Email Deliverability Audit Checklist: DNS, Reputation, Content and Logs

Email delivery problems rarely come from a single cause. In real audits we run for dchost.com customers, poor inbox placement is almost always a mix of DNS gaps, weak IP reputation, content that annoys filters, and quiet error signals hiding in SMTP logs. The good news: if you approach it as a structured audit instead of random tweaks, you can usually turn a struggling sender around in a matter of weeks. In this guide, I’ll walk you through a practical email deliverability audit checklist you can reuse for your own domains, whether you’re sending from shared hosting, a VPS, a dedicated server or a hybrid setup. We’ll focus on four pillars: DNS records, IP and domain reputation, content and sending practices, and finally log and bounce analysis. Treat this as a repeatable playbook you can run quarterly, or any time you see open rates drop, complaint rates rise, or important transactional emails start disappearing.

1. Start With a Clear Map of Your Email Infrastructure

Before touching DNS or content, you need a precise picture of what is sending email for your domain today. Most deliverability issues come from something you forgot was sending on your behalf.

1.1 List all sending domains and subdomains

Make an inventory of every domain and subdomain involved in email:

• Primary domain (example.com)
• Transactional subdomains (e.g. mail.example.com, billing.example.com)
• Marketing subdomains (e.g. newsletter.example.com, updates.example.com)
• Legacy or forgotten brands still using your IPs or DNS

For each domain or subdomain, note:

• Where its DNS is hosted (our DNS, registrar DNS, third-party)
• Which server or service is actually sending (your cPanel, a VPS, an application server, or an external platform)
• Whether it sends transactional, marketing, or internal/IT notifications

1.2 Separate transactional and marketing traffic

If you send both transactional emails (password resets, order confirmations) and bulk marketing campaigns, mixing them on the same IP and domain increases risk. A poor campaign can damage the deliverability of critical system messages.

As part of your audit, decide whether you need:

• A dedicated sending subdomain for marketing (e.g. newsletter.example.com)
• A separate subdomain or even domain for high‑volume transactional mail
• Completely separate IPs for bulk vs critical traffic on your VPS or dedicated server

We explain the strategic side of this in detail in our guide on using separate sending domains for transactional and marketing emails. Your audit should at least confirm that your most important emails are not sharing an IP with risky, low‑engagement campaigns.

1.3 Capture current performance baselines

Before you change anything, capture today’s metrics so you can judge improvement:

• Average open rate by campaign type
• Spam folder placement (using test accounts at major mailbox providers)
• Hard bounce rate and soft bounce rate
• Complaint rate (abuse reports) if your sending solution exposes it

These numbers become your benchmark for the rest of the audit.

2. DNS Records Checklist: SPF, DKIM, DMARC and Friends

Mailbox providers treat your DNS zone as the “source of truth” about who is allowed to send for your domain and how they should verify that mail. Even one broken record can drag down deliverability.

2.1 SPF (Sender Policy Framework)

SPF tells recipients “these servers are allowed to send on behalf of this domain”. In your audit, check:

• Presence: Is there exactly one SPF TXT record for each sending domain?
• Content: Does it include all real senders (your hosting server, third‑party tools, CRM, etc.)?
• Syntax: Does it end with ~all or -all and pass an online SPF validator?
• Lookup count: Are you under the 10 DNS lookup limit (includes include:, a, mx, etc.)?

If you’re using many providers, SPF records can easily hit that 10‑lookup wall. In that case, consider SPF “flattening” or consolidating providers. We cover advanced techniques for this in our article on advanced SPF management for multiple email providers.

2.2 DKIM (DomainKeys Identified Mail)

DKIM attaches a cryptographic signature to each email so recipients can confirm that the content wasn’t altered and that it really came from a domain that controls the matching private key.

Your DKIM audit checklist:

• Enabled per sender: For each system that sends mail, confirm DKIM is turned on.
• Key length: Use at least 1024‑bit keys; 2048 is preferred for new setups.
• Selector hygiene: Use clear selectors per system (e.g. vps2025._domainkey.example.com).
• Alignment: The d= domain in DKIM should match or be a subdomain of your visible From domain to help DMARC.

2.3 DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC sits on top of SPF and DKIM and tells recipients what to do when messages fail authentication, plus where to send reports. Many organisations add a DMARC record with a relaxed policy and never look at it again; a good audit corrects that.

Check these DMARC aspects:

• Record existence: Is there a _dmarc.example.com TXT record?
• Policy: Are you still at p=none (monitoring only), or have you moved towards quarantine or reject?
• Reporting: Does rua= point to a mailbox you actually read or a DMARC reporting tool?
• Alignment mode: Are you using relaxed (adkim= r, aspf= r) or strict alignment, and does that match your domain architecture?

We go deeper into the value of reports (not just the record) in our article DMARC in context: why the reports matter more than the record. During your audit, at minimum verify you’re receiving and reviewing DMARC aggregate reports.

2.4 Reverse DNS (PTR) and HELO/EHLO

If you send from your own VPS or dedicated server, reverse DNS (PTR) is non‑negotiable. Many providers simply won’t trust mail from an IP without a correct PTR.

• Ensure the IP’s PTR resolves to a hostname you control, such as mail.example.com.
• Ensure that hostname has an A record pointing back to the same IP (forward‑reverse consistency).
• Configure your MTA (Postfix, Exim, etc.) so its HELO/EHLO name matches that hostname.

For a deeper dive into why PTR matters, see our explanation of what a PTR (reverse DNS) record is and how it affects email delivery.

2.5 Advanced DNS: MTA‑STS, TLS‑RPT, BIMI and DNSSEC (optional but valuable)

Once SPF, DKIM, DMARC and PTR are correct, advanced DNS records can add extra trust and security:

• MTA‑STS: Enforces TLS for inbound mail to your domain.
• TLS‑RPT: Lets receivers send you reports when TLS delivery fails.
• BIMI: Helps display your brand logo in some inboxes when DMARC is strong.
• DNSSEC: Protects DNS responses from tampering, indirectly boosting trust.

We summarise these in our article on MTA‑STS, TLS‑RPT and BIMI for email security and brand visibility. For an audit, it’s enough to record which of these you already use and whether their policies are valid.

3. IP and Domain Reputation: How the World Sees Your Mail

DNS tells recipients who should be sending; reputation tells them how your past behaviour actually looks. A clean technical setup can still perform badly if IPs and domains have a poor history.

3.1 Shared vs dedicated IPs

On shared hosting, your domain may share an outbound IP with many others. That can be fine when your provider actively manages abuse, but it also means your reputation is partly outside your control.

As part of your audit, note for each sending stream:

• Is it on a shared IP, dedicated IP, or a pool managed by an external sender?
• Does that IP send only your mail, or also other customers’ traffic?
• Are there signs of past abuse or blocklisting on that IP?

For high‑volume or high‑value transactional emails, a dedicated IP on a well‑configured VPS or dedicated server from dchost.com often makes reputation management easier. Our guide on dedicated IP warmup and email reputation management explains how to ramp up that IP safely.

3.2 Check major blocklists and reputation sources

Next, run your sending IPs and domains through reputable blocklist and reputation checkers. In your audit notes, record:

• Which IPs are currently on any real‑time blocklists (RBLs)
• Which domains show up on domain‑based blacklists
• Any “poor” reputation signals from large mailbox providers’ postmaster tools (if available)

If you discover listings, don’t rush to delist without understanding why you were listed. A good audit identifies the root cause: spam complaints, compromised accounts, a misconfigured script, or an old newsletter list imported without consent. Our article stuck on a blocklist? email sender reputation recovery walks through a calm, methodical recovery playbook.

3.3 Analyse engagement and complaint patterns

Mailbox providers heavily weigh user engagement:

• Opens and clicks (positive signals)
• Deletes without opening (neutral to negative)
• “This is spam” complaints (strongly negative)

Within your audit, split these metrics at least by:

• Transactional vs marketing streams
• New subscribers vs long‑time subscribers
• Country or region if you have a global audience

If one segment generates most complaints or bounces, that’s where you need to focus list hygiene and content changes.

3.4 IP warmup and volume consistency

Sudden spikes in volume from a relatively new IP are a classic trigger for extra scrutiny. Your audit should answer:

• Did we recently change IPs, hosting, or email infrastructure?
• Did sending volume jump sharply in the last 30–60 days?
• Are we sending at oddly low volumes for long periods, then big bursts for campaigns?

If yes, you may need a warmup or re‑warmup plan: gradually increasing volume, prioritising the most engaged recipients first, and avoiding large sends to cold, unengaged lists.

4. Content and Sending Practices: Surviving the Filters

Once the technical foundation is sound, content and list practices become the main lever. Filters look at far more than “spammy words”; they evaluate how people react to your messages over time.

4.1 Verify basic message headers

During the audit, pick live samples from each sending source and inspect their headers:

• From: Is the visible sender clear, consistent and recognisable to your users?
• Reply‑To: Does it point to a monitored mailbox?
• DKIM‑Signature: Is there a valid DKIM header with your domain?
• List‑Unsubscribe: Is there a one‑click unsubscribe header for bulk emails?
• Message‑ID: Is it properly formatted and unique per message?

4.2 Check HTML quality and text‑to‑image balance

Low‑quality HTML can hurt you even if your content is otherwise legitimate. Review sample emails for:

• Malformed or nested tags copied from visual editors
• Overly heavy templates with 100% image‑based content and almost no text
• Hard‑coded tracking domains that don’t support HTTPS
• Broken external asset links that might trigger warnings

A simple rule of thumb we use in audits: aim for a readable plain‑text alternative part, and ensure the HTML part would still make sense if images were disabled.

4.3 List hygiene and consent

Many reputation problems start with how addresses are added to your list, not with the content itself. Your audit should answer:

• Do we use double opt‑in for newsletters and promotions?
• Are old, inactive addresses automatically suppressed after repeated non‑engagement?
• Do we regularly remove hard bounces and long‑term soft bounces?
• Is there a straightforward unsubscribe link in every bulk email?

Cleaning a heavily abused list can feel painful in the short term (fewer contacts), but it almost always improves deliverability and engagement, especially on shared IPs.

4.4 Avoid common trigger patterns

Modern filters are smarter than simple keyword lists, but certain patterns still raise flags:

• Deceptive subject lines that don’t match the content
• Overuse of urgent language, all‑caps, or excessive punctuation
• Large attachments (especially archives or executables) in marketing emails
• Links that display one domain but redirect to another unrelated site

Use reputation‑friendly defaults: clear, honest subject lines, consistent branding, and landing pages that match what the email promised.

4.5 Sending frequency and cadence

Even well‑crafted emails can get filtered if you send them at the wrong pace. As part of the audit, examine:

• How often each segment receives campaigns (too often vs too rarely)
• Whether you send at the same local times each day/week, or in chaotic bursts
• Whether you change sender name or From address too often, confusing subscribers

A steady, predictable cadence helps filters build a consistent profile for your traffic. It also helps your infrastructure (and your dchost.com server resources) handle peaks more gracefully.

5. Log and Bounce Analysis: Listening to Your Mail Server

Logs and bounce messages are where recipients tell you, often very precisely, what’s going wrong. Skipping this step is like ignoring error messages in application logs when debugging a bug.

5.1 Understand SMTP status and bounce codes

Start by making sure your team is comfortable reading SMTP responses. At minimum, distinguish:

• 2xx: Success (message accepted)
• 4xx: Temporary issues (deferrals, greylisting, rate limiting)
• 5xx: Permanent failures (invalid recipient, policy blocks, spam rejections)

Our guide on understanding email bounce codes like 550, 554 and 421 explains how to interpret the most common ones and what action each implies. For a more SMTP‑level view, we also cover 4xx–5xx patterns in our article on SMTP error codes and bounce messages.

5.2 Review MTA logs on your hosting or VPS

If you control the sending server (Postfix, Exim, etc.), connect via SSH and examine log files, typically under /var/log/. For each major mailbox provider, look for:

• Repeated 4xx deferrals mentioning “rate limiting” or “temporary local problem”
• 5xx rejections mentioning “spam”, “policy”, “blacklist” or “content rejected”
• Authentication failures where SPF/DKIM/DMARC are explicitly cited

Group issues by receiving domain. If one provider is significantly stricter than others, you may need provider‑specific tweaks, such as gentler ramp‑up or content changes for that audience.

5.3 Track acceptance vs delivery vs engagement

Many teams stop at “the SMTP server accepted the message, we’re done”. For a proper deliverability audit, you want visibility across three layers:

• Acceptance: Did the remote MTA accept the message? (SMTP logs)
• Delivery: Is the message in inbox, promotions, or spam? (seed tests, user feedback)
• Engagement: Did the user open/click, or ignore/complain? (ESP or app metrics)

Combine these layers in your audit report so you can see if problems are primarily technical (non‑acceptance), filtering (spam placement), or engagement‑driven.

5.4 Automated monitoring and alerts

A one‑time audit is useful, but the real power comes when you wire insights into ongoing monitoring:

• Use log analysis tools on your VPS or dedicated server to spot spikes in 4xx/5xx rates.
• Set alerts if a specific provider’s rejection rate crosses a defined threshold.
• Regularly export or API‑pull your sending stats to look for trends over weeks/months.

If you already centralise server logs (e.g. Apache/Nginx) as described in our guide on centralised logging for multiple servers with ELK or Loki, extend that setup to include email logs as well.

6. Turn the Audit Into a Repeatable Checklist

Deliverability isn’t a one‑time project. Filters change, user behaviour shifts, and your sending pattern evolves as your business grows. The final step is to convert all these audit findings into a sustainable routine.

6.1 Define frequencies for each check

A practical schedule many teams use looks like this:

• Every send: Check that unsubscribe links work and that high‑risk segments are excluded.
• Monthly: Review complaint rates, engagement metrics, and top error codes.
• Quarterly: Run the full DNS and IP reputation review, including blocklist checks.
• Before big campaigns: Run inbox tests with seed addresses and verify that critical DNS records haven’t changed.

6.2 Assign clear ownership

In small teams, email can fall between marketing, IT and development. For your audit to stick, decide who owns:

• DNS and server settings: Usually hosting/IT or the DevOps team
• List hygiene and content: Usually marketing or CRM
• Monitoring and reporting: Shared, but with one person responsible for summary dashboards

Where we see deliverability fall apart most often at dchost.com is when no one feels responsible for the full chain end‑to‑end.

6.3 Document your baseline and improvements

End your audit by documenting:

• Initial metrics (opens, bounces, complaints, spam placement)
• Problems discovered (e.g. missing DKIM for one subdomain, outdated SPF, blocklisted IP)
• Actions taken (DNS fixes, list cleanup, IP warmup, content changes)
• Results after 2–4 weeks and after 2–3 months

This historical record is invaluable when you onboard new staff, change hosting, or migrate email systems. For a broader perspective on typical causes, our article on why emails go to spam on shared hosting and VPS complements the checklist you’ve just built.

Bringing It All Together (and What to Do Next)

A solid email deliverability audit is not about chasing a magic score in a single tool. It’s about seeing the full picture: DNS records that unambiguously identify your senders, IPs and domains with clean reputations, content and list practices that users actually like, and log analysis that tells you in plain language when something goes wrong. If you approach it methodically, you don’t need to be an email guru to get 80–90% of the benefits.

From the hosting side, that means making sure your DNS zone, PTR records, and mail server on your dchost.com shared hosting, VPS, dedicated server or colocated hardware are configured exactly as your audit prescribes. From the application side, it means disciplined list management and honest, useful messages. If you’re planning to change infrastructure soon, combine this audit with a review of your hosting resources; our guide on choosing the right email hosting architecture can help you decide whether to keep email on your hosting account, move it to a dedicated VPS, or mix approaches. Whichever route you choose, treat this checklist as a living document you revisit a few times a year. That’s how you keep important messages in the inbox, where they belong.