SaaS email program audit

Score your email program across consent, sending identity, product data, lifecycle coverage, workflow safety, deliverability, and measurement. The result is a short repair list, not a vanity maturity badge.

Resources

Score your program out of 14

Give each area 0, 1, or 2 points. A 0 means missing or unknown. A 1 means partly implemented, manual, or unmonitored. A 2 means documented, live, owned, and checked with evidence.

Area

A 2 means

Consent

Marketing permission and preferences are recorded, unsubscribe is easy, and transactional messages stay operational.

Identity & domains

SPF, DKIM, and DMARC pass; the From domain is recognizable; replies reach a monitored inbox.

Data & events

Critical product events have definitions, owners, test cases, and enough context to drive the right message.

Lifecycle coverage

Signup, activation, adoption, expansion, risk, win-back, and account-critical moments each have an intentional email path.

Workflow safety

Entry, exit, re-entry, suppression, delay, and frequency rules prevent duplicate or contradictory messages.

Deliverability

Bounces, complaints, and unsubscribes are monitored; inactive contacts have a policy; sudden changes have an owner.

Measurement

Every email has one job, one decision metric, and a named person who reviews it on a regular cadence.

Loops uses these ranges as a triage heuristic: 0–4 is fragile, 5–9 is partial, 10–12 is healthy, and 13–14 is strong. This is not an industry standard. Review the evidence behind each score before acting on the total.

Rule: score what is true today. A planned workflow, undocumented event, or dashboard nobody reads does not earn full credit.

Audit each layer

Consent and identity

Pull your signup forms, preference center, unsubscribe path, sending-domain records, and From addresses. Confirm what people agreed to, which messages bypass marketing preferences, and who receives replies. Fix ambiguity before adding automation.

Data and lifecycle coverage

List the product events that should change what a user receives. For each event, record its source, required properties, owner, and a real example payload. Then map the lifecycle moments you cover today and mark where users get silence, generic blasts, or two messages for the same action.

Workflow safety

Inspect every live workflow for entry, re-entry, exit, suppression, delay, and frequency rules. Test the awkward cases: a user upgrades mid-sequence, cancels and returns, belongs to two segments, or triggers the same event twice. The audit passes when the resulting inbox still makes sense.

Measurement and ownership

Assign one job to each email: activate, educate, recover, confirm, or convert. Pair it with the nearest behavior metric, not just opens. Name the person who reviews the result, the review cadence, and the action they will take when the metric moves.

Run the audit in 60 minutes

Run this with one person each from growth, product, and engineering. Their disagreements expose undocumented assumptions.

30-day repair order

Week 1: stop risk. Fix permission, authentication, unsubscribe, bounce, complaint, and transactional-email problems.
Week 2: fix the data contract. Define the events and properties your highest-value lifecycle messages depend on, then add test cases.
Week 3: repair coverage and safety. Fill the most costly lifecycle gap and test entry, exit, re-entry, and duplicate-event behavior.
Week 4: install the review loop. Set one goal per message, assign an owner, and schedule the next audit.

What maturity is not

More workflows can create collisions without fixing coverage.
Channel count does not prove email maturity. Push, SMS, in-app, and an enterprise orchestration layer are separate requirements.
Personalization tokens come after correct timing and product context.
Open rates are noisy and do not prove that a message changed behavior.
A platform migration only helps when a documented requirement, operating cost, or reliability problem justifies it.

Common questions

What is a healthy SaaS email program audit score?

Who should participate in the audit?

How often should we run the audit?

Can this replace inbox placement testing?

What should we fix first?

How is this different from a deliverability audit?

Go deeper with the email deliverability guide, then map your lifecycle email coverage.