The 15-Point Cold Email Deliverability Audit: Run This Before Every Campaign

By Puzzle Inbox Team · Apr 5, 2026 · 10 min read

A step-by-step checklist covering DNS, warmup, content, and monitoring. Run through these 15 points before launching any cold email campaign.

Why You Need a Pre-Launch Audit

The worst time to discover a deliverability problem is after you've sent 5,000 emails. By then, the damage is done. Your domain reputation is hit, your bounce rates are elevated, and every email you sent went to spam instead of the inbox. That's 5,000 prospects burned for nothing.

A pre-launch audit takes 30 to 45 minutes and catches the problems that would otherwise tank your campaign. I've seen teams skip this step to "save time" and then spend 3 weeks recovering a damaged domain. Do the audit every time. No exceptions.

Here are the 15 checks to run before every cold email campaign launch.

DNS and Authentication (Points 1 to 3)

1. SPF Record Exists and Is Valid

SPF (Sender Policy Framework) tells receiving email servers which servers are authorized to send email on behalf of your domain. Without a valid SPF record, your emails look like they could be coming from anyone, and email providers treat them with suspicion.

What to check: Your domain has an SPF record in DNS. The record includes the correct entries for your email provider (Google Workspace, Microsoft 365, etc.). The record doesn't exceed the 10 DNS lookup limit (a common mistake when using multiple services).

Run your domain through our DNS checker to verify your SPF record is valid and properly configured.

2. DKIM Signing Enabled and Passing

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails that proves they haven't been tampered with in transit. It's an authentication mechanism that tells receiving servers "this email really came from this domain and hasn't been modified."

What to check: DKIM signing is enabled in your email provider's admin panel. The DKIM DNS records are published and correct. Send a test email and check the headers to confirm DKIM is passing (look for "dkim=pass" in the authentication results).

3. DMARC Policy Set to Quarantine or Reject

DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together and tells receiving servers what to do when authentication fails. A DMARC policy of "none" is essentially useless. It monitors but doesn't protect. Set your policy to "quarantine" or "reject" to signal that you take email authentication seriously.

What to check: Your domain has a DMARC record. The policy is set to "quarantine" (p=quarantine) or "reject" (p=reject), not "none." The DMARC record includes a reporting email address so you can receive authentication failure reports.

All three DNS checks can be run simultaneously with our DNS checker. If any of these fail, stop and fix them before proceeding. Sending cold email without proper authentication is a guaranteed path to the spam folder.

Domain Health (Points 4 to 5)

4. Domain Not on Any Major Blacklists

Before sending a single cold email from a domain, check whether it's on any major email blacklists. This applies to newly purchased domains too. Some domains have been previously owned and may carry historical blacklist entries from a previous owner's spam activity.

What to check: Run your domain through a blacklist checker that queries Spamhaus, Barracuda, SORBS, and other major blacklist databases. If your domain appears on any blacklist, do not send cold email from it until the listing is resolved.

5. Domain Age Over 30 Days

Brand new domains have no sending history, which makes email providers suspicious. Domains less than 30 days old are significantly more likely to be flagged as spam, regardless of how good your authentication and content are.

What to check: Verify your domain was registered at least 30 days ago. If you just purchased it, wait. Use the waiting period to warm up your inboxes and prepare your campaigns. Some practitioners prefer 60 to 90 day old domains for even better initial deliverability.

Warmup and Sending Configuration (Points 6 to 7)

6. Warmup Completed for 14+ Days

Every inbox needs at least 14 days of active warmup before sending any cold email. Warmup sends and receives emails through a network of real inboxes, building positive engagement signals that establish your reputation with email providers.

What to check: Each inbox in your campaign has been actively warming for at least 14 days. Warmup volume has been gradually increasing over the period. Warmup emails are showing healthy inbox placement rates (check your warmup tool's dashboard).

Don't cut this short. I know it's tempting to start sending on day 7 because the warmup "looks good." 14 days is the minimum, and 21 days gives you a better safety margin.

7. Sending Volume Under 20 Per Inbox Per Day

Google Workspace inboxes should send 15 to 20 cold emails per day. Not 50. Not 100. 15 to 20. Outlook inboxes should send 3 to 5 per day for cold outreach. These limits exist because sending higher volumes from a single inbox creates patterns that email providers flag as automated bulk sending.

What to check: Your sending platform is configured to limit per-inbox daily sends to 15 to 20 for Google Workspace and 3 to 5 for Outlook. Total daily volume is distributed across enough inboxes to stay within per-inbox limits. Use our inbox calculator to verify you have enough inboxes for your target volume.

List Quality (Point 8)

8. Email List Verified With Under 2% Invalid Rate

Your entire email list must be verified through an email verification service before any emails are sent. The acceptable invalid rate after verification is under 2%. Above that, you're risking bounce rates that damage your domain reputation.

What to check: Every email address in your campaign has been through a verification service (ZeroBounce, MillionVerifier, Bouncer, or similar). The overall invalid rate is under 2%. Any catch-all domains have been handled appropriately (some senders exclude catch-all results, others include them with caution). Lists older than 30 days have been re-verified.

Email Content and Format (Points 9 to 13)

9. No Tracking Pixels Enabled

Tracking pixels are tiny invisible images embedded in emails that fire when the email is opened. They're used to track "open rates," but they create far more problems than they solve. Tracking pixels add HTML to your email (making it look more like marketing than a personal message), they trigger spam filters, and the data they provide is unreliable anyway (Apple Mail Privacy Protection and corporate security tools generate false opens constantly).

What to check: Open tracking is disabled in your sending platform. This is usually a per-campaign or account-level setting. Double-check it. Some platforms enable tracking by default.

10. No Links in First Email

Links in cold emails, especially first-touch emails, are a strong spam signal. Every link is scanned by email providers and corporate security tools. Some security tools click every link in incoming emails, which can trigger false engagement data and sometimes flag your sending domain.

What to check: Your first email in the sequence contains zero links. No website URLs, no LinkedIn profiles, no calendar links, no "unsubscribe here" links with URLs. Save links for follow-up emails after a prospect has engaged. The unsubscribe can be a simple text instruction ("Reply STOP to opt out") rather than a link.

11. Plain Text Format (No HTML)

HTML emails look like marketing campaigns. Plain text emails look like personal messages. Email providers know the difference, and recipients do too. For cold email, plain text wins on deliverability and reply rates.

What to check: Your emails are set to send in plain text format in your sending platform. No HTML formatting, no images, no embedded logos, no styled templates. If your platform inserts HTML by default, find the setting to disable it.

12. Email Under 100 Words

Long cold emails don't get read. More importantly for deliverability, long emails give spam filters more content to analyze, which means more chances to trigger a filter. Keep your first email under 100 words. Under 80 is even better.

What to check: Count your words. Seriously. Open your email template, highlight the body text, and count. If it's over 100 words, cut. Every sentence needs to earn its place. Run your copy through our copy analyzer for a full analysis.

13. No Spam Trigger Words

Certain words and phrases trigger spam filters more than others. "Free," "guaranteed," "act now," "limited time," "exclusive offer," and similar high-pressure sales language will hurt your inbox placement.

What to check: Run your email copy through a spam checker to identify potential trigger words. Review and replace any flagged terms with natural, conversational alternatives. Your email should sound like something a real person would write to a colleague, not like a marketing flyer.

Compliance and Operations (Points 14 to 15)

14. Unsubscribe Mechanism Present

CAN-SPAM requires an unsubscribe mechanism in commercial emails. For cold email, the simplest approach is a text-based opt-out: "Not interested? Reply STOP and I won't reach out again." This avoids adding a link (which would violate point 10 for first emails) while still giving recipients a clear way to opt out.

What to check: Every email in your sequence includes an unsubscribe instruction. Your sending platform or CRM is configured to honor opt-out requests automatically. You have a suppression list and it's checked before every campaign launch.

15. Reply Handling System Configured

Getting replies is the goal. But if nobody is monitoring the inbox and responding within 2 hours, you're wasting the entire campaign. Prospects who reply to cold emails have a short window of interest. Miss it and they've moved on.

What to check: Someone is assigned to monitor replies for every campaign. Response time target is under 2 hours during business hours. Out-of-office replies are being filtered so they don't clutter the queue. Negative replies and opt-outs are being processed immediately. Positive replies are being routed to the right salesperson or account manager.

The Quick-Reference Checklist

Print this out and tape it next to your monitor:

1. SPF record valid (check here)
2. DKIM signing passing (check here)
3. DMARC set to quarantine or reject (check here)
4. Domain not blacklisted (check here)
5. Domain age over 30 days
6. Warmup completed 14+ days
7. Sending volume under 20 per inbox per day
8. Email list verified, under 2% invalid
9. No tracking pixels
10. No links in first email
11. Plain text format
12. Under 100 words
13. No spam trigger words (check here)
14. Unsubscribe mechanism present
15. Reply handling system configured

If all 15 points pass, launch your campaign with confidence. If any point fails, fix it first. Every shortcut on this list is a deliverability risk that can undermine your entire campaign.