Authentication and placement are two halves of the same question. An auth report with no placement context tells you the records are valid; a placement report with no auth context tells you where mail lands without explaining why. You need both, tied together.
What's in a single report
- SPF record parsed, include chain, lookup count, alignment.
- DKIM selectors published, key size, d= domain alignment.
- DMARC policy, reporting, sub-policy, inheritance.
- BIMI record presence + VMC check.
- MTA-STS and TLS-RPT publication.
- PTR/rDNS verification for the sending IP.
- Placement per provider (30+).
- Per-seed folder detail.
- Cross-referenced: auth verdict the seed actually observed.
Why cross-reference matters
- Your record says
p=quarantine; a seed reportsdmarc=fail. Now you know which sub-send is breaking alignment. - Your SPF is valid, but a seed observed
spf=softfail. The Return-Path alignment was off for that route. - Your DKIM is published; a seed observed
dkim=none. That provider didn't accept the selector — investigate.
Example
A customer was scoring 72% Gmail placement with clean authentication records. The per-seed cross-reference showed 11 of 50 Gmail seeds reporting dmarc=fail. Root cause: a secondary subdomain was being routed through a legacy ESP without DMARC alignment. Fixed in 15 minutes; placement went to 87%.
Get a cross-referenced report
Run one test. Both halves, one report, free.
FAQ
Is the auth audit static or live?
Live — we query DNS at test time and cross-reference against what each seed actually received. Point-in-time accurate.
Do you offer DMARC aggregate report parsing?
Yes, via our domain-monitoring add-on (free). Point your rua= at the address we provide and we'll digest the XML into readable insights.
Is this enough for a compliance audit?
For most Gmail/Yahoo 2024 bulk-sender compliance checks, yes. For formal PCI/SOC audits you'll want to include your internal logs — but our report is a useful input.
Related reading