If you've had deliverability audits before, you probably got the same checklist: SPF exists, DMARC is set to something, bounce rate isn't alarming. Check, check, check. But that surface-level review misses the structural issues that quietly undermine everything else.
Here's what we dig into on every initial diagnostic call:
1. DNS Alignment Review (DKIM, SPF, DMARC)
We thoroughly examine the alignment between domains, subdomains, and sending sources to make sure each authentication method is configured correctly and consistently.
Most audits stop at "yes, DMARC is published." We want to know if it's actually aligned. Is your DKIM signing domain matching your From domain? Is SPF passing but DMARC failing because the envelope domain doesn't align? Are you using subdomains that aren't covered by your authentication setup?
Misalignment doesn't always break delivery immediately—but it creates fragility. One misconfigured tool or new sending source and suddenly nothing passes DMARC. Inbox providers notice.
What this looks like in practice: We pull your DNS records and map every sending source against your authentication setup. We verify that DKIM signatures, SPF records, and DMARC policies are all pointing at the right domains and actually aligned with how you're sending. If we find gaps—like a subdomain that's sending but not authenticating properly—we document exactly what needs to change and why.
2. Subdomain Separation Strategy
We look at how email traffic types are organized today—cold, marketing, transactional, product notifications—and identify where reputations are being blended in ways that could create fragility. We map out a cleaner approach that isolates risk and preserves trust.
Here's the issue: when everything sends from one domain, there's no firewall between use cases. A complaint spike from an outbound campaign affects your invoice emails. A deliverability issue in your newsletter drags down password resets. You lose control.
Most providers don't talk about this until something breaks. We address it upfront because separating reputations is easier before you have a problem than after.
What this looks like in practice: We review your current email inventory—every type of message you send and where it's coming from today. Then we design a subdomain architecture that creates clean separations: outbound prospecting on one subdomain, lifecycle marketing on another, transactional notifications on a third. Each gets its own reputation. If one channel has issues, the others stay protected. We also map out the warming plan so new subdomains build reputation gradually instead of starting cold at high volume.
3. DNS Record Cleanup and SPF Stability
We frequently find old records lingering from previous tools, pilots, and vendors. These can contribute to SPF lookup limits and create silent instability. We review which records are necessary, remove the rest, and ensure the authentication chain is both clean and resilient.
SPF has a hard limit: ten DNS lookups. Go over that and SPF fails—even if the record itself is technically correct. The problem is, most companies accumulate includes over time. Old ESPs, forgotten integrations, that tool you tested two years ago and never fully removed. Each one counts toward your limit.
We've seen records with fourteen lookups. Sixteen. Twenty. And nobody noticed until delivery started quietly degrading.
What this looks like in practice: We audit your SPF record line by line and identify every include, every redirect, every mechanism that triggers a DNS lookup. Then we verify which ones are still actively sending on your behalf. Anything that's not? Gone. We also flatten nested includes where possible and restructure the record to stay well under the ten-lookup limit with room to grow. The result is a stable, future-proof SPF setup that won't break the next time you add a new tool.
Bottom line: If your last audit gave you a green checkmark but didn't dig into these three areas, you probably have structural issues waiting to surface. We find them early.
We’d love to learn more about your business, email deliverability and outreach goals, and see if we might be able to help.
Whether you have questions about what we do, how Protocol works, or you’d just like to pick our brains on some of our best practices, we’d be happy to chat.
Schedule a call with our Revenue Director, Chrisley Ceme.
If you've had deliverability audits before, you probably got the same checklist: SPF exists, DMARC is set to something, bounce rate isn't alarming. Check, check, check. But that surface-level review misses the structural issues that quietly undermine everything else.
Here's what we dig into on every initial diagnostic call:
1. DNS Alignment Review (DKIM, SPF, DMARC)
We thoroughly examine the alignment between domains, subdomains, and sending sources to make sure each authentication method is configured correctly and consistently.
Most audits stop at "yes, DMARC is published." We want to know if it's actually aligned. Is your DKIM signing domain matching your From domain? Is SPF passing but DMARC failing because the envelope domain doesn't align? Are you using subdomains that aren't covered by your authentication setup?
Misalignment doesn't always break delivery immediately—but it creates fragility. One misconfigured tool or new sending source and suddenly nothing passes DMARC. Inbox providers notice.
What this looks like in practice: We pull your DNS records and map every sending source against your authentication setup. We verify that DKIM signatures, SPF records, and DMARC policies are all pointing at the right domains and actually aligned with how you're sending. If we find gaps—like a subdomain that's sending but not authenticating properly—we document exactly what needs to change and why.
2. Subdomain Separation Strategy
We look at how email traffic types are organized today—cold, marketing, transactional, product notifications—and identify where reputations are being blended in ways that could create fragility. We map out a cleaner approach that isolates risk and preserves trust.
Here's the issue: when everything sends from one domain, there's no firewall between use cases. A complaint spike from an outbound campaign affects your invoice emails. A deliverability issue in your newsletter drags down password resets. You lose control.
Most providers don't talk about this until something breaks. We address it upfront because separating reputations is easier before you have a problem than after.
What this looks like in practice: We review your current email inventory—every type of message you send and where it's coming from today. Then we design a subdomain architecture that creates clean separations: outbound prospecting on one subdomain, lifecycle marketing on another, transactional notifications on a third. Each gets its own reputation. If one channel has issues, the others stay protected. We also map out the warming plan so new subdomains build reputation gradually instead of starting cold at high volume.
3. DNS Record Cleanup and SPF Stability
We frequently find old records lingering from previous tools, pilots, and vendors. These can contribute to SPF lookup limits and create silent instability. We review which records are necessary, remove the rest, and ensure the authentication chain is both clean and resilient.
SPF has a hard limit: ten DNS lookups. Go over that and SPF fails—even if the record itself is technically correct. The problem is, most companies accumulate includes over time. Old ESPs, forgotten integrations, that tool you tested two years ago and never fully removed. Each one counts toward your limit.
We've seen records with fourteen lookups. Sixteen. Twenty. And nobody noticed until delivery started quietly degrading.
What this looks like in practice: We audit your SPF record line by line and identify every include, every redirect, every mechanism that triggers a DNS lookup. Then we verify which ones are still actively sending on your behalf. Anything that's not? Gone. We also flatten nested includes where possible and restructure the record to stay well under the ten-lookup limit with room to grow. The result is a stable, future-proof SPF setup that won't break the next time you add a new tool.
Bottom line: If your last audit gave you a green checkmark but didn't dig into these three areas, you probably have structural issues waiting to surface. We find them early.
Our Revenue Director, Chrisley Ceme, is leading the Triggered Outbound program.Chrisley’s gone deep on this strategy and can walk you through:
- How Triggered Outbound fits with your outbound goals
- What triggers are available (and what’s possible within our platform)
- Pricing, onboarding, and getting started
