025, customers who completed remediation within 30 days, baseline measured 7 days pre-audit. Inbox placement averaged across Gmail, Outlook, Yahoo, Apple iCloud seed networks.

honest fit assessment

Who buys this, and who shouldn't.

good fit
  • Gmail or Outlook placement degraded recently and you don't know why. Volume hasn't changed. Content hasn't changed. But Postmaster Tools turned amber three weeks ago and stayed there.
  • Migrating from one ESP to another and you want to verify the destination is actually configured correctly before moving production traffic.
  • Inheriting an email stack from a previous owner, agency, or freelancer. You don't know what's right and what's deferred maintenance.
  • Planning to scale 5× and you need to know what breaks first before it breaks in production.
  • Buying a deliverability service from another vendor and you want a second opinion on the diagnosis before signing.
  • Compliance audit requires documented assessment of email infrastructure as part of SOC 2, ISO 27001, or industry-specific frameworks.
poor fit
  • Just want a quick check. Our blacklist checker, SPF/DMARC validator, and DKIM key audit are free, instant, and self-service. Run them first.
  • Looking for a magic fix to a categorically bad list. No audit fixes spam-trap accumulation, harvested addresses, or repeat-offender content. The fix in those cases is "stop sending to that list."
  • Need overnight turnaround. Five business days is the floor. Rush is not available. Senior engineers don't context-switch well.
  • Want a vendor recommendation. We audit. We don't sell other vendors' products. If you want a Mailgun-vs-SendGrid recommendation, the right move is the consulting hour, not the audit.
  • Volume below 30,000 monthly. Many reputation signals don't register reliably at that scale. The audit will surface authentication gaps and content issues, but reputation analysis comes back thin. Use the consulting hour instead.
five business days, hour by hour

What happens between order and delivery.

Click any day to see what we're doing and what you receive at the end of it. Total senior-engineer time on your account: 14-18 hours.

Day 0, Onboarding

~30 minutes of your time

Telegram intake. Brief, structured. We send a checklist of what we need: DNS provider login (read-only is fine), Postmaster Tools verification tokens or screenshots, SNDS dashboard access, ESP/MTA login or screenshot evidence, sample headers from the last three campaigns, list metadata (size, sources, last cleaned).

We confirm scope, expected timeline, NDA in place. The intake is designed so you provide what you have without scrambling. If anything's missing we tell you what we can audit without it and what we can't.

The five-day clock starts at the end of the intake call, not at order placement. We don't bill you for paperwork.

scope of work

What's in the audit. All of it.

01

DNS authentication audit

SPF record syntax verified. The 10-lookup ceiling counted exhaustively (most auditors miss this; we don't). All include: chains traversed and counted. Soft-fail vs hard-fail terminator assessed against your sending profile.

DKIM key strength inspected per active selector. 1024-bit keys flagged (Gmail and Yahoo treat them as weaker than 2048). Selector naming convention audited for rotation discipline. Test sign-and-verify performed.

DMARC policy and percentage assessed. Alignment modes (strict vs relaxed) documented. rua= aggregate report ingestion verified, a DMARC record with no rua= is a record running blind. Subdomain policy explicit (sp= set, not inherited).

MTA-STS policy file fetched at the well-known path and validated. _mta-sts.<domain> TXT record matched against policy id. TLS-RPT companion record present and pointing somewhere. BIMI eligibility check if your DMARC is at p=quarantine or p=reject.

Each finding includes the specific record content as it should be, not just "fix authentication." Copy-paste ready.

02

IP and domain reputation

Every active sending IP queried against our 84-RBL coverage. Spamhaus SBL, CSS, XBL, DBL, PBL, ZEN, plus Barracuda, SORBS, UCEPROTECT levels 1-3, SpamCop, Invaluement, SURBL, Spamrats, plus 70+ smaller RBLs. Listings documented with timestamp, suspected cause, and remediation path.

Postmaster Tools dashboard interpreted. Domain reputation, IP reputation, spam rate, authentication results, encryption rate, delivery errors. Trend analysis over the past 30 days where data is available. Specific receivers with degraded reputation flagged with their impact estimate.

SNDS color rating per IP. Trap-hit counts. Sample rejection reasons. Microsoft consumer-mailbox signals. Yellow rating triggers warning; red gets root-cause analysis.

Historical complaint rate trends pulled if your stack exposes them. FBL data ingestion rate verified. Bounce-rate trends per receiver, per campaign, per segment if possible.

03

Sending infrastructure

Reverse DNS verified per active sending IP. FCrDNS loop closure tested (forward A record matches PTR; PTR matches forward A). HELO/EHLO alignment with rDNS confirmed by reading actual SMTP transactions, not config files.

MTA configuration audited for known anti-patterns. PowerMTA: VMTA pool architecture, per-receiver throttling profiles, accounting file rotation cadence, bounce categorisation rules. Postfix: smtp_helo_name consistency, smtp_tls_security_level, message_size_limit. MailWizz: queue worker count, supervisor health, FBL parser status.

Subdomain strategy reviewed. Single-domain senders flagged for the single-point-of-failure pattern. Multi-domain senders checked for snowshoe-detection avoidance (stable assignments, real per-domain reputation, not rotating mechanically).

04

Content and engagement

Last three campaigns analysed. Spam-keyword density, link patterns, URL shorteners, image-to-text ratio. Bayesian classifier inputs estimated. Subject-line patterns checked against known volatility triggers (excessive caps, money emojis, urgency words at scale).

List-Unsubscribe header presence (RFC 8058 one-click) verified. mandatory for senders past 5,000 daily volume per Gmail/Yahoo bulk-sender requirements (Feb 2024 onwards). List-Unsubscribe-Post header verified in tandem. Header order audited for receivers that care.

Per-segment engagement rates pulled where ESP exposes them. Open-rate and click-rate trends by signup source. Dead-segment identification (subscribers with zero engagement past 90 days). These are the slowest poison in any list.

05

List quality assessment

Sample of 1,000-5,000 random addresses validated through commercial APIs (NeverBounce or Kickbox depending on your jurisdiction preferences). Identification of likely spam-trap addresses by pattern (recycled domains, disposable-email patterns, role addresses, syntax-valid-but-undeliverable).

Engagement-decay segments measured. The fraction of your list that hasn't opened in 60, 90, 180 days reported with retention recommendations. Suppression-list size cross-checked against active list size to confirm hygiene discipline.

Acquisition-source analysis where data is available. Segments from cold sources flagged separately from opt-in segments because they require different handling and the comingling is itself a finding.

06

Prioritised PDF report

Findings ranked High / Medium / Low by deliverability impact, with estimated effort to remediate per finding. Suggested order of operations (do these three first because they unblock the next four). Where multiple findings have a common root cause, the cause is named once and the downstream findings reference it.

For findings that need our hands-on remediation, transparent pricing for follow-on services. No upselling pressure. We tell you what costs what and you decide whether to engage us, your team, or a competitor. About 40% of audit customers do their own remediation. About 35% engage us for at least part. About 25% engage a different vendor or freelancer. All three outcomes are fine; the report doesn't change based on which you pick.

vs the alternatives

How this compares to other ways of getting an audit.

Toggle the rows to highlight what matters to you. Most senders end up choosing based on either depth of reputation analysis or cost-of-time.

  us
ASH Audit		 Mailgun Inbox
Placement		 Litmus
Email Analytics		 GlockApps
Inbox Insight		 DIY
(your team)
Cost €299 one-time $199/mo
(annual contract)		 $199/mo
(billed annually)		 $159/mo 40-80h
engineer time
Time to first findings 5 business days Live dashboard, ongoing Live dashboard, ongoing Per-test, ~minutes 2-4 weeks
DNS authentication review ✓ Full + remediation ✓ Surface check ✓ Surface check Depends on engineer
RBL coverage 84 lists ~10 lists ~50 lists Depends on tooling
Infrastructure audit (rDNS, MTA) ✓ Full ✓ If experienced
Content + Bayesian analysis ✓ Per-campaign Spam-test add-on ✓ Spam Filter Tests ✓ Spam-score check Often skipped
List quality assessment ✓ API-validated sample If validation budget
Prioritised remediation roadmap ✓ Ranked PDF Dashboard alerts Dashboard insights Per-test results Internal doc, varies
Walkthrough call included ✓ 30 minutes Support ticket Support ticket N/A
Annual cost equivalent €299 once ~€2,200/yr ~€2,200/yr ~€1,750/yr €2,000-12,000
opportunity cost

Pricing reflects publicly listed tiers as of 2026. Mailgun and Litmus operate recurring SaaS models tuned for ongoing monitoring; their value is over twelve months, not one assessment. Our audit is one-shot deep; their platforms are shallow but continuous. Different products for different problems. The Deliverability Monitoring addon (€49/mo) is our equivalent ongoing tier if that's what you need.

who actually audits you

Senior engineer. Not a sales rep, not a junior.

Every audit goes to one of three engineers on our team, all with hands-on production experience operating PowerMTA, MailWizz, and dedicated infrastructure at scale. The engineer who reads your headers is qualified to deploy what they recommend. Audit reports written by junior staff are why most "deliverability audits" in this industry are a glorified MXToolbox export with extra paragraphs.

Two practical consequences. First, scope is genuine. We can poke at things we recommend (config files, DNS tooling, packet captures) because we run this stack ourselves. Second, the report is honest. If the right answer for you is "stay on Mailchimp because your volume doesn't justify migration," we say so. Nothing in our pricing model rewards us for inflating the remediation scope.

About 60% of audit customers find at least one finding they hadn't previously suspected. About 25% find that the issue they assumed was critical is actually middle-tier, and the real problem is somewhere they hadn't looked. That's the audit doing its job.

questions before you order

Frequently asked.

Will the audit fix my problems?

No. The audit identifies issues and specifies the fix. Some fixes you can do yourself in an hour (publish a missing DMARC record, add a List-Unsubscribe header, retire a 1024-bit DKIM key). Others require ongoing engineering (full IP warmup, suppression-list rebuild, list-quality cleaning at scale, blacklist removal). The report tells you which is which and we offer transparent pricing on the engineering work, no obligation.

I don't have ESP login credentials handy. Can you still audit?

We audit what we can see. DNS, RBL coverage, and content-pattern audits don't need credentials. Infrastructure audit benefits from MTA config access but works on screenshot evidence. Postmaster Tools and SNDS need either delegation or screenshots. We adapt depth to what you can provide and the report explicitly notes anything we couldn't verify and why. About 15% of audits run on partial access; results are slightly thinner but still useful.

Do you sign an NDA before the audit?

Yes. Standard mutual NDA, sent via Telegram before the intake call. Your business specifics, list sizes, content samples, and findings stay confidential. We don't quote audit findings publicly, in marketing, or to other customers. Standard practice.

What if the audit surfaces something critical mid-week?

We flag it immediately, not at end of week. Critical findings, active Spamhaus listing causing live revenue loss, DMARC reject misconfiguration breaking real mail flow, an active phishing impersonation we noticed in your DNS, get surfaced within hours of detection so you can act even before the formal report ships. The report still lands at end of week with the rest of the findings; the urgent items get a head-start.

Can I share the report internally?

Yes, freely. The report is yours. No watermarks. No "for client X only" restrictions. No DRM. Most customers send it to their CTO, founder, agency, board, or compliance auditor. Some publish redacted excerpts in their own internal documentation. Up to you.

Do you also offer ongoing audits?

Yes, but most senders don't need them. The audit is a snapshot. After remediation, our Deliverability Monitoring addon (€49/mo) handles continuous tracking, Postmaster Tools daily, SNDS hourly, 84 RBLs every 5-15 minutes, alerts on degradation. Re-audit only when something material changes (new ESP, big volume jump, new market segment, suspected ongoing issue that monitoring isn't catching).

What if I disagree with a finding?

Push back on Telegram during the walkthrough or after. Findings are based on observable signals, not opinions, but interpretation can vary by sending profile. We'll show you the underlying evidence, the specific RBL listing, the specific Postmaster Tools data, the specific SMTP transaction, and either we adjust the assessment or we explain why we stand by it. No ego in the loop. The report's value comes from being right, not from being assertive.

Can the audit be delivered in a language other than English?

Spanish yes. Other languages by quote. The PDF report and walkthrough call are in English by default; Spanish delivery adds about a day to timeline (translation review by a native speaker on our side). Mention at intake.

Does the audit cover transactional email, marketing, or both?

Both, audited separately. Transactional and marketing have different failure modes (transactional cares about latency and per-message reliability; marketing cares about per-segment engagement and reputation aggregation), and we audit them as distinct streams when both run on your stack. The report has separate sections for each.

How does payment work? Can I pay after delivery?

Standard process: half upfront (€150) on intake, half (€149) on delivery. Payable in any of our 11 supported cryptocurrencies. Self-hosted BTCPay, no third-party processor, no KYC. Invoice generated automatically on order. If the audit runs into anything that requires scope expansion (you have 50 sending domains instead of one), we quote the expansion before doing the work.

also relevant

Related services and references.

bundle

Recovery Pack

60-day rehabilitation for chronic reputation issues. Includes audit + remediation + monitoring.

 one-time

Blacklist Removal

Single-shot delisting for specific RBL listings. €149.

 recurring

Deliverability Monitoring

Continuous tracking after remediation. €49/mo.

 reference

Sender Reputation

How reputation actually works at major receivers.

 free tool

84-RBL checker

Check your IPs and domains against 84 blocklists. No signup.

 free tool

SPF / DKIM / DMARC validator

Audit your authentication records yourself. Instant.

Audit methodology and what the assessment actually covers

Our audit methodology covers the operational dimensions that produce deliverability outcomes rather than focusing narrowly on authentication or configuration alone. The structural reasoning is that deliverability problems usually involve multiple interacting factors; an audit limited to authentication alone misses the broader operational context that produces the actual outcomes.

Standard audit scope: authentication architecture review (SPF, DKIM, DMARC, MTA-STS, TLS-RPT configurations across all sending sources), sending infrastructure assessment (MTA configuration, IP allocation, geographic distribution, redundancy), list quality analysis (acquisition source review, bounce patterns, complaint patterns, engagement segmentation), content pattern review (template fingerprint analysis, content evolution patterns), monitoring infrastructure assessment (what signal sources are configured, alerting effectiveness, response procedures), operational discipline evaluation (incident response history, recovery procedures, ongoing improvement practices).

The audit produces a written report covering each dimension with specific findings, prioritized recommendations, and an estimated remediation path. The report length typically runs 25-50 pages depending on operational complexity; the structure is consistent across audits to facilitate customer review and to support comparison if the customer engages periodic re-audits.

Beyond the written report, audit engagements include a debrief conversation where customer team can discuss findings, ask questions about specific recommendations, and align on remediation priorities. The debrief matters because written reports alone do not capture the conversational nuances that help customers convert findings into action.

Common audit findings and typical remediation patterns

Findings across our completed audits cluster into patterns that recur regardless of customer specifics. The patterns below capture what audits typically surface plus the typical remediation paths.

Authentication issues: misconfigured SPF (most often: exceeding 10-lookup limit, missing IPs, syntax errors), incomplete DKIM (most often: 1024-bit keys, missing signatures on some sending paths, weak algorithms), DMARC at p=none indefinitely without progression to enforcement. Remediation typically takes 4-12 weeks depending on third-party vendor coordination requirements.

List quality issues: acquired data without proper opt-in verification, accumulated unengaged segments without sunset policies, insufficient bounce processing producing repeated sends to invalid addresses, complaint processing delays beyond receiver-expected windows. Remediation involves operational discipline changes plus initial list cleanup work; full effect typically materializes over 60-90 days.

Sending infrastructure issues: single-IP operations at volumes warranting diversification, shared IP infrastructure with mixed reputation, geographic misalignment between sending source and recipient distribution. Remediation involves infrastructure changes with 30-45 day reputation warmup periods.

Content pattern issues: heavy promotional language producing receiver classification penalties, missing or broken unsubscribe mechanisms, content templates that have not evolved in years producing fingerprint accumulation, mismatched From-name and visible sender producing trust signals.

Operational discipline gaps: insufficient monitoring (single signal source rather than multi-source coverage), reactive rather than proactive incident response, lack of regular review processes for trending metrics, no formal recovery procedures from common incident types. Remediation involves operational practice changes plus tooling deployment.

Audit pricing structure and deliverable format

Audit pricing reflects scope rather than time-and-materials billing. The standard audit covers single-domain operations with up to 5M monthly volume at EUR 1,500 fixed price. The price includes the assessment work, written report, debrief conversation, and 30-day follow-up access for clarifying questions about findings.

Extended audit for larger operations or complex multi-domain configurations runs EUR 2,500-4,000 based on the specific scope. Multi-domain operations with substantial diversification, ESP-style operations with downstream customer considerations, operations spanning multiple jurisdictions or compliance frameworks typically fall into extended audit scope.

Compliance-focused audits for organizations preparing for SOC 2, ISO 27001, or PCI DSS audits with email infrastructure scope run EUR 3,500-6,000. The pricing reflects the additional documentation required for compliance evidence packaging beyond standard audit deliverables.

Follow-up audits at periodic intervals (typically annual or semi-annual) run at reduced pricing because we have institutional context from previous audits. Standard follow-up audit runs EUR 1,000 for operations within the original scope, with adjustments if scope has expanded since previous audit.

The deliverable format is consistent across audit types: written report with executive summary plus detailed findings, prioritized recommendation list, estimated remediation effort and timeline, references to specific evidence supporting findings, follow-up question access. The format supports both immediate customer use and longer-term reference as remediation work progresses.

Ready to know what's actually wrong?

Telegram intake takes 30 minutes. Five-day clock starts after that. PDF report and walkthrough delivered on day five. Median customer outcome: 18% improvement in inbox placement within 30 days of remediation.

Order on Telegram Submit ticket

# Median Telegram response: 12 minutes during operating hours