Folderly Flash Send-readiness test Have Folderly fix this

How we score deliverability

No black box. Flash's score is a deterministic function of signals mailbox providers actually act on — the same email always scores within ±3 points. No LLM is anywhere in the scoring path. Here's what we measure, how it's weighted, and how DNS and identity failures are broken into fixable sub-checks.

The weights

A complete score is out of 100, across five components:

  1. Inbox placement — 55. Does the message land in the inbox vs spam at real seed inboxes across mailbox-provider families. Flash only publishes placement when provider quorum is high enough; otherwise it falls back to the setup grade.
  2. Authentication — 15. SPF, DKIM, and DMARC, read as an enforcement verdict — not "is SPF present" but "will a mailbox provider accept this identity." This component now breaks out SPF DNS, SPF alignment, DKIM selector DNS, DKIM alignment, DMARC DNS policy quality and BIMI readiness.
  3. Content — 10. Spam-pattern matching on the decoded message body (MIME/HTML decoded first), text-to-image balance, link density.
  4. Blacklist — 10. The connecting IP against Spamhaus ZEN and Barracuda. Shared provider relays (Gmail/Outlook/SES) are skipped — their reputation isn't yours to own.
  5. Hygiene — 10. Date, Message-ID, From and List-Unsubscribe headers, reverse DNS/HELO, MTA-STS/TLS-RPT posture, plus non-scoring sender-platform and identity fingerprint details.

Setup grade vs. full score

Until inbox-placement seeds are measured for your test, that 55-point component isn't counted as zero — it's excluded, and we show a letter grade for your setup (auth + content + blacklist + hygiene) instead. A perfect configuration reads as an "A," never "42 / failing." Once placement is measured, the score becomes a true composite out of 100.

Auth sub-breakdown

The authentication score stays deterministic, but the report is split into sharper diagnostics so a failed auth verdict points to the exact DNS or SMTP identity problem:

  1. DKIM DNS audit. Selector lookup, TXT/CNAME resolution, public key presence, key quality, duplicate records, revoked keys and d= alignment.
  2. DMARC DNS audit. One valid _dmarc record, policy strength, rua reporting, pct, sp, adkim, aspf and a safe path from monitoring to enforcement.
  3. SPF alignment. Separate SPF record health from DMARC alignment by comparing the authenticated Return-Path / envelope domain with the visible From domain.
  4. BIMI readiness. Enforced DMARC, BIMI DNS, HTTPS SVG logo hosting and certificate readiness where inbox providers require it.

Infrastructure and transport

Infrastructure checks live under the hygiene component because they are not replacements for SPF, DKIM and DMARC, but they do affect whether the sender looks stable and professionally operated.

  1. Reverse DNS and HELO/EHLO. Dedicated sending IPs need a meaningful PTR, forward-confirmed hostname and stable SMTP greeting instead of generic cloud or localhost identities. Shared Gmail, Outlook, SES and similar relays are treated as provider-managed.
  2. MTA-STS and TLS-RPT. DNS records for transport-security policy and reporting are checked as domain-security posture. Temporary DNS failures return unknown, not a penalty.
  3. Sender platform fingerprint. Flash identifies common sources such as Google Workspace, Microsoft 365, Amazon SES, SendGrid, Mailgun, Postmark, HubSpot, Mailchimp/Mandrill, Klaviyo, Salesforce/Pardot, Apollo, Instantly and Smartlead from relay hosts, DKIM domains and platform headers.

What we deliberately refuse to do

The refusals

No LLM in the scoring path. Every point is a rule with a one-sentence reason. A language model can't be audited or reproduced; a rule can.

No publishing a score for a domain you don't control. A public share card requires the From-domain to be DMARC-aligned or DNS-verified — so no one can spoof a competitor and publish a damaging "0/100."

No DNSBL-ing shared relays. If you send through Gmail/Outlook/SES, that IP's reputation is the provider's, not yours — we don't penalize you for it.

No vanity inflation. We'd rather show an honest "placement not measured yet" than a confident number we didn't earn.

Data sources

See it on your own email. Send one message and watch every component score, with the reason for each.
Run a free test →
Built by the deliverability team at Folderly →