Skip to content
PowerMTA Experts

Deliverability service

A deliverability audit that goes down to the sending infrastructure.

A deliverability audit is a provider-by-provider diagnosis of why your mail lands where it lands — authentication, domain and IP reputation, list data, content, and the sending infrastructure underneath it all. We measure the whole program against how Gmail, Yahoo and Microsoft filter in 2026, then hand you a ranked list of what to fix.

Free 25-point audit Talk to an expert

A deliverability audit is a provider-by-provider diagnosis of why mail lands where it lands, across five layers: authentication (SPF, DKIM, DMARC and alignment), domain and IP reputation, list and data hygiene, content and engagement, and the sending infrastructure underneath. It is measured against how Gmail, Yahoo and Microsoft actually filter in 2026 — the bulk-sender rules that went live between February 2024 and May 2025 — and delivered as a written assessment that ranks each finding by how much inbox placement it is costing. The distinction it turns on is that delivery, whether a server accepted the message, is not deliverability, whether the message reached the inbox rather than spam or the Promotions tab.

In short

  • Delivery and deliverability are different measurements: almost every sender passes delivery, while the gap to actual inbox placement is where a campaign quietly loses most of its value.
  • The rules moved hard between 2024 and 2026 — Gmail and Yahoo enforcement from February 2024, Microsoft from May 2025 — and most sending programs were built against the older rules.
  • A spam complaint rate under the 0.30 percent line only means you are not being rejected outright; it says nothing about whether engaged recipients see your mail in the inbox.
  • The 5,000-messages-a-day bulk threshold is counted per provider and binds transactional senders too, so SPF, DKIM, DMARC and alignment are required well beyond marketing mail.
  • The audit reads five layers and ranks findings by placement cost; because the team resells no ESP or IP space, the report has no commercial reason to point one way.

Two senders with the same email service provider, the same list size and the same content can see completely different results, and only one of them ever finds out why. Delivery — whether a receiving server accepted the message — is the easy number, and almost everyone passes it. Deliverability is the harder one: whether the message reached the inbox rather than the spam folder or the Promotions tab. The gap between the two is where a campaign quietly loses most of its value, and it does not show up in an open-rate chart.

A deliverability audit is the work of closing that gap deliberately. It reads every layer that a mailbox provider weighs when it decides where to put your mail, ranks the problems by how much placement each is costing, and says in plain language what to change. The reason to run one is rarely a single broken setting. It is that the rules underneath email moved hard between 2024 and 2026, and most sending programs were built against the rules that came before.

Delivery is not deliverability

The distinction matters enough to be worth a precise statement. A 98% delivery rate means receiving servers accepted 98% of what you sent. It says nothing about where those messages went after acceptance. According to Validity’s 2025 benchmark, the global inbox-placement rate sits at 83.5% — roughly one in six legitimate marketing emails is delivered but never seen, because it lands somewhere the recipient does not look. A program can post a delivery rate it is proud of and still leak a sixth of its reach into folders nobody opens.

Placement also varies far more than averages suggest. Industry analyses put inbox placement for a strong-reputation sender around 92%, while senders whose reputation has slipped below the rough equivalent of a 70/100 score often see placement fall under half. Domain history pulls in the same direction: a new domain with no track record commonly starts near 55% inbox placement, against roughly 85% for a mature one — about a thirty-point penalty for being new. The audit exists because these are the differences that decide whether email pays for itself, and none of them are visible from the send side alone.

Inbox placement, selected 2025–2026 benchmarks
Sender profileInbox placement
Strong-reputation sender92%
Global average (all senders)83.5%
New / unwarmed domain55%
Weak reputation (below ~70)50%

Source: Validity 2025 Deliverability Benchmark (global average); reputation and domain-age figures per industry analyses, 2025–2026. Figures are directional benchmarks, not guarantees.

What changed underneath email between 2024 and 2026?

For most of email’s history the largest mailbox providers nudged non-compliant senders. They stopped nudging and started refusing. Google and Yahoo set the same bar on 1 February 2024: any domain sending 5,000 or more messages a day to their users needs SPF, DKIM and DMARC, has to keep spam complaints low, and must offer one-click unsubscribe on promotional mail. Microsoft adopted the same authentication floor on 5 May 2025, with its own hard-rejection code for mail that misses it. Then, in November 2025, Google escalated Gmail from temporary deferrals to permanent rejections for non-compliant bulk mail.

Three details in those rules trip up senders who skim them. The 5,000-a-day threshold is counted per provider, not across your whole program, so 4,000 daily messages to Gmail and another 4,000 to Outlook leaves you under each line while feeling like a high-volume sender. The bulk classification, once earned, does not expire if your volume later drops. And non-compliant mail is not filtered to spam — it is bounced at the SMTP level, with a code that tells you exactly which requirement failed. The table below sets the three providers side by side, because the principles rhyme but the specifics do not.

Provider Enforcement Spam complaint line Rejection code Unsubscribe Monitoring
Google (Gmail) Live 1 Feb 2024; permanent rejections from Nov 2025 Below 0.30% (target below 0.10%) 550 5.7.26 / 550 5.7.350 RFC 8058 one-click, required on promotional mail Postmaster Tools v2 — Compliance Dashboard
Yahoo / AOL Live 1 Feb 2024 Below 0.30%, judged on Yahoo’s own complaint data 550 5.7.9 RFC 8058 one-click; DKIM key 1024-bit minimum Complaint Feedback Loop (CFL)
Microsoft (Outlook, Hotmail, Live) Live 5 May 2025 No public per-domain threshold; IP-level reputation 550 5.7.515 (Safe Senders do not bypass) Functional unsubscribe expected; RFC 8058 not mandated Smart Network Data Services (SNDS)

Requirements as published by Google, Yahoo and Microsoft; dates and codes confirmed against current provider guidance during the audit. Yahoo applies one DKIM-key-length minimum; Microsoft publishes no per-domain complaint threshold.

One more shift sits behind the rules and matters more than any of them. Authentication and a clean complaint rate are now the price of admission, not the thing that wins the inbox. Mailbox providers lean on engagement — opens, replies, folder moves, deletions without opening — because those signals are far harder to fake than a DNS record. Google has said its systems block on the order of 15 billion unwanted messages a day. The practical consequence for a serious sender is that you can pass every technical check and still lose placement, because the audience has stopped engaging and the filter has noticed. A deliverability audit reads the technical layer and the behavioural one together, since in 2026 they are scored together.

What are the five layers a deliverability audit reads?

We work outward from the message to the infrastructure, because that is the order in which problems compound. A content issue on top of a reputation problem on top of a broken authentication record is three findings, and fixing the visible one first usually wastes a warm-up cycle. These are the layers, and what tends to be wrong in each.

  1. Authentication and alignment. SPF, DKIM and DMARC present, valid, and — the part most checks miss — aligned with the From domain. We look for SPF that exceeds the ten-lookup limit, DKIM keys still at 1024 bits where 2048 is now expected, selectors pointing at nothing after a DNS change, and a DMARC record stuck on p=none with no path toward enforcement.
  2. Reputation, domain and IP. Domain reputation outlives IP reputation and follows you across provider changes, so we read it first. We pull Postmaster Tools and SNDS, check blocklist status as a floor rather than a verdict, and look for the slow erosion that a complaint-rate dashboard hides.
  3. List and data quality. The single most controllable factor, and the most neglected. We look at how addresses are collected, validated and suppressed, at bounce handling that actually feeds back into the next send, and at the dead weight that drags engagement metrics down before content ever gets a vote.
  4. Content and engagement. Not subject-line cosmetics — the structural signals: a healthy text-to-link ratio, working and visible unsubscribe paths, sane image and tracking-domain setup, and whether the program is segmented so that engaged and unengaged recipients are not sent the same volume at the same cadence.
  5. Sending infrastructure. The layer most audits never open: how your IPs and domains are architected, whether streams are separated so a marketing misfire cannot sink transactional mail, how warm-up and volume ramps are paced, and whether your MTA’s throttling and backoff respect what the providers actually return.
The five layers, read from the message outward to the infrastructure
LAYER 1 — AUTHENTICATION & ALIGNMENT SPF · DKIM · DMARC present, valid, aligned with the From domain LAYER 2 — REPUTATION, DOMAIN & IP domain reputation outlives IP · Postmaster Tools · SNDS LAYER 3 — LIST & DATA QUALITY most controllable, most neglected: collection · validation · suppression LAYER 4 — CONTENT & ENGAGEMENT structural signals · text-to-link · working unsubscribe · segmentation LAYER 5 — SENDING INFRASTRUCTURE (where most audits never look) IP/domain architecture · stream separation · warm-up · throttle & backoff problems compound upward; read the base first
Problems compound upward: a content issue sitting on a reputation problem sitting on a broken authentication record is three findings, and fixing the visible one first wastes a warm-up cycle. The audit reads from the infrastructure base up, finds the deepest broken layer, and fixes that first — because a fix higher up does not hold while a layer beneath it is still wrong.
Reading layer one: is authentication actually aligned?
read-only audit — DNS 
# Does SPF stay within the 10-lookup limit, or silently overflow?
$ dig +short TXT example.com | grep spf1
"v=spf1 include:_spf.google.com include:sendgrid.net include:mktomail.com ~all"
# 11 lookups across the includes — over the limit, SPF returns permerror

# Is DMARC enforcing, or stuck on p=none with no path forward?
$ dig +short TXT _dmarc.example.com
"v=DMARC1; p=none; rua=mailto:[email protected]"
# p=none: reporting only — alignment failures are seen, not acted on
Layer one is where the cheapest, highest-impact findings hide. Here two are visible in seconds of read-only DNS lookups: an SPF record that exceeds the ten-lookup limit and therefore returns a permerror at receivers that enforce it, and a DMARC record parked on p=none — which reports alignment failures without ever rejecting the spoofed mail those reports describe. Neither shows up in an open-rate chart, and both are a single DNS edit to fix.

Where do most audits stop, and where does this one start?

A typical deliverability check reads the first four layers and calls the job done. That is enough to catch a missing DMARC record or a noisy list, and for many senders it is the right depth. It runs out of road precisely when the technical fundamentals are clean and placement still slips, because the cause has moved below the layer the check can see — into how the mail is actually being pushed onto the wire.

That fifth layer is our home ground. The same expertise that tunes a PowerMTA or KumoMTA estate — per-provider throttling, connection limits, VirtualMTA separation, backoff that recovers instead of looping — is what reads the infrastructure layer of a deliverability audit. A connection rate set higher than a provider tolerates earns deferrals that no amount of content work will fix. A single shared IP carrying both transactional and bulk streams ties two reputations together so that one bad campaign poisons the receipts. These are deliverability problems with their roots in operation, and they are invisible to a check that stops at the headers.

We do this without a stake in the answer. We resell neither IP space nor an ESP relationship nor a particular MTA, so the report has no commercial pull toward a product. For a market where much of the deliverability advice on offer is attached to the thing being sold, an independent reading is the point.

What do the monitoring tools show, and where do they stop short?

No single source tells the whole story, and treating any one of them as the verdict is how senders end up chasing the wrong fix. We triangulate across the provider tools and the public signals, and we are explicit about the blind spot in each. Where two sources disagree, the provider’s own data outranks any third-party panel.

Source What it surfaces Where it stops
Google Postmaster Tools v2 Pass/fail against Gmail’s requirements: authentication, one-click headers, spam rate, TLS. Gmail only. The legacy High/Medium/Low reputation grades were retired around 30 Sep 2025, so historical comparisons break.
Yahoo Complaint Feedback Loop Complaints from Yahoo and AOL recipients, fed back per stream. Needs DKIM-based enrolment, and reports complaints rather than placement.
Microsoft SNDS IP reputation, filter result and complaint data for mail to Outlook. IP-level, not per-domain; no authentication-compliance view like Gmail’s.
Spamhaus & public blocklists Whether an IP or domain is listed, and on which zone. A clean listing status does not mean good placement; most filtering is now reputation and engagement, not blocklists.
Seed / inbox-placement panels Where a test send lands across a panel of provider mailboxes. A sample, not your real recipients; useful as a directional reading, not a verdict.

Google’s move from the four-tier reputation grades to a pass/fail Compliance Dashboard changed the diagnostic question from “is my reputation good?” to “which requirement am I failing?” — a more actionable frame, and one the audit follows.

How does the audit run?

The engagement is short and structured, and it does not touch your sending until you decide to act on what it finds.

  1. Scope and access. We agree which domains, streams and providers are in play, and you grant read access to DNS, recent logs, Postmaster Tools and SNDS. No credentials to your sending platform are required to start.
  2. Read the five layers. We work from authentication out to infrastructure, recording each finding with the evidence behind it rather than a checklist tick.
  3. Measure against 2026 enforcement. Every finding is weighed against how Gmail, Yahoo and Microsoft actually filter now — the thresholds, the codes, the per-provider rules — not against last year’s best practice.
  4. Rank by cost to placement. Findings are ordered by how much inbox they are losing you, so the first thing you fix is the thing that moves the number most.
  5. Deliver and walk it through. You receive a written assessment and a working session to talk through it. What you do next, and with whom, is yours to decide.

What you receive

The deliverable is a written assessment, built to be used. Each finding is stated with its evidence, ranked by the placement it is costing, and labelled by the kind of work it needs: a DNS change you can make this afternoon, a sending-pattern adjustment, a data project, or a structural decision about infrastructure. Where a fix is a ten-minute edit, we say so. Where the honest answer is that the architecture is fighting you, we say that too, and we show the data behind it.

What you do not receive is a single reputation score and a calendar link. A number on its own tells you that something is wrong without telling you what, and it is the format favoured by audits whose real product is the upsell. The document is yours to keep and act on, in any order, with our help or without it.

The structure of the report follows the five layers rather than a generic checklist, so each finding is already attached to the layer it belongs to and the order in which it should be addressed. A broken authentication record at layer one is flagged ahead of a content tweak at layer four, because fixing the content while the authentication is failing changes nothing a receiver can see. Inside each layer, findings carry a plain estimate of effort and expected placement impact, so the person approving the budget can read the same document as the engineer making the change and reach the same conclusion about what to do first. That shared reading is most of the value: a deliverability problem usually persists not because nobody can fix it, but because the team cannot agree on which of five plausible causes to spend the next two weeks on.

When should you run a deliverability audit?

A deliverability audit earns its cost in a few recognisable situations. Several of these together is a strong signal that the distance between your program and the current rules has grown wide enough to be taxing every send. The cost of waiting is rarely a sudden block; it is the quiet compounding of a placement rate that slips a point or two a month until a campaign that once reached eighty-five percent of inboxes is reaching sixty, with every downstream metric — opens, clicks, revenue per send — scaled down by the same hidden factor. An audit is cheapest to act on when the drift is small, because the reputation it rebuilds is rebuilt in days rather than the weeks a deep slide demands. The free 25-point audit exists for exactly that reason: it is a fast directional read on whether the deeper engagement is worth scoping, before any figure is named. Most senders who run it find that one or two of the five layers carry the bulk of the loss — which is the point of running it: the audit narrows down where the budget should actually go, instead of spreading a fixed-price rebuild evenly across five layers when, in practice, only one or two of them were ever the thing actually dragging inbox placement down.

  • Open and reply rates drifting down slowly while delivery stays high — the signature of placement erosion rather than a list problem.
  • A clean spam-complaint rate paired with falling engagement, which usually points below the content layer.
  • A migration, a new IP, a domain change or an ESP switch that went in and was never validated against real inbox placement.
  • Bounce codes in the 550 5.7.x family appearing in your logs, which mean a 2026 requirement is failing outright.
  • Mail landing in spam for the same recipients who used to open it — a reputation or engagement signal, not a content one.
  • Growth into Spanish- or Portuguese-speaking markets, where local provider behaviour and list practices differ from the English-language playbook most guides assume.

None of these is proof on its own. Taken together, they are the cheapest possible warning — cheaper than the delivery incident they tend to precede, and far cheaper than discovering after a send that a sixth of your reach has been quietly going nowhere.

FAQ

Audit questions

How is a deliverability audit different from your PowerMTA audit?

A PowerMTA audit opens one engine — the configuration files, VirtualMTA mapping, domain policies and backoff rules of a running PowerMTA estate. A deliverability audit is wider and platform-agnostic: it looks at authentication, domain and IP reputation, list data, content and engagement across your whole sending program, whatever software sits underneath. The difference in practice is scope. If your problem is clearly inside PowerMTA, the PowerMTA audit is the sharper tool; if you are not sure where mail is leaking, the deliverability audit finds the layer first.

Do you need access to our sending platform or ESP?

Less than people expect. Read access to your DNS records, a window of recent logs, your Postmaster Tools and SNDS data, and a description of how your streams are split is usually enough to map the problem. We can work from exports and screen-shares. Nothing in your sending setup is changed during the audit — it observes and reports, and any fix is yours to approve and schedule.

We use a third-party ESP for some mail. Can you still audit it?

Yes, and the seam between an ESP and your own infrastructure is one of the first places we look. Senders who run marketing through an ESP and the rest through their own MTA carry two reputations, two sets of authentication records and two places for alignment to break. We check that SPF includes and DKIM selectors line up, that the streams are genuinely separated, and that the two are not quietly competing for the same domain reputation.

Will the audit just tell us to migrate or buy something?

No, because we have nothing to sell you on the other side. We do not resell ESPs, IP space or mailbox-provider relationships, so the report has no commercial reason to point one way. It says what the data shows: where placement is leaking, why, and whether the fix is a DNS change, a sending-pattern change, a list problem or, occasionally, an infrastructure decision. The choice stays with you.

How long does it take, and what does it cost?

A focused deliverability audit usually runs three to five business days, depending on how many streams and providers are in play and how quickly we receive the data. The free 25-point audit is the entry point and carries no charge. A full engagement is scoped once we have seen the shape of your program, so the figure reflects your sending rather than a list price.

Our spam rate looks fine but placement is still dropping. Is an audit worth it?

That is one of the most common reasons to run one. A spam complaint rate under the 0.30% line tells you that you are not being rejected outright; it says nothing about whether engaged recipients are seeing your mail in the inbox or the Promotions tab. Placement erosion with a clean complaint rate usually points at reputation drift, weak engagement segmentation or an infrastructure pattern — exactly the layers a content-only check never reaches.

Do these 2026 rules apply to us if we are not a marketing sender?

Partly. The 5,000-messages-a-day bulk threshold is counted per provider and applies to any domain crossing it, transactional or not — so a large transactional program still needs SPF, DKIM, DMARC and alignment. The one-click unsubscribe requirement is the exception: Gmail and Yahoo apply it to promotional and subscription mail, not to password resets, receipts or shipping notices. We map which rules bind which of your streams, since most senders run a mix.

What do we receive at the end?

A written assessment you keep. It lists each finding, ranks it by how much placement it is costing, and labels it plainly — a ten-minute DNS fix, a sending-pattern change, a data project or a structural decision. There is no score-and-sales-call: the document is built to be acted on, by your team, with us, or with anyone else.

Start with the audit.

Twenty-five points across authentication, reputation, infrastructure and compliance — a written assessment, no charge and no obligation. It tells both of us exactly what we are working with.

Request the free audit Talk to an expert