Agencies can help clients turn messy email authentication into a clear review packet. Use this checklist to scope the domain audit, gather evidence safely, and produce recommendations without asking for unnecessary credentials or promising delivery outcomes.
Scan a client domain first
Run a public DNS diagnostic before drafting client recommendations or asking for provider-specific evidence.
01$0Free scan
Check the public sender-auth records mailbox providers expect.
02$0Shareable action plan
Keep one URL with evidence, owner steps, and decisions.
03$49$49 fix plan
Add human review, provider context, and verification steps.
Optional. Most first scans can run with just the domain.
Checks Gmail, Yahoo, and Microsoft sender requirementsPublic DNS onlyNo mailbox login needed
Example result72/100Needs attention
Review DMARC policy strength before a high-volume send.
Public DNS evidence
DMARC/SPF/DKIM status and caveats are visible before you pay.
Owner-ready next step
The audit adds provider context and a verification checklist.
Get the exact fix plan for your domain.$49 readiness audit: prioritized owner actions, DNS evidence, and verification checks.
Client domains often accumulate senders through campaigns, CRMs, events, ecommerce, support tools, product systems, and one-off contractors. A DNS record can look simple while the actual business process behind it is scattered across teams.
A good agency audit separates evidence from assumptions: public DNS findings, client-supplied provider context, signed headers, and a cautious list of next checks.
Agency audit checklist
Confirm authorization and scope: Get written confirmation of which client domains, subdomains, and sender tools are in scope. A public DNS audit is low-access, but the client still needs to approve the review and any follow-up recommendations.
Separate audit evidence from admin access: Start with public DNS, provider setup screenshots supplied by the client, and signed test-message headers. Do not request DNS logins or mailbox passwords just to produce a readiness report.
Inventory every sender by business function: Group workspace mail, campaigns, CRM, ecommerce, product notifications, support desks, billing, events, and legacy SMTP tools. The fix plan is only as good as the sender inventory.
Check SPF and DKIM before policy advice: Look for duplicate SPF records, risky includes, lookup-limit pressure, and missing DKIM selectors. DMARC policy advice should wait until legitimate SPF or DKIM alignment is understood.
Write client-safe recommendations: Use language like review, candidate, and verify with DNS/admin team. Avoid claims that an agency can guarantee inbox placement, legal compliance, or mailbox-provider acceptance.
Client handoff structure
Give the client a short executive summary, the public scan findings, a sender inventory table, priority fixes, and safe DNS-review candidates only where the evidence supports them. Label anything provider-specific as a prompt to verify in the client's own admin console.
If the client wants recurring monitoring, define who receives alerts, who owns DNS changes, how false positives are reviewed, and how billing or cancellation evidence is recorded.
Agency audit FAQ
Can an agency audit a client domain without DNS access?
Yes for a diagnostic first pass. Public DNS, provider-provided records, and signed message headers can reveal many authentication issues. Publishing changes still requires the client's DNS owner or an approved secure access process.
Should every client use the same DMARC policy?
No. Policy depends on sender inventory, alignment evidence, business risk, and the client's tolerance for disruption. Start with monitoring evidence before recommending quarantine or reject.
Can agencies resell monitoring from a public scanner?
Only with clear scope, client consent, durable monitoring records, support process, and no-guarantee language. Monitoring is diagnostic change detection, not managed DNS or deliverability insurance.
Package the scan into a client-ready report
SenderReady readiness audits turn public DNS findings into cautious next checks for client conversations. Use the pricing path to request audit scope while payment remains in manual setup.