Skip to main content
SSC Brain
Email Deliverability Intelligence

Why Is Your Business Email Landing in Spam?

Since Google and Yahoo tightened bulk sender rules in 2024, and Microsoft followed in 2025, legitimate small business emails are quietly being rejected, sent to junk, or never delivered. The cause is almost always something invisible to the owner. We find it in 48 hours and hand you the exact DNS records to paste.

£495 + VAT
Request Your Audit

Your Report Covers Seven Dimensions

Every check we run on your domains, in plain English, with the actual records to paste. Methodology validated by running it on ourselves first.

25

Authentication Posture

SPF presence and validity, total DNS lookups (the RFC 7208 ten-lookup limit catches almost everyone), DKIM selectors found across 30+ provider profiles (Brevo, Resend, Mailchimp, Mailgun, SES, Klaviyo, ConvertKit, ActiveCampaign, HubSpot, Zoho, and others), DMARC syntax + policy + reporting destinations + alignment rules.

20

Domain & Sender Reputation

Live queries against the major domain blacklists (Spamhaus DBL, URIBL, SURBL, ivmURI) plus per-MX-IP checks on Spamhaus ZEN and Barracuda BRBL. Includes Cisco Talos web-reputation lookup on the domain. False-positive filter detects when public DNS resolvers have been rate-limited — most online checkers get this wrong and report false listings; we don't.

15

Inbox Placement

Where do your emails actually land? Seed-test sends from your real sending stacks to a battery of inboxes across Gmail, Outlook, Yahoo, Apple Mail, ProtonMail, and Fastmail. Inbox / Promotions / Spam tabulated per provider.

15

DMARC Intelligence

If aggregate reports already exist for your domain, we parse them: who’s sending as you, who’s failing alignment, what the pass rate trend looks like, and which sources are spoofing your brand. If no reports yet, we set up the reporting and tell you what to watch for.

10

Encrypted Transport & MX TLS Health

TLS-RPT, MTA-STS DNS marker AND policy file (the marker without the file is a common oversight). Plus a live STARTTLS conversation with every MX host: confirms TLS support, pulls the live certificate, checks subject, issuer, and expiry. Surfaces silent delivery failures before they cost you a customer.

10

Configuration Hygiene

Dangling DKIM records from services you no longer use. SPF includes pointing at platforms that left your stack years ago. DMARC records with subtle syntax errors that quietly break enforcement. The cruft that nobody cleans up.

5

Prescription

For every gap we find: the literal DNS record to paste, ordered by impact on deliverability. The plan for ramping DMARC enforcement safely from monitor to reject. The exact rollout sequence so nothing breaks during the change.

How It Works

1

Tell Us Your Sending Domains

Fill in the form below. List every domain that sends mail in your name (root domain, plus any subdomains for transactional emails or newsletters). Tell us which platforms you use to send. Three minutes.

2

We Run the Full Diagnostic

SPF / DKIM / DMARC / TLS-RPT / MTA-STS / BIMI authentication state across every domain. Domain blacklist checks across four major DBLs with proper false-positive filtering. Configuration hygiene scan for dangling records and broken syntax. Optional seed tests across major mailbox providers.

3

Receive Your Report

Within 48 hours: a professional PDF with per-domain grades, every finding ranked by severity, and the literal DNS records to paste in execution order. Plus a safe DMARC enforcement ramp plan so nothing breaks during the change.

What the Report Includes

  • Per-domain authentication grade (A through F) with a one-line summary
  • Full SPF record with DNS lookup count vs the RFC 10-lookup limit
  • DKIM selector scan across 30+ provider profiles, with the actual records found
  • DMARC syntax + policy level + reporting destinations + alignment rules, with any subtle errors flagged
  • TLS-RPT presence, MTA-STS DNS marker, MTA-STS policy file accessibility
  • BIMI status and the cost-benefit picture if you don’t have it yet
  • Domain blacklist status with false-positive filtering most online checkers miss
  • Dangling DKIM records and stale SPF includes from services you no longer use
  • If aggregate DMARC reports already exist: pass-rate trend, top legitimate senders, top sources of spoofing
  • Cross-domain reporting authorisation status if you run multiple sending domains
  • Seed-test results across Gmail, Outlook, Yahoo, Apple, ProtonMail, Fastmail (where access is available)
  • Prescription with the literal DNS records to paste, ordered by impact
  • Safe DMARC enforcement ramp plan (none → quarantine 25% → quarantine 100% → reject)
  • Per-platform configuration cheat sheets for Brevo, Resend, Mailchimp, Google Workspace, Microsoft 365
  • MX TLS health: live STARTTLS handshake with each MX host, certificate subject / issuer / expiry inspection
  • Sender reputation: MX-IP listings on Spamhaus ZEN and Barracuda BRBL, plus Cisco Talos web reputation
  • Professional PDF report, ready to share with your team or developer
  • Free 30-day re-check. Once your changes are live, reply to the email your report came attached to and we re-run the entire audit at no charge. Same methodology, same engine, side-by-side before-and-after PDF so you can see the impact in numbers.

Request Your Audit

Three minutes. The more detail you give, the more comprehensive your report. Fields marked * are required.

£495 + VAT

You
Your Sending Domains

Which domain(s) send mail in your name? Include your main domain plus any subdomains used for transactional emails, newsletters, or specific platforms. At least one is required; up to five.

Which Platforms Send Your Mail?

Tick everything you use. If you’re not sure, tick ‘Not sure’ and we’ll detect it from your DNS.

The SSC Brain Guarantee

If your report does not contain at least three insights you were not already aware of, you pay nothing. No questions, no hassle. We are confident in the quality of our analysis because we use it to run our own business every day.

Not Sure If This Is What You Need?

Book a 15 minute call. We will explain exactly what the audit covers, take a quick look at your domain, and tell you honestly if it’s worth your £495.

Book a Call Email Us

Or email directly: hello@sscbrain.co.uk