Diagnostics · not a pipeline tool
SPF pass DKIM pass DMARC pass Still in Junk

Email Forensics

Every authentication check comes back clean and the email still lands in Junk. That contradiction is where Email Forensics starts: full header, SMTP, and infrastructure-history forensics until we find what a pass/fail authentication report can't show.

17+Years in the email channel & deliverability
8+Years building sending infrastructure

How we identify issues

  • Full header forensics: every hop and every anti-spam field a provider exposes, read in the order it actually matters
  • Authentication re-verified independently, not taken on the sending platform's word that SPF/DKIM/DMARC passed
  • SMTP route reconstructed hop by hop, from origin server to inbox, with every relay documented
  • DNSPulse-powered: every domain and IP touching the send audited for reputation history, not just current blocklist status
  • Root cause isolated and handed back with a corrective path, not just a diagnosis
What we read firstHeader sample

SCL: 5 spam confidence

SFV: SPM · CAT: SPM filtered as spam

BCL: 0 not a bulk sender

CompAuth: pass identity accepted

Identity can be accepted while reputation still fails. This field set tells us which one broke before we touch anything else.

Why authentication alone doesn't explain it SPF, DKIM, and DMARC prove identity: this message really came from who it says it came from. They say nothing about reputation. Mailbox providers score reputation across a much wider footprint than the sending server, including the abuse history on the sending IP, the domain's age, and, less obviously, the hosting reputation of any website tied to the sending domain. A clean authentication report and a Junk-foldered inbox can both be true at once.
Who this is for Teams who've already checked the obvious: SPF, DKIM, DMARC all pass, no blacklist listings, sending infrastructure looks healthy, and the mail still isn't landing. That's usually where in-house troubleshooting stops. It's where we start.

Staring at headers that all say pass?

If authentication checks out and the inbox still disagrees, that contradiction is exactly what we investigate. Send us what you're seeing or put time on the calendar directly.