What is the realistic timeline to receive the audit?

Small Pool Audit (2-4 IPs): 5 business days from access provisioning. Standard Pool Audit (5-12 IPs): 7-10 business days. Enterprise Pool Audit (above 12 IPs): 10-14 business days. The largest variable is access to Validity, Postmaster, SNDS, and ESP dashboards; with read-only access provided on day 1 the timelines compress by 1-2 days. The audit cannot run faster than the rolling measurement windows of the underlying sources allow; Validity uses 30-day rolling, Postmaster 7-day, SNDS 24-hour, blocklist sweeps real-time. The audit snapshot represents the current state at the time of execution; reputation can drift in either direction during the audit window itself, and the readout call discusses any drift observed during the audit period.

Can the audit recommend specific blocklist delisting actions?

Yes, the audit identifies all blocklist presences observed during the sweep and prioritizes the delisting actions by severity tier. Spamhaus delisting requires fixing the underlying issue first, then submitting via the Spamhaus removal tool; typical 24-48 hour processing. SpamCop auto-delists after 24-48 hours without new complaint signal. Barracuda requires manual request with evidence of underlying remediation. UCEPROTECT Level 1 auto-expires after approximately 1 week without new spam activity; UCEPROTECT Levels 2 and 3 target subnets and ASNs respectively and require ISP-level remediation rather than per-IP action. The audit document includes the exact submission URLs and the recommended sequence; the customer team or the optional Recovery engagement executes the submissions.

Five sources per IP · 25+ DNSBLs · keep, recover, replace decisions

Five sources per IP in the pool, no averages that hide the bad ones.

Reputation averages mislead operators when the pool contains heterogeneous reputation states across pool members. A domain reputation showing High in Gmail Postmaster Tools can hide two or three pool IPs sitting in Medium or Low that drag the realized throughput well below the domain-level signal. A Sender Score average of 82 across the pool can mask one IP at score 45 receiving 30 percent of daily volume because of round-robin load balancing. The focused audit examines each IP individually against five independent reputation sources: Validity Sender Score via senderscore.org per IP, Google Postmaster Tools IP-level field independent of domain reputation, Microsoft SNDS color status with complaint and trap data, blocklist sweep across 25 to 41 active DNSBLs prioritized by 2026 severity tiers (Spamhaus ZEN gold standard, Barracuda BRBL enterprise gateway primary, then SpamCop, UCEPROTECT levels, Mailspike, SpamRATS, PSBL), and observable complaint rate from FBL feeds aggregated per source IP. The deliverable is a 20 to 35 page document with per-IP scoring across all five sources, top 5 to 10 prioritized actions, and explicit keep or recover or replace recommendations per pool member. EMP does not execute remediation as part of this engagement; the customer team decides to act internally or engages EMP separately for the Sender Score Recovery or Reputation Recovery work.

5sources per IP

Validity + Postmaster + SNDS + DNSBL + FBL

25-41active DNSBLs

Tier 1/2/3 prioritized 2026

3B+mailboxes Spamhaus

Gold-standard coverage

5-14ddelivery timeline

Pool size dependent

Start audit See the 5 sources

The five reputation sources · each query at IP granularity

Why one source is not enough to diagnose pool health.

Each of the five sources surfaces a different aspect of reputation and operates on a different measurement window. Querying just one source misses the dimensions the other four cover; querying all five surfaces hidden patterns that the per-source isolated view does not reveal. The audit aggregates the five into a unified per-IP scorecard.

Source 01

Validity Sender Score

Rolling 30-day · senderscore.org

Percentile rank 0-100 vs other sending IPs in Validity Data Network of 60M+ mailboxes across 80+ providers. Drives Proofpoint and Mimecast filtering.

Source 02

Gmail Postmaster V2

Compliance Status + Spam Rate dashboards

Gmail PMT V2 retired the High/Medium/Low/Bad grades in late 2025. Current signal: Compliance Status (SPF/DKIM/DMARC/TLS/forward-reverse DNS pass-fail) and Spam Rate time series. Hard limit 0.3%, target below 0.1%.

Source 03

Microsoft SNDS

24-hour cadence · color status

Red, yellow, green per IP plus complaint rate and trap hit count. Drives Outlook, Hotmail, and Microsoft 365 deliverability.

Source 04

DNSBL sweep

Real-time · 25-41 active lists

Spamhaus ZEN gold standard, Barracuda BRBL enterprise primary, SpamCop, UCEPROTECT, plus Mailspike, SpamRATS, PSBL secondary signals.

Source 05

FBL complaint rate

Per-campaign per source IP

Observable complaint rate from Gmail, Yahoo, AOL, Hotmail FBL streams aggregated per source IP. Catches issues before they show up at Validity.

The five sources cover non-overlapping dimensions. Validity scores reputation as observed by 80+ mailbox and security providers but does not include direct Gmail or Microsoft telemetry; Gmail and Microsoft run their own internal models that Validity does not see. Postmaster and SNDS capture the receiver-specific signals. DNSBLs catch listings that affect enterprise corporate gateways running Barracuda, Proofpoint, or Mimecast. FBL complaint rate is the leading indicator that surfaces issues 7 to 14 days before Validity reflects them.

The temporal cadence of each source matters for interpretation. FBL complaint rate is the fastest-moving signal, observable per campaign within minutes to hours of the send; a spike foreshadows the Postmaster signal change in 3-7 days and the Validity Sender Score change in 14-21 days. The audit document calls out the FBL trajectory per IP alongside the static snapshot of the other four sources, so the customer team sees not just where reputation is today but where it is moving.

Sample audit output · per-IP scoring with all five sources visualized

What the deliverable actually looks like.

The audit document delivered to the customer contains the per-IP scoring table below as the headline visual, followed by detailed analysis per IP, prioritized action list, and explicit keep or recover or replace decision per pool member. The sample below shows a real anonymized 6-IP pool audit where the pool average reputation hid significant variance across pool members.

Sample audit · 6-IP pool · B2B SaaS

Pool average hides one critical IP and two warning IPs

Pool Sender Score average: 78 · Gmail PMT compliance: all pass

Note: this sample uses the Gmail PMT V1 reputation grades (High/Medium/Low/Bad) for illustrative purposes. The V1 grades were retired in late 2025; current audits use the V2 Compliance Status and Spam Rate signals alongside the other four sources, but the per-IP variance phenomenon shown here remains identical.

IP address	Volume %	Sender Score	Postmaster	SNDS	DNSBL	FBL rate	Decision
203.0.113.10 primary	22%	92	High	Green	Clean	0.04%	KEEP
203.0.113.11 primary	20%	88	High	Green	Clean	0.07%	KEEP
203.0.113.12 secondary	18%	74	Medium	Yellow	Clean	0.18%	RECOVER
203.0.113.13 secondary	15%	76	Medium	Green	Clean	0.14%	RECOVER
203.0.113.14 marketing	15%	84	High	Green	Clean	0.09%	KEEP
203.0.113.15 marketing	10%	48	Bad	Red	Spamhaus	0.42%	REPLACE

The 203.0.113.15 IP is the critical finding. The pool Sender Score average of 78 includes this IP at 48 weighted at 10 percent of volume; remove this IP from the calculation and the average rises to 82.8. The domain reputation showing High in Gmail Postmaster hides that one pool IP is at Bad, which Gmail handles by attributing complaints from that IP to its IP-level reputation rather than dragging the domain-level signal proportionally. The IP carries Spamhaus listing for a complaint spike in the previous 14 days that the customer operations team had not detected because the pool-level dashboard showed acceptable averages. The audit surfaces this in the first 48 hours and the recommended action is replacement: the cost of recovering a Spamhaus-listed IP exceeds the cost of warming a new IP, particularly for a 10-percent-of-volume IP where the warmup risk is contained.

Decision · Keep

Healthy across at least 4 of 5 sources

Sender Score above 85, Postmaster High, SNDS Green, no blocklist presence, FBL complaint rate below 0.1 percent. Reputation stable across rolling windows. No intervention required; IP continues production traffic.

Typical: 50-70% of pool IPs

Decision · Recover

1-2 sources degraded, recoverable

Sender Score 70-84, Postmaster Medium, SNDS Yellow, no Tier 1 blocklist presence, FBL rate 0.1-0.3 percent. Causes remediable; IP carries enough historical reputation to justify recovery investment versus replacement.

Typical: 20-35% of pool IPs

Decision · Replace

3+ sources critical or active blocklist

Sender Score below 70, Postmaster Bad, SNDS Red, active Tier 1 DNSBL (Spamhaus or Barracuda), FBL rate above 0.3 percent. Faster to abandon than recover; new IP warmup contained versus recovery cost.

Typical: 5-15% of pool IPs

DNSBL universe in 2026 · severity tiers and decommissioned lists

Which blocklists actually matter today.

The DNSBL universe shifted significantly during 2024-2026 with several historically referenced lists decommissioned or shut down. The audit checks only the lists that are still active and that drive real deliverability impact at receivers customers care about; checking 100 dead lists is the noise that obscures the signal from the 25 to 41 lists that matter.

Blocklist	Severity	Delisting	2026 status
Spamhaus ZEN SBL + XBL + PBL combined	Tier 1	24-48h manual	Gold standard, protects 3B+ mailboxes, founded 1998. Tier 1 critical for Gmail, Outlook, Yahoo, and enterprise gateways.
Spamhaus DBL Domain blocklist	Tier 1	24-48h manual	Domain-based, separate from ZEN. Listed domains face severe filtering at all major receivers.
Spamhaus CSS Composite Spam Sources	Tier 1	24-48h manual	Separate from ZEN. Snowshoe and bulk sender patterns trigger CSS even without traditional spam behavior.
Barracuda BRBL Enterprise gateway primary	Tier 1	Manual request	Enterprise corporate gateways (Barracuda, Proofpoint, Mimecast). Tier 1 for B2B deliverability.
SpamCop Community-driven	Tier 2	Auto 24-48h	Auto-delist after 24-48h without new complaint signal. Only major blocklist with auto-delisting.
Mailspike Heuristic + behavioral	Tier 2	Manual request	Behavioral patterns and reputation scoring. Used by smaller mail servers and some corporate gateways.
SpamRATS RATS-Dyna, RATS-NoPtr, RATS-Spam	Tier 2	Manual request	Dynamic IPs, missing PTR, observed spam. Niche corporate gateway use.
UCEPROTECT Level 1 Per-IP listing	Tier 3	Auto ~1 week	Auto-expires after ~1 week without new spam. Limited direct impact on major mailbox providers.
UCEPROTECT Level 2 / 3 Subnet / ASN level	Tier 3	ISP action req'd	Targets entire subnets and ASNs. Requires ISP-level remediation rather than per-IP action. Controversial 249 CHF express delisting.
SORBS Spam and Open Relay Blocking	Dead	n/a	Decommissioned June 2024. Many zones no longer resolve. Ignore if a checker flags this.
NiX Spam ix.dnsbl.manitu.net	Dead	n/a	Shut down January 2026. Operator discontinued service.
AUPADS / WPBL / Lashback Various legacy lists	Dead	n/a	WPBL shut down 2024, AUPADS high false positive rate, Lashback offline since 2021. Skip in 2026 audits.

The Tier 1 lists are where the audit focuses primary attention. Spamhaus listings and Barracuda BRBL listings produce real deliverability impact at receivers that customers actually care about; the other tiers contribute supplementary signal but rarely change the keep, recover, or replace decision on their own. Tier 3 lists, particularly UCEPROTECT Levels 2 and 3, target subnets and Autonomous Systems rather than individual IPs; a listing there reflects the hosting provider's broader network rather than the customer IP's behavior, and the remediation is contacting the hosting provider rather than per-IP delisting. The audit documents the listings observed but assigns severity weighting that matches the realistic impact rather than treating all listings as equal.

The audit process · four phases · 5 to 14 business days

How the engagement runs end-to-end.

The phases run sequentially with the rolling measurement windows of the underlying sources as the structural constraint. The audit cannot execute faster than the windows allow: Validity needs 30-day data, Postmaster 7-day, SNDS 24-hour, blocklist sweeps real-time. The audit snapshot represents the current state at the time of execution.

Phase 01

Day 1-2

Access + inventory

NDA, IP pool inventory, access provisioning to Validity, Postmaster, SNDS, ESP dashboards, FBL feeds.

Phase 02

Day 2-7

Source queries

Per-IP queries across all five sources, DNSBL sweep across 25-41 active lists, FBL aggregation per source IP, volume weighting calculation.

Phase 03

Day 7-10

Analysis + scoring

Per-IP scoring aggregation, keep/recover/replace decision per pool member, prioritized action list, document drafting.

Phase 04

Day 10-14

Readout + delivery

Document finalization, 60-120 minute readout call covering findings and recommendations, optional workshop in Plus tier.

Honest assessment · when the audit is not the right engagement

Single-IP environments do not need this audit.

The audit produces value when the pool contains heterogeneous reputation that pool averages hide. For single-IP environments the audit value collapses because there is no pool variance to surface; the customer can run the same five-source check via senderscore.org, Gmail Postmaster, SNDS, MXToolbox, and ESP dashboards in 2-3 hours of internal work. EMP charges 1,450 USD minimum for the audit because the analytical work of comparing pool members and identifying volume-weighted variance is the engagement; for a single IP that work does not exist and the engagement should not be sold. The diagnosis call identifies this scenario and EMP explicitly recommends the customer team run the single-IP check internally; approximately 8 percent of inbound audit inquiries terminate at the diagnosis call with this recommendation. The Sender Score Recovery or Reputation Recovery engagement is the right answer for single-IP environments with known reputation issues; the audit is the wrong shape for that scenario.

Transparent pricing · four audit tiers by pool size

Per-pool sizing, no per-IP charges.

All four tiers are fixed-fee. Tier selection follows pool size with the Audit Plus Workshop adding a 4-hour technical session for customer teams planning to execute remediation internally. The audit fee credits toward subsequent EMP recovery engagements when applicable.

Small Pool

2-4 IPs · 5 business days.

$1,450 USD fixed

Per-IP scoring all 5 sources
20-page document
Top 5 prioritized actions
Keep/recover/replace decision per IP
60-min readout call
No execution obligation

Start Small Pool

Standard Pool

5-12 IPs · best fit most.

$2,900 USD fixed

Per-IP scoring all 5 sources
25-page document
Top 10 prioritized actions
Variance vs average analysis
90-min readout call
7-10 business day delivery

Start Standard Pool

Enterprise Pool

12+ IPs or multi-tenant.

$5,800 USD fixed

Full per-IP scoring
35-page document
Per-tenant segmentation analysis
Executive summary deliverable
2-hour readout call
Workshop included

Discuss Enterprise

Audit Plus Workshop

Standard + 4h workshop.

$4,400 USD fixed

Standard Pool Audit included
4-hour technical workshop
Internal execution playbook
Q&A with customer ops team
Designed for internal remediation
Saves $1,000 vs separate booking

Start Audit Plus

What the deliverability lead, network ops, and CFO ask

The real questions before signing the audit SOW.

"Why pay for an audit when MXToolbox is free?"

MXToolbox and similar checkers run one of the five sources (DNSBL sweep) and produce a list of present and absent listings; the value is real but the scope is partial. The audit engagement covers four additional sources MXToolbox does not see (Validity, Postmaster, SNDS, FBL) and produces per-IP scoring that aggregates the five into a unified picture with explicit keep, recover, or replace decisions. The analytical work is comparing pool members against pool-level signal to surface hidden variance, identifying which pool member is dragging the average, calculating volume-weighted contribution per IP, and writing the prioritized action list. MXToolbox returns the DNSBL data; the audit interprets the data alongside four other dimensions in the context of the customer's specific pool architecture and traffic patterns. The customer can run MXToolbox internally; the analytical interpretation requires expertise the audit packages as a standalone deliverable.

"What if we already know which IP is the problem?"

If the customer team has already identified the problematic IP and only needs remediation, the audit is unnecessary; the Sender Score Recovery or Reputation Recovery engagement is the right answer. The audit value applies when the pool contains hidden variance that the customer team has not yet identified; if the team has done the per-IP analysis and confirmed which IPs are healthy versus problematic, EMP skips the audit and runs the recovery engagement directly. The diagnosis call separates these cases: customers with documented per-IP analysis go to recovery; customers without it go to audit first. Approximately 30 percent of inbound audit inquiries are actually recovery cases that the customer team confused with audit; the diagnosis call surfaces the misalignment and recommends the correct engagement.

"How does EMP access Microsoft SNDS and Gmail Postmaster?"

Both require customer-side authorization because the data is private to the IP owner. Gmail Postmaster Tools requires the customer to add EMP's audit Google account as a delegate, which the customer can do in 5 minutes through the Postmaster Tools interface; alternative is the customer team pulls the data and shares the export. Microsoft SNDS requires the customer to add EMP's audit Microsoft account to their SNDS authorized users; same 5-minute setup. Validity Sender Score does not require special access because senderscore.org permits anonymous IP queries (free tier with rate limits) and the EMP audit account has the Validity API access for higher-volume querying. DNSBL sweeps do not require customer-side access because the lists are public DNS queries. The access provisioning happens during Phase 01 of the engagement and is the only customer-side dependency before EMP starts the source queries.

"Does the audit work for ESPs auditing their customer pools?"

Yes, ESP-of-record use case is one of the audit's primary customer segments. ESPs onboarding new customers run the audit to verify the pool reputation state at the moment of onboarding rather than discovering issues 30-90 days later when the reputation has already infected the ESP's shared infrastructure. The audit also runs as the diagnostic when an existing ESP customer's deliverability degrades and the ESP needs to determine whether the issue is the customer's pool, the ESP's infrastructure, or external factors. For ESP use cases the Enterprise Pool tier typically applies because the audited pool spans multiple tenants the ESP serves; the per-tenant segmentation analysis included at that tier surfaces which tenant is producing the issue rather than treating the pool as monolithic.

"What if we lack access to Postmaster and SNDS because the previous team set them up?"

The access recovery is part of Phase 01 of the audit. Postmaster Tools access recovery requires DNS verification of the sending domain; the customer adds a TXT record EMP provides, the verification completes within hours, and EMP either takes the account ownership or adds the customer team as new administrators. SNDS access recovery requires Microsoft verification through their account recovery process; the timeline is variable (1-7 days depending on Microsoft response) but the process is straightforward when the customer can demonstrate IP ownership through ARIN records or hosting provider documentation. If access recovery cannot complete within Phase 01, the audit proceeds with the sources that are accessible and notes the missing dimensions in the document; the customer can engage EMP for a supplementary audit after access recovery completes for the difference in scope.

"What is the cost difference if we follow up with recovery work?"

EMP credits the audit fee toward subsequent Sender Score Recovery or Reputation Recovery engagements run within 90 days of the audit delivery. The Standard Pool Audit at 2,900 USD credits in full toward Sender Score Severe Recovery at 5,800 USD, making the combined cost 5,800 USD rather than 8,700 USD if booked separately; the same credit structure applies to other tier combinations. The credit is one-time per customer and limited to 90 days from audit delivery to prevent indefinite price gaming. Customers who execute remediation internally and do not engage EMP for recovery pay only the audit fee; the credit structure exists to align EMP incentives with customer outcomes rather than to penalize the internal-execution path.

IP Reputation Audit FAQ

What deliverability teams ask before signing.

Why audit per IP rather than at pool average?

Averages mislead when reputation is heterogeneous:

Pool of 6 IPs at Sender Score average 82 can hide one IP at 45
Bad IP at 10% volume share drags actual deliverability
Gmail domain reputation High can mask 2-3 pool IPs at Medium
Round-robin balancing distributes traffic to all pool members

Per-IP scoring surfaces hidden variance and makes keep/recover/replace explicit.

Which five sources does EMP query?

Independent reputation dimensions:

Validity Sender Score: rolling 30-day, percentile vs other IPs
Gmail Postmaster IP-level: 7-day window, High/Medium/Low/Bad
Microsoft SNDS: 24-hour, Red/Yellow/Green per IP
DNSBL sweep: 25-41 active lists, real-time
FBL complaint rate: per-campaign per source IP

Which DNSBLs are still relevant in 2026?

Active universe shifted significantly:

Tier 1: Spamhaus ZEN/DBL/CSS, Barracuda BRBL
Tier 2: SpamCop, Mailspike, SpamRATS, PSBL
Tier 3: UCEPROTECT levels 1-3
Dead: SORBS (June 2024), NiX Spam (Jan 2026), WPBL (2024), Lashback (2021)

Audit focuses on Tier 1 + Tier 2 which drive real deliverability impact.

Does EMP execute remediation as part of the audit?

No, audit is diagnostic only:

Engagement ends with document + readout call
Customer team executes internally OR
Engages EMP separately for Recovery work
~40% execute internally
~60% engage EMP for recovery (audit fee credits toward recovery)

How does EMP decide keep, recover, or replace per IP?

Three-band classification across 5 sources:

Keep: 4+ sources healthy, stable, no blocklist (typical 50-70%)
Recover: 1-2 sources degraded, remediable, historical reputation valuable (20-35%)
Replace: 3+ sources critical OR Tier 1 blocklist, faster to abandon (5-15%)

What is the realistic audit timeline?

Tier-specific timelines:

Small Pool (2-4 IPs): 5 business days
Standard Pool (5-12 IPs): 7-10 business days
Enterprise Pool (12+ IPs): 10-14 business days

Constraint: rolling measurement windows of underlying sources. Cannot run faster.

Can the audit recommend blocklist delisting actions?

Yes, prioritized by severity tier:

Spamhaus: 24-48h manual via removal tool
SpamCop: auto-delist 24-48h without new signal
Barracuda: manual request with remediation evidence
UCEPROTECT L1: auto-expires ~1 week
UCEPROTECT L2/L3: ISP-level remediation required

What if the audit reveals no significant issues?

Clean audit ~15% of engagements. Deliverable contains:

Healthy state documentation across all 5 sources
Baseline for future drift detection
Recommended monitoring cadence
Minor optimization opportunities

EMP does not invent issues to justify fee. Clean audit is itself valuable as 12-month baseline reference.

Start with diagnosis. Per-IP scoring delivered in 5-14 days.

The scheduling call gathers four data points required to size the engagement: pool size and current Sender Score average (or estimate if not checked), receiver pattern of deliverability degradation (enterprise corporate, Gmail, mixed), Postmaster and SNDS access status (active, lost, never set up), urgency profile (proactive baseline vs reactive after deliverability incident). With those four points EMP issues a fixed-fee quote within 48 hours. The audit fee credits in full toward subsequent EMP Sender Score Recovery or Reputation Recovery engagements run within 90 days of audit delivery.

Start audit Ready for recovery instead

Bilateral NDA in 48h · Mon-Fri 9-18 GMT-5 · Atrium Tower Floor 15