Assessment Methodology
Every Vaixus engagement follows a nine-step structured methodology. The process is identical regardless of domain count, infrastructure complexity, or engagement scope — what changes is depth, not structure.
The Nine Steps
Discover
Collect infrastructure data and supporting evidence across DNS, mail platform configuration, authentication records, and transport security controls.
- Enumerate all mail-related DNS records from authoritative resolvers
- Identify sending platforms, mail service providers, and relay services
- Map subdomain structure and routing relationships
- Collect SMTP banner responses and EHLO capability advertisements
- Document third-party platform dependencies and integration points
Map
Build a complete picture of infrastructure relationships, routing dependencies, and environment topology. Every sending path, relay relationship, and subdomain configuration is documented.
- Build complete sending infrastructure topology diagram
- Identify all mail relay relationships and forwarding paths
- Document provider dependencies and service boundaries
- Map authentication record relationships to infrastructure components
- Identify environment gaps and monitoring blindspots
Analyze
Evaluate each assessment layer — authentication alignment, transport security configuration, routing controls, and reputation signals — against defined standards.
- Authentication: SPF lookup chain, DKIM selectors, DMARC policy and alignment
- Transport security: DNSSEC DS/DNSKEY, MTA-STS policy, TLS-RPT configuration
- Routing: MX configuration, relay relationships, backup routing paths
- Reputation: IP and domain blocklist status, sending reputation signals
- BIMI and VMC deployment status where applicable
Correlate
Examine relationships between individual findings. Separate symptoms — observable effects — from root causes. A single misconfiguration may produce multiple observable failures.
- Identify configuration chains where one issue causes multiple symptoms
- Determine which findings share a common underlying cause
- Separate deliverability symptoms from infrastructure root causes
- Prioritise findings by impact and remediation dependency ordering
- Document causal relationships for the consultant review stage
Review
A consultant reviews all automated analysis results, validates evidence quality, removes false positives, and confirms root-cause attribution. Nothing reaches a report without human sign-off.
- Validate evidence collection accuracy and source quality
- Remove false positives and ambiguous findings
- Confirm root-cause attribution for each finding
- Add business context and implementation considerations
- Approve the final finding set before report generation
Deliver
Assessment findings, evidence, business impact analysis, and prioritised remediation guidance are compiled into structured reports and delivered to the engagement contact.
- Assessment Report with all findings, evidence, and business impact
- Executive Summary prepared for leadership and decision makers
- Remediation guidance prioritised by severity and urgency
- Implementation notes and change sequencing recommendations
- All evidence timestamped and source-referenced
Implement
Approved remediation activities are executed through structured change management procedures. Each change is staged and validated before proceeding to the next.
- Changes executed through documented change management procedures
- Rollback capability maintained at every step
- Configuration snapshots taken before each change
- Changes validated immediately after deployment
- Progress documented for verification comparison
Verify
Post-implementation evidence is collected and compared to the original finding state. An engagement is not closed until the intended outcome is confirmed by evidence, not assumption.
- DNS records re-queried from authoritative resolvers
- Authentication alignment re-evaluated after changes
- Reputation signals re-assessed following remediation
- Before/after evidence comparison documented
- Verification Report generated and delivered
Monitor
Optional continuous monitoring tracks infrastructure state over time and detects deviations from the verified baseline — before they become deliverability incidents.
- Authentication record change detection (SPF, DKIM, DMARC)
- Infrastructure configuration drift alerting
- IP and domain reputation trend analysis
- Monthly infrastructure health and change summary reports
- Regression detection triggers reassessment recommendation
Evidence Standards
Every finding in a Vaixus assessment is backed by collected evidence. No finding is delivered on inference alone.
Collected directly from authoritative resolvers, not cached or third-party data. Every record carries a collected_at UTC timestamp.
Live server responses including EHLO capabilities, banner content, and TLS negotiation results. Collected per sending infrastructure component.
Record content, lookup chains, and alignment evaluation. SPF lookup depth counted. DKIM key strength assessed. DMARC policy and alignment verified.
Blocklist response status from major DNSBLs. Sending reputation signals from DNS-based intelligence feeds. IP and domain data collected separately.
All evidence carries a collected_at UTC timestamp and a documented source. Evidence quality is validated during the consultant review stage.
What Clients Receive
Every engagement produces structured deliverables designed to support both technical implementation and executive decision-making.
Full findings, evidence, root-cause analysis, and business impact for every identified issue.
High-level summary of primary risks, priority actions, and expected outcomes for leadership review.
Structured implementation guidance with sequencing, rollback procedures, and validation requirements.
Post-implementation evidence comparison confirming remediation outcomes before engagement closure.
Ongoing infrastructure health summaries and change tracking reports. Available with Monitoring retainer.
Sample deliverables using synthetic domains are available for review. View Sample Reports →
Ready to begin an assessment?
Submit a request and we will review your domain, scope the engagement, and respond within one business day.
Request Assessment