A cold email deliverability audit service is a systematic diagnostic of every layer that determines whether your outbound emails hit the primary inbox or get filtered, deferred, or blocked outright. According to Validity's 2025 Benchmark Report, the average global inbox placement rate sits at 83.1% — meaning roughly 1 in 6 emails never reaches the inbox at all. Most teams only run a deliverability audit after open rates have already cratered, which means weeks of reputation damage have already stacked up. This guide covers every checkpoint a professional audit covers, why each one matters, and what the average DIY check completely misses.
What Is a Cold Email Deliverability Audit Service?
A cold email deliverability audit is a full diagnostic of everything that affects whether your outbound emails land in the primary inbox or get quietly buried. An agency-run audit goes far beyond a basic SPF check — it maps every layer of your sending setup against current inbox provider requirements, flags specific failure points, and gives you a prioritized fix list.
Think of it as a pre-flight checklist for your outbound motion. Before you start scaling any B2B outbound system, every layer of your infrastructure needs to hold up under scrutiny. An audit tells you exactly where you stand before volume increases do real reputation damage.
A professional cold email deliverability audit covers eight core areas:
- Email authentication — SPF, DKIM, and DMARC records
- Domain and IP reputation — scores across major providers
- Blacklist status — presence on Spamhaus, Barracuda, Proofpoint lists
- Sending infrastructure — domain setup, ESP selection, PTR records
- Warmup status — whether your domains have earned their sending volume
- List quality — bounce rate, verification practices, data freshness
- Content scoring — spam trigger words, link reputation, format issues
- Inbox placement — where emails actually land across Gmail, Outlook, and Yahoo
Each one is a potential failure point. Miss any of them and your open rates will eventually tell you — usually a few weeks after the damage is done. For a foundational overview of the topic, start with our full breakdown of cold email deliverability, then use this guide to understand what a professional audit examines in depth.
Authentication Check: SPF, DKIM, and DMARC
Authentication is the first thing any cold email deliverability audit checks — and it's where most problems are hiding. Google, Yahoo, and Microsoft all require valid SPF, DKIM, and DMARC records from senders, with spam complaint rates under 0.3%, or messages get rejected at the SMTP level. Non-compliant emails don't land in spam — they don't arrive at all.
SPF (Sender Policy Framework)
SPF tells inbox providers which IP addresses are authorized to send mail on behalf of your domain. A misconfigured SPF record — or one that exceeds the 10 DNS lookup limit — causes authentication failures silently. An audit validates your SPF syntax, traces include chains for lookup count violations, and confirms proper alignment with your sending domain.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to outgoing messages proving the content wasn't altered in transit. Agencies check that your key is at least 2048 bits (1024-bit keys are no longer sufficient for 2026 standards), that your signing domain matches your From domain, and that signatures are passing consistently across providers — not just on test sends.
DMARC Policy and Reporting
DMARC is the policy layer that tells inbox providers what to do when SPF or DKIM fails. Despite SPF adoption reaching 93% and DKIM at 90% in 2026, Unspam's 2026 deliverability data shows DMARC adoption is still only 64% — meaning over a third of sending domains have zero policy in place. An audit checks your current policy level (none / quarantine / reject), your rua and ruf reporting addresses, and whether anyone is actually reading and acting on those aggregate reports.
| Record | What It Proves | Common Failure Points |
|---|---|---|
| SPF | Authorized IP is sending on your behalf | Too many DNS lookups, missing sending service includes |
| DKIM | Message content wasn't modified in transit | Key size under 2048-bit, wrong selector configured |
| DMARC | Alignment policy is enforced | Stuck at p=none, reporting addresses nobody monitors |
If authentication is broken, nothing else in your deliverability setup matters. Fix it first. If you've already addressed authentication but emails are still going to spam, the next layer of issues is covered in our guide on cold email spam fixes.
Domain Reputation and Blacklist Analysis
Domain reputation is the primary signal inbox providers use to decide where your email lands in 2026. Authentication proves your identity — reputation determines how you're trusted. An audit checks your sending domain's reputation score across Google Postmaster Tools and third-party sources, then cross-references every sending IP and domain against major blacklists.
Google Postmaster Tools Review
Google Postmaster Tools is the best free data available on your Gmail sending reputation. Agencies check your domain reputation score (ranging from Low to High), your spam rate trend over the rolling 30-day window, and your delivery error breakdown. A spam rate consistently above 0.10% is a yellow flag. Above 0.30% and you're in Google's active enforcement zone — and they will start throttling or blocking your sends without warning.
Blacklist Status Check
Blacklists are databases of domains and IPs that inbox providers reference when filtering. An audit checks your sending domains and IPs against Spamhaus, Barracuda, SORBS, and Proofpoint using tools like MXToolbox. Landing on Spamhaus DBL in particular is serious — it can trigger complete blocking at Gmail and Outlook simultaneously.
According to ValidPeak's 2026 blacklist monitoring guide, high-volume senders pushing over 10,000 emails per day should be checking their IPs and domains hourly. Most outbound teams sending under 1,000 emails/day should check daily at minimum — not weekly, and definitely not only when things start breaking.
A professional audit doesn't just flag whether you're listed — it identifies the root cause. It's almost always one of three things: bounce rates spiking above 2%, a spam complaint surge, or sending to a spam trap address. Each requires a completely different remediation approach.
Sending Infrastructure and Warmup Status
Most teams configure their sending setup once and never look at it again. Your infrastructure choices directly affect deliverability, and an audit reviews your complete setup: which domains you're using, how they were built, whether they've been properly warmed, and whether your current sending volume matches the reputation your domain has actually earned.
Domain Configuration Review
Running cold outreach off your primary company domain is one of the most common and damaging mistakes in cold email. A deliverability audit checks whether you're using dedicated outbound domains — separate from your main domain — that protect your primary domain's reputation regardless of what happens with your campaigns. Agencies also audit your PTR (reverse DNS) records, which need to resolve back to your sending domain. Mismatches here are a deliverability flag that almost never gets caught without an audit.
Warmup Status Assessment
A new mailbox with zero sending history can't go straight to high volume. Agencies review your warmup history against your current daily send count — how many emails went out in week one, what ramp schedule you followed, and whether today's volume is consistent with your domain's age and reputation trajectory.
The standard warmup protocol starts at 5–10 emails per day in week one and scales gradually over 4–6 weeks. Most outbound teams should cap cold send volume at 30–50 emails per mailbox per day even after warmup completes. Jumping over that threshold on a fresh domain — even with perfect authentication — triggers volume-based spam filtering.
ESP Selection Check
The email service provider you send through matters. Google Workspace and Microsoft 365 mailboxes carry established infrastructure trust with their own networks, making them generally preferred over third-party SMTP relays for cold outreach. An audit checks whether your ESP choice is creating inherent deliverability disadvantages that better infrastructure would eliminate.
List Quality and Bounce Rate Review
Your contact list is a direct input to your sender reputation. High bounce rates and stale data signal to inbox providers that you're sending to invalid or unengaged addresses — and they filter accordingly. An audit reviews your list hygiene practices and actual bounce metrics across recent campaigns.
Hard Bounce Rate Analysis
A bounce rate above 2% is a serious deliverability red flag. Hard bounces — emails sent to addresses that simply don't exist — are entirely preventable with proper list verification, which makes them especially damaging from a reputation standpoint. An audit reviews your bounce data across 8–12 weeks of campaigns to identify whether you're consistently over the threshold or spiking on specific campaigns or list segments.
The impact compounds fast. According to data from Instantly's 2026 Cold Email Benchmark Report, bottom-performing campaigns average bounce rates of 12% or higher, and those senders see their inbox placement collapse across every subsequent campaign — not just the one with the bad list.
List Verification Practices
Agencies check whether you're running verification before importing any contact list into your sending platform. Unverified lists — even from reputable data providers — can carry invalid address rates of 5–15%. Email data also decays at roughly 3.6% per month, which means a list that was clean six months ago may now have meaningful bounce exposure. If you need a framework for building a verified B2B lead list from scratch, sourcing and verification come before any email goes out.
Spam Trap Risk Assessment
Spam traps are addresses maintained solely to catch senders with bad list hygiene — and hitting one is a fast path to blacklisting. They come in three types: pristine traps (addresses that never belonged to real people), recycled traps (formerly valid addresses reactivated as traps), and typo traps (common misspellings of real domains like gnail.com). An audit looks for signals in your sending data that suggest spam trap exposure before it becomes a blacklist event. Understanding B2B buying signals also helps target genuinely active prospects, reducing the risk of sending to dormant or recycled contacts.
Content and Spam Filter Scoring
Content is the third deliverability layer, behind authentication and reputation. Even with clean records and a solid domain reputation, certain words, formatting patterns, and link structures can push your emails into spam. An audit runs your live templates through spam filter scoring to catch the specific triggers that are hurting placement.
Spam Trigger Word Analysis
Certain phrases — "free," "guaranteed," "click here," "limited time offer," "no obligation" — carry heavy spam filter weight. Agencies review your templates for high-risk language and flag phrases that add no persuasive value anyway. The goal isn't sanitized, robotic copy — it's removing the phrases that hurt placement without adding anything to the conversation.
Link and Tracking Domain Audit
Every link in your email gets scanned by inbox provider filters. Shared link shorteners, tracking domains with poor sending history, and links to pages with broken TLS or slow load times all contribute to worse placement. An audit checks every link you're including for reputation issues and redirect chains that create additional filter signals. Your cold email offer delivery structure matters as much as the offer itself — how you present it affects whether it reaches anyone.
Format and Template Review
Cold emails that look like marketing campaigns get filtered like marketing campaigns. An audit examines your email structure — HTML-heavy templates with excessive styling, multiple images, or complex formatting perform worse in cold outreach than plain-text or minimal-HTML formats. The format most likely to hit the primary inbox in cold outreach still looks like something a real person actually typed.
Inbox Placement Testing with Seed Lists
Inbox placement testing is the most revealing part of a cold email deliverability audit — and the step most DIY audits skip entirely. A seed list test sends your email to a controlled network of test addresses across every major provider and reports back exactly where each one landed: primary inbox, spam, promotions tab, or missing entirely.
How Seed List Testing Works
Tools like GlockApps maintain networks of over 100 seed mailboxes across global providers and check your emails against five major spam filters: Google, Microsoft EOP, Barracuda, SpamAssassin, and Proofpoint. You send to the seed list, and within minutes you get a provider-by-provider breakdown of actual inbox placement — with a side-by-side comparison of what's passing and what's failing across filter types.
This is the only way to know with certainty that your emails are landing in Gmail's primary inbox versus spam. Open rate data from your sending tool can't tell you this, because opens only register from emails that were delivered and visible enough to be clicked.
Multi-Provider Placement Analysis
Deliverability isn't uniform across providers. You can have 90%+ inbox placement at Gmail and 60% at Outlook simultaneously, because each platform uses different filtering signals and separate reputation databases. According to Validity's 2025 Benchmark Report, Microsoft's platform ran the highest spam rates among major providers — exceeding 14% — which means Outlook deserves specific attention if your prospects are predominantly on Microsoft infrastructure.
Inbox placement patterns also vary meaningfully by vertical. Whether you're running SaaS cold email campaigns, financial services outreach, commercial real estate prospecting, or staffing and recruiting campaigns — your prospect pool's dominant mail provider will shape where deliverability issues surface first.
What Most DIY Audits Miss
Running a basic deliverability self-check isn't hard. Most teams look at their SPF record, run a single MXToolbox blacklist check, and call it done. That's about 20% of what a full cold email deliverability audit covers. Here's what almost always gets skipped.
DMARC Aggregate Report Interpretation
DMARC aggregate reports (rua reports) tell you which services are sending email on behalf of your domain, which are passing authentication, and which are failing. Most teams have DMARC set to p=none with a reporting address they never monitor. An agency audit pulls and interprets these reports — and regularly finds third-party senders like CRMs, marketing tools, and support platforms failing alignment without anyone noticing. These unauthorized senders drag down your overall authentication posture even when your cold email setup is clean.
Cross-Campaign Reputation Trend Analysis
A single campaign's metrics don't reveal reputation trends. Looking at 8–12 weeks of data across multiple campaigns does. Agencies track sending volume consistency, complaint rate trajectories, and bounce rate trends over time to catch deteriorating reputation before it becomes a blacklist event. Catching this early is the difference between a 2-week fix and a 12-week recovery.
Reply-Rate vs. Open-Rate Correlation
Inbox providers in 2026 weight engagement signals heavily — and replies carry more weight than opens. If your open rate is acceptable but reply rate is near zero, providers may still interpret your sends as low-quality outreach nobody wants. Agencies look at this correlation and assess whether low engagement is creating downstream placement issues on subsequent sends. Pairing a deliverability audit with AI reply classification helps you track true engagement signals at scale and surface the patterns that matter most for reputation.
Multi-Channel Interaction Assessment
Running simultaneous cold email and LinkedIn outreach to the same contact list isn't just a sequencing question — it can affect deliverability if it drives complaint spikes or reply patterns that inbox providers misread as unsolicited bulk. A thorough audit considers your whole outbound motion, not just the email channel in isolation. For the framework on combining both channels effectively, see our guide to email and LinkedIn multi-channel outreach. And if you're evaluating the right channel mix for your situation, the breakdowns of cold email vs. LinkedIn and cold email vs. SDR are worth reading before you decide where to focus.
Get a Free Cold Email Deliverability Audit
Arvani Media is a B2B outbound agency specializing in done-for-you cold email campaigns, LinkedIn outreach, and full email infrastructure management. If your open rates are dropping, your emails are going to spam, or you want to know exactly where your setup stands before you scale — book a free strategy session and we'll audit your cold email deliverability at no charge.
We'll check your authentication records, domain reputation, warmup status, list quality, and inbox placement — then walk you through exactly what needs to be fixed and in what order. If you're curious about what agency-run outbound looks like end-to-end, you can also review cold email agency pricing to understand what factors affect the cost before we talk.
Book Your Free Outbound Audit →
Frequently Asked Questions
A cold email deliverability audit checks your SPF, DKIM, and DMARC authentication records, domain and IP reputation scores, blacklist status, sending infrastructure configuration, domain warmup history, list quality and bounce rates, email content spam scoring, and inbox placement across Gmail, Outlook, and Yahoo using seed list testing. A professional audit covers all eight layers — not just the authentication records most teams validate on their own.
Run a full audit before launching any new cold email campaign and after any significant change to your sending setup — new domain, new sending tool, or new contact list source. For active campaigns, monitor bounce rate, complaint rate, and open rate trends weekly, and run a deeper audit quarterly or any time you notice a meaningful drop in open or reply rates.
A spam score check (like Mail-Tester) only evaluates your email content against filter rules — it doesn't check domain reputation, blacklist status, warmup history, or actual inbox placement across providers. A full cold email deliverability audit covers all of those layers. You can have a perfect spam score and still land in spam if your domain reputation is damaged.
You can run parts of a deliverability audit yourself using free tools like Google Postmaster Tools, MXToolbox, and Mail-Tester. However, a DIY audit typically misses DMARC aggregate report analysis, multi-provider inbox placement testing with seed lists, and cross-campaign reputation trend analysis — the layers that require either paid tools or experienced interpretation to act on correctly.
Authentication issues — SPF, DKIM, DMARC misconfigurations — can typically be resolved within 24–48 hours once you know exactly what to fix. Domain reputation and blacklist recovery takes much longer: expect 6–12 weeks of disciplined sending with verified lists, corrected authentication, and suppressed unengaged contacts. The faster you run audits and catch problems early, the shorter the recovery timeline.
