What this audit checks
Authentication & access
- OAuth refresh token valid (auth on /crm/v5/org) and not revoked/expired
- API domain matches the org’s data centre (.com / .eu / .in / .com.au / .jp / .ca)
- Granted scopes cover Contacts, Leads, Deals, Campaigns and Settings READ
- Org not over its daily API credit budget (reads not throttled to 429)
Deliverability & sender health
- Bounce rate above 5% (sustained) over the trailing 30 days
- Spam-complaint rate above 0.3% (sender-reputation risk)
- Unsubscribe rate above 2% (content/targeting problem)
- Delivery rate below 95% (auth or list-hygiene rot - check SPF/DKIM)
- Open rate below 10% or click-to-open below 3% (engagement decay)
Automation & campaign health
- Workflow rules (flows) paused-heavy: >50% of rules in paused/archived state
- Active workflow rule with last_executed_at >24h ago (trigger criteria broken)
- Campaigns stuck in Planning/Scheduled past their send window
- Campaign sent with zero opens after 24h (delivery or rendering failure)
List & subscriber hygiene
- List/segment sprawl: many custom views with low active-member share (audience decay)
- Active subscriber base (Email_Opt_Out = false) shrinking >10% vs prior period
- Static lists not refreshed in >90 days (stale targeting)
- Custom-view segments returning zero members (broken filter criteria)
Cross-channel: revenue-at-risk (the killer area)
- Email-attributed revenue diverges materially from the ecom sibling’s matched order revenue (over-/under-attribution)
- Refund rate on email-attributed orders climbing while sends rise - measured-but-leaking revenue
- Paying ecom customers (sibling shopify/bigcommerce/adobe) unsubscribed or bounced in Zoho CRM - deliverable revenue cut off
- Won Zoho deals with no matching ecom order within 7 days (revenue-recognition gap)
Severity thresholds
| Signal | Warn | Critical |
|---|---|---|
bounce_rate_pct | 2 | 5 |
spam_complaint_rate_pct | 0.1 | 0.3 |
unsubscribe_rate_pct | 0.5 | 2 |
delivery_rate_pct | 98 | 95 |
open_rate_pct | 20 | 10 |
refund_rate_pct | 1 | 5 |
paused_workflow_share_pct | 40 | 60 |
active_subscriber_drop_pct | 10 | 25 |
Data sources
GET {api_domain}/crm/v5/org- OAuth token + org/data-centre sanityGET {api_domain}/crm/v5/Contacts- Subscriber base, Email_Opt_Out counts, list/segment membershipGET {api_domain}/crm/v5/Deals- Won-deal vs ecom-order reconciliation (revenue-recognition gap)GET {api_domain}/crm/v5/Campaigns- Campaign status, delivery/open/click/bounce/spam/unsub + attributed revenueGET {api_domain}/crm/v5/actions/workflow_rules- Workflow-rule (flow) status, trigger types, execution recencyGET {api_domain}/crm/v5/settings/custom_views- List/segment inventory, member + active-member counts for hygiene checks