Your email program is working. That doesn't mean it's ready for what comes next.

Your SPF, DKIM, and DMARC records may have been configured correctly when they were set up. But that was years ago. ESPs have changed. Your sending infrastructure may have grown in ways nobody fully documented. What passes a surface check today can become a deliverability problem tomorrow … or a compliance gap that surfaces at exactly the wrong moment.

This is the right engagement if you don't have an active delivery problem

You’re sending mail that was reaching inboxes and now isn’t. Bounce rates are climbing. Complaint rates are up. A major provider is filtering or blocking your messages and you don’t know whether the problem is in your authentication configuration, your sending reputation, your list practices, or something else entirely. You may have a technical team, or you may be handling this yourself. Either way, you need a clear picture of what’s wrong with your email deliverability before you can fix anything.

What the Technical Program Audit covers

This is a comprehensive technical assessment of a functioning email program. I review authentication configuration — SPF, DKIM, and DMARC records, including alignment and enforcement status — along with sending infrastructure, permission and list management practices, and monitoring coverage. The engagement produces a risk-ranked findings report and a concrete implementation roadmap. You’ll know what is working, what has drifted, and what needs to be addressed before your next major change.

Delivered in 5 business days from receipt of prerequisite materials.

What the Technical Program Audit includes

A written audit report organized by risk level — critical findings, significant findings, and lower-priority items — with each finding described in enough detail that your technical team knows exactly what they’re looking at and what to do about it.

A technical documentation package that reflects the current configuration as audited. If something changes after this engagement, you have a baseline.

An implementation roadmap with suggested sequencing and resource requirements, so your team can prioritize correctly rather than trying to address everything at once.

A one-hour review call to walk through the findings, answer questions, and clarify anything that needs more context.

Scope and boundaries

The audit delivers findings and a roadmap. Implementation of any changes is your team’s responsibility — I don’t make configuration changes directly.

The engagement covers the state of the program at the time of the audit. It does not include ongoing monitoring after delivery.

This is a technical engagement, not a legal one. Findings that carry legal or regulatory implications are noted and referred to qualified legal counsel.

What you need to bring

To complete the audit within the 5-business-day window, I’ll need the following from you before we start:

Current DNS and authentication records, or exports of them. Documentation of your existing email infrastructure, including any recent changes. A list of current ESPs and their configurations. Access to delivery monitoring systems if any are in place. Confirmation that I have permission to conduct a technical review of configuration details.

The more complete the picture at the start, the more useful the audit is at the end.

A free 30-minute assessment call is the right place to confirm this is the appropriate engagement for your situation

Name	Owner	Duration	Purpose
`comment_author_*`	WordPress	347 days	Saves your name, email address, and website URL when you post a comment so you do not have to re-enter them next time.
`wcc_consent`	WP Cookie Consent	30 days	Stores your cookie consent preferences so you are not asked again on every page visit. Contains only a random identifier — no personal information.
`wordpress_*`	WordPress	Session	Used by WordPress to authenticate logged-in visitors, remember authentication details, and to provide other essential security features.
`wordpress_logged_in_*`	WordPress	Session	Tells WordPress whether you are logged in to the site. WordPress uses this to show you the correct version of the site.
`wordpress_test_cookie`	WordPress	Session	Tests whether cookies are enabled in your browser. Deleted immediately after the test.
`wp-settings-*`	WordPress	1 year	Stores your personal WordPress dashboard and administration interface settings.
`wp_lang`	WordPress	1 year	Remembers your preferred language for the WordPress admin interface.

Name	Owner	Duration	Purpose
`aw_*`	AWeber	1 year	Set by AWeber when you sign up for an email list. Records your subscription status and preferences.
`jetpack*`	Jetpack by Automattic	1 year	Used by Jetpack to provide site statistics, security features, and related functionality.

Name	Owner	Duration	Purpose
`_ga`	Google Analytics	2 years	The main Google Analytics cookie. Used to distinguish unique visitors by assigning a randomly generated number as a client identifier.
`_ga_*`	Google Analytics	2 years	Used by Google Analytics 4 to persist session state and measure site usage.
`_gac_*`	Google Analytics / Google Ads	90 days	Contains campaign-related information. Shared between Google Analytics and Google Ads.
`_gat`	Google Analytics	1 minute	Used by Google Analytics to throttle request rate. Expires after 1 minute.
`_gid`	Google Analytics	24 hours	Used by Google Analytics to identify a user session. A new value is assigned each day.
`metricool_visit_*`	Metricool	1 year	Used by Metricool to track page visits and measure website traffic statistics.
`mtc_id`	Mautic	Session	A session identifier used by this site\'s marketing platform (Mautic) to track activity during your current visit. Expires when you close your browser.

Name	Owner	Duration	Purpose
`_fbc`	Meta (Facebook)	2 years	Used by Meta to store the last visit made with a click on an advertisement. Used for conversion tracking.
`_fbp`	Meta (Facebook)	3 months	Used by Meta to deliver a series of advertisement products such as real time bidding from third party advertisers.
`_gcl_*`	Google Ads	90 days	Used by Google Ads to measure the effectiveness of advertising campaigns and to track conversions.
`mautic_device_id`	Mautic		Assigned by this site\'s marketing platform (Mautic) to recognise your browser across visits. If you submit a form on this site, this identifier may be used to associate your browsing history with your contact record.