What this audit checks
Authentication & access
- OAuth refresh token valid (auth probe on /services/oauth2/userinfo) and not revoked
- instance_url resolves to the correct per-org host
- Connected-app scopes cover api + refresh_token + offline_access
- Environment (sandbox vs production) matches the configured login host
Deliverability & sender reputation
- Bounce rate above 5% (sustained) - sender reputation at risk
- Spam complaint rate above 0.3% - deliverability degradation
- Delivery rate below 95% - inbox-provider rejection rising
- Unsubscribe rate above 2% - list fatigue or off-target content
- Deliverability decay trend > 2σ vs 30-day baseline before a major campaign
Journey & automation health
- Welcome journey not Published (should be live)
- Abandoned-cart-equivalent journey not Published
- Journeys stuck in Draft > 30 days (launch tech debt)
- Published journey with stale enrollment_count_30d = 0 (trigger criteria broken)
List & subscriber hygiene
- Active reachable subscribers shrinking > 10% vs prior period while send volume holds
- Fewer than 3 segments - limited segmentation
- Lists with no growth and rising unsubscribe = cold audiences to sunset
- Opted-out contacts still receiving sends (consent breach)
Cross-channel: revenue-at-risk (the killer area)
- Email send attributedRevenue diverges materially from the commerce sibling’s order revenue for the same utm_source (attribution drift)
- Opportunity closed-won with no matching ecom order within 7d from the same contact (revenue-recognition gap)
- Repeat ecom customers (top decile per commerce sibling) with no open Salesforce opportunity (missed expansion signal)
- Paying ecom customers flagged HasOptedOutOfEmail or absent from Salesforce contacts (sync gap)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
bounce_rate | 2 | 5 |
spam_rate | 0.1 | 0.3 |
unsubscribe_rate | 0.5 | 2 |
delivery_rate | 95 | 92 |
open_rate | 10 | 5 |
Data sources
GET https://login.salesforce.com/services/oauth2/userinfo- Auth + org identity sanityGET https://yourorg.my.salesforce.com/services/data/v60.0/sobjects/Contact- Contact inventory + opt-out stateGET https://yourorg.my.salesforce.com/services/data/v60.0/sobjects/Opportunity- Opportunity pipeline for revenue-recognition joinGET https://yourorg.my.salesforce.com/services/data/v60.0/query- SOQL for derived counts (segments, lifecycle, closed-won)GET https://rest.marketingcloudapis.com/messaging/v1/messageDefinitionSends- Send stats: sent/delivered/opens/clicks/bounces/unsubscribes/spam/attributedRevenueGET https://rest.marketingcloudapis.com/interaction/v1/interactions- Journey inventory + status + trigger types + enrollmentGET https://rest.marketingcloudapis.com/contacts/v1/lists- List/segment inventory + subscriber counts for list health