The Agency Problem with Email Deliverability
Email deliverability issues at agencies almost always follow the same pattern: a client's emails start going to spam, they call you, and you spend an hour diagnosing something that broke weeks ago — a DNS migration that overwrote SPF records, a new marketing tool that wasn't added to the SPF policy, or a shared IP that got blacklisted by another user.
By the time anyone notices, the client's sender reputation has already degraded. Fixing the records is the easy part — rebuilding reputation takes weeks.
DNS migrations break records silently
Moving a client to a new hosting provider or DNS manager is one of the most common causes of broken SPF and DKIM. Records get missed, selectors change, and nobody notices until emails stop arriving.
New tools don't get added to SPF
A client installs a new CRM or email tool. Nobody updates the SPF record. SPF fails for that sender. Emails from that tool go to spam — often for weeks before anyone notices.
Blacklistings happen without warning
Shared sending IPs can get blacklisted because of another account on the same infrastructure. Your client's emails get blocked through no fault of their own — and there's no notification.
What to Check for Every Client Domain
SPF
Verify that every ESP and sending tool the client uses is listed. Common issues: missing include: statements, exceeding the 10 DNS lookup limit, conflicting records from multiple tools.
DKIM
Confirm DKIM is enabled and the DNS records are correctly propagated. After any ESP migration, DKIM records need to be updated — old selectors become stale and validation fails.
DMARC
Every client domain should have a DMARC record. Start with p=none for new domains to collect reporting data without affecting delivery. Once SPF and DKIM are stable, move to p=quarantine.
v=DMARC1; p=none; rua=mailto:[email protected]
DMARC reporting gives you visibility into who else is sending from your client's domain — useful for catching unauthorized senders and phishing attempts.
Blacklist status
Check against Spamhaus, Barracuda, SpamCop and 10+ other lists. A single Spamhaus listing is enough to cause significant delivery failures at Gmail and Outlook.
How CheckLab Helps Agencies
Instant checks
Run a full SPF, DKIM, DMARC and blacklist check for any client domain in seconds. No setup, no configuration.
Daily monitoring
Pro plan monitors up to 10 domains every 24 hours. Get an email alert the moment something changes.
Fix suggestions
Every failed check includes a specific fix recommendation — what to do and where to do it.
Agency plan coming
50+ domains, white-label PDF reports for clients. Join the waitlist on the pricing page.
DMARC Policies Explained
When setting up DMARC for clients, the policy level determines what happens to email that fails SPF and DKIM checks:
- p=none — Monitor only. No action taken on failing emails. Use this to collect data and identify all legitimate senders before enforcing anything.
- p=quarantine — Failing emails go to spam. Good intermediate step once you've confirmed all legitimate senders pass authentication.
- p=reject — Failing emails are blocked outright. Maximum protection against spoofing and phishing. Only use when you're confident all legitimate senders are correctly authenticated.
For most agency clients, the recommended progression is: deploy p=none → review reports for 2-4 weeks → fix any legitimate senders that are failing → move to p=quarantine → eventually p=reject.
Check a client domain now
Free DMARC, SPF, DKIM and blacklist check. Or join the Agency waitlist for multi-domain monitoring.
Check a domain → Agency waitlist → Free check · No signup · Agency plan coming soon