B2B Email Deliverability Audit: The 30-Point Checklist to Fix Inbox Placement (2026)
A SaaS client came to us confused. They were sending 15,000 emails a month from HubSpot. Open rates had dropped from 28% to 11% over six months. Their assumption? "Our content isn't resonating."
It wasn't a content problem. Their domain reputation had tanked. 38% of their emails were landing in spam. They'd never run a deliverability audit — didn't even know that was a thing.
Last updated: July 2026
Two weeks of fixes (mostly DNS records and list cleanup) brought them back to 26% open rates. No content changes. No design changes. Just infrastructure.
This is the 30-point checklist we use at Sotros for every client's email program. It takes 2–4 hours to run, and it's the single highest-ROI activity in email marketing.
Short answer: A B2B email deliverability audit covers three areas: authentication (SPF, DKIM, DMARC), reputation (sender score, blacklists, complaint rates), and list hygiene (bounces, engagement, segmentation). Gmail and Microsoft now enforce strict requirements — DMARC is mandatory for bulk senders, complaint rates must stay under 0.3%, and unauthenticated emails get rejected outright. Run this checklist quarterly.
Why Deliverability Matters More Than Subject Lines
Every "improve your email open rates" article focuses on subject lines and send times. That advice is useless if your emails never reach the inbox.
The math is brutal:
| Scenario | Emails Sent | Inbox Rate | Actually Received | Open Rate | Opens |
|---|---|---|---|---|---|
| Bad deliverability | 10,000 | 62% | 6,200 | 25% | 1,550 |
| Good deliverability | 10,000 | 95% | 9,500 | 25% | 2,375 |
| Difference | — | — | +3,300 | — | +825 |
Same email. Same subject line. Same audience. 53% more opens just by reaching the inbox. And that's before we talk about the downstream impact: more clicks, more leads, more pipeline from your lead nurturing workflows.
The 30-Point Checklist
Section 1: Authentication (Points 1–8)
These are non-negotiable. As of February 2024, Google and Yahoo require authentication for all bulk senders. Microsoft followed in 2025. If you're failing any of these, your emails are going to spam — full stop.
1. SPF Record Published ✅/❌
- Check: Run
dig TXT yourdomain.comor use MXToolbox SPF Lookup - Requirement: A valid SPF record listing all sending services
- Common failure: Missing your CRM, transactional email service, or cold outreach tool
- ⚠️ Watch the 10-lookup limit. SPF allows maximum 10 DNS lookups. If you use HubSpot + SendGrid + Mailchimp + Google Workspace, you can easily hit this. Use SPF flattening tools like AutoSPF to consolidate.
2. DKIM Signing Active ✅/❌
- Check: Send a test email, view headers — look for
dkim=pass - Requirement: 2048-bit DKIM key for every sending platform
- Common failure: Forgetting to enable DKIM on a secondary sending platform. Your CRM sends DKIM-signed emails; your cold outreach tool doesn't. Inbox providers notice.
- Use DKIM Validator to check signatures.
3. DMARC Record Published ✅/❌
- Check:
dig TXT _dmarc.yourdomain.com - Minimum:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com - Target: Work toward
p=quarantineand eventuallyp=reject - Google's DMARC guide walks through the progression.
4. DMARC Alignment ✅/❌
- Check: DMARC reports show "aligned" for both SPF and DKIM
- Requirement: "From" domain matches SPF and DKIM domains
- Common failure: Using a third-party ESP that sends from their domain, not yours
5. BIMI Record (Optional, Recommended) ✅/❌
- Check:
dig TXT default._bimi.yourdomain.com - Benefit: Displays your logo next to emails in Gmail and Apple Mail
- Requirement: VMC (Verified Mark Certificate) + DMARC at
p=quarantineorp=reject - Worth it for brand recognition, especially if you send high-volume email nurture campaigns.
6. Return-Path Alignment ✅/❌
- Check: Email headers show Return-Path matching your domain
- Common failure: ESP default bounce address uses their domain instead of yours
7. TLS Encryption ✅/❌
- Check: CheckTLS to verify TLS on your mail server
- Requirement: TLS 1.2+ for all outbound email
8. No "via" or "on behalf of" Warnings ✅/❌
- Check: Send to Gmail — does it show "via thirdpartyesp.com" next to your name?
- Fix: Configure custom Return-Path and DKIM signing to remove this warning
Section 2: Sender Reputation (Points 9–16)
Authentication gets you through the door. Reputation determines whether you reach the inbox or the spam folder.
9. Google Postmaster Tools Connected ✅/❌
- Setup: Google Postmaster Tools — free, takes 10 minutes
- Monitor: Domain reputation (High/Medium/Low), spam rate, authentication rates
- 🔴 If your spam rate exceeds 0.3%, you're in the danger zone. Google throttles delivery above this threshold. Below 0.1% is the target.
10. Microsoft SNDS Connected ✅/❌
- Setup: Smart Network Data Services — free
- Monitor: IP reputation, spam trap hits, complaint rates
11. Sender Score Check ✅/❌
- Check: SenderScore.org
- Benchmark: 80+ is good, 90+ is excellent, below 70 is a problem
- This aggregated reputation score predicts inbox placement across most providers.
12. Blacklist Check ✅/❌
- Check: MXToolbox Blacklist Check — tests against 100+ blacklists
- Action: If listed, follow the specific blacklist's delisting process. Most require you to fix the underlying issue (spam complaints, spam trap hits) before delisting.
13. Spam Complaint Rate ✅/❌
- Benchmark: Under 0.1% (1 complaint per 1,000 emails)
- Check in Google Postmaster Tools
- Common cause: Sending to people who didn't explicitly opt in, or sending too frequently
14. Hard Bounce Rate ✅/❌
- Benchmark: Under 2% per campaign
- Action: Any address that hard bounces should be permanently removed. Never retry a hard bounce.
- If you're above 2%, your list has hygiene problems that will damage reputation fast.
15. Unsubscribe Rate ✅/❌
- Benchmark: Under 0.5% per campaign
- Action: If consistently above 0.5%, you're either sending too often, sending irrelevant content, or emailing people who don't recognize your brand.
16. One-Click Unsubscribe Header ✅/❌
- Requirement: RFC 8058 List-Unsubscribe-Post header
- Google and Yahoo now require this for all bulk senders
- Check your email headers for
List-UnsubscribeandList-Unsubscribe-Post
Section 3: List Hygiene & Segmentation (Points 17–22)
Bad data is the fastest path to spam folders. Every invalid address, every unengaged contact drags down your sender reputation.
17. Email Verification on Import ✅/❌
- Action: Run every new list through a verification service before importing to your ESP
- Tools: ZeroBounce, NeverBounce, Hunter.io
- Never trust purchased lists. Even "verified" purchased lists have 10–25% invalid rates.
18. Engagement-Based Segmentation ✅/❌
- Action: Segment your list by engagement:
- Active (opened/clicked in last 90 days) → normal send frequency
- Fading (no engagement 90–180 days) → reduced frequency, re-engagement campaign
- Dormant (no engagement 180+ days) → sunset sequence, then remove
- Sending to dormant contacts tanks your reputation without generating value.
19. Role-Based Address Removal ✅/❌
- Action: Remove info@, support@, admin@, sales@ addresses
- These often route to shared inboxes, trigger spam complaints, and rarely convert
20. Spam Trap Detection ✅/❌
- Action: Run your list through a spam trap detection service quarterly
- Common sources: Old email lists with recycled addresses, scraped data
- Hitting even one spam trap can blacklist your IP
21. Duplicate Removal ✅/❌
- Action: Deduplicate across all sending platforms
- Common failure: Same contact exists in HubSpot, Mailchimp, and cold outreach tool — they get 3x the emails, complain, and tank your reputation.
22. Consent Documentation ✅/❌
- Action: Every contact should have documented opt-in source and date
- Required for GDPR, CAN-SPAM, CASL compliance
- Without this, you're legally exposed and ethically on thin ice.
Section 4: Domain & Infrastructure (Points 23–26)
23. Separate Domains for Cold Outreach ✅/❌
- Action: NEVER use your primary domain for cold email. Use a dedicated subdomain or separate domain.
- Example: Use
outreach.yourdomain.comoryourbrand.iofor cold campaigns - If cold outreach damages sender reputation, your marketing emails survive.
24. Domain Age & History ✅/❌
- Check: Whois lookup — domain should be 30+ days old before high-volume sending
- New domains need warmup (see Point 25)
25. Domain/IP Warmup Completed ✅/❌
- Action: For new domains, start at 20–50 emails/day and increase 20% every 2–3 days
- Timeline: 4–6 weeks to reach full volume
- Send to your most engaged contacts first (they'll open, click, reply — positive signals)
26. Dedicated vs. Shared IP ✅/❌
- Decision: If sending 50,000+ emails/month, use a dedicated IP
- Below that volume, shared IP through your ESP is fine — their reputation protects you
- Dedicated IP means your reputation is 100% your own — good if you're disciplined, dangerous if you're not
Section 5: Content & Technical (Points 27–30)
27. HTML/Text Ratio ✅/❌
- Benchmark: At least 60% text, maximum 40% HTML/images
- Check: Spam filters flag image-heavy emails
- B2B emails should be mostly text anyway — executives don't want a newsletter that looks like a magazine ad
28. Spam Trigger Word Check ✅/❌
- Action: Scan subject lines and body for common triggers
- Tools: Mail-Tester (free, excellent)
- Triggers to avoid in subject lines: "FREE!!!", "Act Now", "Limited Time Offer", "Guaranteed"
- B2B-specific: "Exclusive opportunity", "You've been selected", "Urgent action required"
29. Sending Consistency ✅/❌
- Benchmark: Maintain consistent volume week-over-week (±20%)
- Red flag: Sending 500 emails one week, 5,000 the next — looks like spammer behavior
- Use send-time optimization to spread delivery evenly
30. Full Header Verification ✅/❌
- Action: Send a test email to yourself, click "Show Original" in Gmail
- Verify all PASS: SPF ✅, DKIM ✅, DMARC ✅
- This takes 60 seconds and catches misconfigurations before they damage your reputation
The Quick "Am I Broken?" Test
Don't have time for all 30 points? Do these three tests right now:
Test 1: Send to Gmail, check headers (2 minutes) Send yourself an email from your marketing platform → Open in Gmail → Click ⋮ → Show Original → Check SPF, DKIM, DMARC all show PASS.
Test 2: Mail-Tester score (2 minutes) Go to mail-tester.com → Send a test email to the unique address → Check your score. 9/10 or higher = healthy. Below 7 = problems.
Test 3: Google Postmaster spam rate (5 minutes) Open Google Postmaster Tools → Check spam rate for last 30 days → Below 0.1% = excellent. Above 0.3% = emergency.
If any of these fail, run the full 30-point audit immediately.
Fixing the Most Common Failures
"My DMARC is at p=none and I'm afraid to change it"
This is the most common situation we see. Here's the safe progression:
| Phase | DMARC Policy | Duration | What to Watch |
|---|---|---|---|
| 1 | p=none; rua=mailto:dmarc@... |
2–4 weeks | Monitor reports for legitimate sources failing alignment |
| 2 | p=quarantine; pct=10 |
2 weeks | Quarantine 10% of failures, monitor impact |
| 3 | p=quarantine; pct=50 |
2 weeks | Expand to 50% |
| 4 | p=quarantine; pct=100 |
2 weeks | Full quarantine |
| 5 | p=reject |
Ongoing | Maximum protection |
The key is monitoring DMARC aggregate reports (rua) at each stage. Tools like Valimail and dmarcian make these reports human-readable.
"My sender reputation dropped suddenly"
Check, in this order:
- Did you import a new list recently? (Likely contains spam traps)
- Did your bounce rate spike? (ESP hygiene issue)
- Did you change sending platforms? (Authentication may be broken on new platform)
- Did you increase volume suddenly? (Warmup violation)
- Are you on a blacklist? (Check MXToolbox)
"My open rates dropped but nothing changed"
The #1 cause we see: another department started sending from the same domain without proper authentication. Sales team launched cold outreach from the primary domain, tanked reputation, and marketing's carefully maintained program suffered the consequences.
This is why Point 23 (separate domains) is critical.
Quarterly Audit Schedule
| Quarter Task | What to Check | Time |
|---|---|---|
| Authentication refresh | SPF, DKIM, DMARC alignment across all sending platforms | 1 hour |
| Reputation check | Google Postmaster, SenderScore, blacklist scan | 30 min |
| List hygiene | Remove dormant contacts, re-verify old addresses, deduplicate | 2 hours |
| DNS changes review | Did any infrastructure changes break authentication? | 30 min |
Total: ~4 hours per quarter. The ROI of catching a deliverability issue before it damages your reputation is 10x the cost of fixing it after.
How This Connects to Your Broader Marketing Stack
Deliverability isn't isolated. It affects your entire demand generation engine:
- Lead nurturing effectiveness — bad deliverability means your nurture sequences aren't reaching leads
- Cold outreach ROI — if your outbound emails hit spam, your SDR team is wasting time
- Attribution accuracy — multi-touch attribution breaks when email touches go undelivered
- Customer communication — even transactional emails (invoices, onboarding) suffer from reputation issues
Need Help Running This Audit?
If your B2B email open rates have dropped below 20%, your cold outreach reply rates are under 2%, or you've never run a formal deliverability audit — there are almost certainly quick wins hiding in your infrastructure.
We help B2B companies diagnose and fix deliverability issues as part of broader digital strategy and email marketing engagements. The audit itself typically takes 2–4 hours; the fixes usually take 1–2 weeks. Request a free email deliverability check →
Frequently Asked Questions
How This Fits Into Our Work
This article is part of how we deliver Email Marketing, Lead Generation and Digital Strategy for teams in SaaS, B2B Professional Services and Education. If you're facing similar challenges, we can help you build the infrastructure to address them systematically.