DNS & Auth 6 min read

How to Audit a Cold Email Domain Setup in 15 Minutes

A 15-minute checklist for auditing any cold email domain setup before launching campaigns or diagnosing deliverability problems.

Whether you're onboarding a new client, launching a new domain, or diagnosing a deliverability problem — a complete domain audit should take about 15 minutes if you know what to check and have the right tools. Here's the exact process.

Minutes 0–3: Authentication checks

SPF check (1 minute): Open the SPF checker. Enter the sending domain. Confirm: SPF record exists, includes the correct ESP source, no duplicate records, under 10 lookups. Note any failures.

DKIM check (1 minute): Open the DKIM checker. Enter the domain (leave selector blank for auto-discovery). Confirm: at least one DKIM record found, key is valid, key is 2048-bit. Note the selector name.

DMARC check (1 minute): Open the DMARC lookup. Confirm: record exists, rua tag is set to a real email address, policy is set (p=none is fine for new domains).

Minutes 3–6: Infrastructure checks

Blacklist check (1.5 minutes): Open the blacklist checker. Enter the domain. Confirm: clean on all 16 RBLs. If any hits, note the blacklist name and severity.

Redirect check (1 minute): Open the redirect checker. Enter the domain. Confirm: all four variants work (http and https, root and www), no redirect chains, final destination is SSL.

Domain expiry (0.5 minutes): Open the domain expiry checker. Confirm: domain has 6+ months until expiry. Flag anything under 30 days as urgent.

Minutes 6–10: Tracking and sending setup

Tracking domain check (2 minutes): Open the tracking domain checker. Enter the tracking subdomain. Confirm: CNAME is set, NOT proxied through Cloudflare, SSL is working.

MX records (1 minute): Open the MX checker. Confirm: MX records exist and point to correct mail server. Sending domains should receive mail (important for reply routing and domain legitimacy signals).

rDNS check (1 minute) — for custom SMTP only: Open the reverse DNS checker. Enter the sending IP. Confirm: PTR record exists and forward-confirms. Skip if using GWS or M365 shared infrastructure.

Minutes 10–13: Live test

Inbox placement test (3 minutes): Run the placement test. This tests the full end-to-end sending path using the actual sending infrastructure. Result shows: where it lands (inbox/promotions/spam), authentication results as seen by the receiver. This is the most important check — it integrates everything above into a real-world result.

Minutes 13–15: Warmup status

Warmup readiness (2 minutes): Use the warmup readiness checker. Answer the questions about domain age, warmup duration, engagement, and spam signals. Confirms whether the inbox is ready for live sends.

Scoring the audit

After 15 minutes, you should know:

  • Auth status: pass/fail for SPF, DKIM, DMARC
  • Reputation status: blacklist clean or issues noted
  • Infrastructure status: redirect, tracking, MX all working
  • Readiness status: warmup complete or still in progress
  • Live placement: inbox, promotions, or spam

Any failures in auth or blacklist status are critical fixes. Infrastructure issues are important fixes. Warmup status determines launch readiness.

Use the launch checklist to track all of these in one place with links to each tool.

Run the checks first

Before replacing anything, run a free inbox placement test. You might find the issue is DNS, not the domain — and save yourself a week of unnecessary work.

Free inbox placement test Check burn score

More guides

SPF, DKIM, and DMARC for Cold Email: The Simple Fix GuideHow to Check if a DNS Error Is Killing Your DeliverabilityCold Email Setup Checklist: Domain, DNS, Tracking, and Sending Health