Skip to content
OS Domains
Deliverability · Recovery service

Reputation recovery for senders in acute crisis, with the honest stance that delisting submission is free and the work we charge for is everything around it

Reputation recovery is the process of restoring a sending domain or IP's standing with mailbox providers after a deliverability incident — a blacklisting, a spam-trap hit, a complaint spike — so mail returns to the inbox instead of spam or rejection. OS Domains runs recovery as a managed six-phase engagement with daily updates: triage, root-cause diagnosis, remediation, coordinated delisting, controlled re-warming and a closing handoff, for senders whose inbox placement has collapsed and needs a structured way back.

Most reputation recovery services charge you to fill out a Spamhaus delisting form. The form is free and you can fill it out yourself; the cost is in pretending the form is the product. We do not pretend. The work we charge for is the diagnostic that identifies why you got listed, the remediation that fixes the underlying issue, the coordinated delisting submission that includes evidence of the fix, and the re-warming that prevents immediate relisting. From €499 for diagnostic only, up to €4,999 for the full engagement with re-warming including post-delisting reputation rebuild. Same engineering team that has been operating email infrastructure since 2008 with hundreds of recovery engagements behind us.

In short

  • A six-phase managed engagement with daily updates and a clear handoff at each step, from triage to closing report.
  • Recovery runs from about 10 days for a delisting up to six weeks when full re-warming is part of the fix.
  • Targets the real causes — blacklist/RBL listings including Spamhaus, spam-trap hits, complaint spikes and authentication failures — not just a re-warm.
  • Three engagement sizes: Diagnostic €499, Recovery Engagement €2,499, Full Recovery + Re-warming €4,999, plus custom — flat-fee and scoped.
  • Honest fit check: when DIY or a tool like Warmy/MailReach is enough, we say so rather than sell an engagement.
The recovery curve

How does reputation recovery work?

An incident drops reputation sharply; recovery is the structured climb back. Triage and diagnosis find the real cause, remediation fixes it, a coordinated delisting clears the listing, and controlled re-warming rebuilds trust until placement returns. Rushing back to full volume before the cause is fixed just re-triggers the listing. The diagram shows the shape.

rep. low Incident Triage Remediation Delisting Re-warming Recovered reputation collapses placement restored Returning to full volume before the cause is fixed re-triggers the listing.

A listing is a concrete, checkable fact — a DNSBL query returns a code when the IP is listed, and an empty answer once the coordinated delisting clears:

# Is the sending IP listed? (reversed-octet Spamhaus query)
$ dig +short 45.113.0.203.zen.spamhaus.org
127.0.0.3

# after remediation and a coordinated delisting, re-check:
$ dig +short 45.113.0.203.zen.spamhaus.org
$
# empty answer = no longer listed
What this service actually is

A managed recovery engagement for the rare days when reputation collapsed and the business needs it back

Most senders never need this product. A typical sender with reasonable list quality, working authentication, and steady volume will not encounter a serious reputation incident in years of operation. The product exists because the rare days when it does happen are catastrophic to the business: outbound stops working, customer support emails start bouncing, transactional flows fail, and the team running the email infrastructure suddenly has to learn Spamhaus delisting procedures while the business waits. The recovery engagement compresses that learning curve into a managed service with predictable outcomes.

The honest framing first. The actual delisting submission to Spamhaus, Barracuda, Microsoft, Google, and the major blacklists is free everywhere. Spamhaus has a public removal form. Barracuda accepts emails to barracudacentral. Microsoft has a sender support portal. Anyone charging you only to submit the form is selling you a service you can do yourself in 10 minutes. We do not charge for that. What we charge for is the work surrounding the form: the diagnostic that identifies what actually caused the listing, the remediation that fixes the underlying problem, the documentation that the form requires (evidence of the fix, change logs, security audit results), and the post-delisting re-warming that prevents immediate relisting. The form itself is a 10-minute task; the work that makes the form actually result in delisting is the product.

Where this service shines is the moment a sender lands on Spamhaus SBL or DBL with no idea why, the bounces are stacking up, the executive team is asking when email will work again, and the team running the infrastructure has never personally handled this scenario before. We have. The engineers who run our recovery engagements have collectively handled hundreds of major reputation incidents going back well over a decade, across most flavors of root cause: compromised credentials sending outbound spam, list quality decay leading to spam trap hits, sudden volume spikes triggering snowshoe detection, content patterns matching known abusive templates, IP neighborhood reputation degradation, registrar issues affecting domain reputation. Each scenario has a different remediation, and the wrong remediation makes the problem worse.

Worth saying upfront about scope. We handle email-specific reputation: IP reputation, domain reputation, sender authentication, blacklist listings, Postmaster Tools and SNDS state. We do not handle broader brand reputation, web search ranking penalties, social media reputation, or anything outside the technical email layer. We do not handle the underlying business decisions that may have contributed to the incident (your sales team buying a list of dubious origin, your marketing team pushing send volume past safe thresholds, your customer success team turning every transactional email into a marketing email). Those are conversations the customer has internally; we work on the technical recovery and let the customer figure out the organizational changes.

And explicit about outcomes. Recovery engagements aim to restore your sending capability to pre-incident state within the engagement window: 14 days for Diagnostic + Recovery, 42 days for Full Recovery with Re-warming. The outcome we commit to is reputation stabilization at the volume level you specified during onboarding, not an arbitrary perfection metric. If we cannot stabilize reputation within the engagement window, the customer gets a full refund or an extended engagement at no charge, customer choice. We have not had a complete recovery failure in the last 24 months but the warranty exists because reputation work has inherent probabilistic elements (how stuck the listing is, how cooperative the receiver-side response, what underlying issues we discover during diagnostic) and the contract should be clean about what happens.

One last clarification before the rest of the page. This service is reactive, not preventive. If you are reading this page proactively because you want to avoid future reputation incidents, the right products are /managed-dmarc for authentication discipline and /deliverability-monitoring for ongoing visibility. Recovery is what happens after prevention has already failed. Customers who buy recovery engagements often subscribe to monitoring afterward to avoid repeat incidents; the cross-sell is natural rather than aggressive because the value of monitoring is obvious to anyone who has just lived through a reputation collapse.

And worth saying about emotional context. Reputation recovery engagements arrive with a particular intensity that other infrastructure work does not have. The team running the email infrastructure is usually under executive pressure, the business is losing money every day the recovery takes, and the people on the customer side are frequently working long hours when the call comes in. We try to be useful in that environment by being clear about timelines, honest about uncertainty, and explicit about what the customer needs to do versus what we handle. The thing that does not help during a reputation crisis is a vendor giving optimistic timelines or vague reassurances; we do the opposite. The triage call is realistic and sometimes uncomfortable; the engagement that follows is usually calmer because the realistic framing was set up front.

Incidents we have actually handled

Six scenarios where the recovery engagement is the right answer

Below are the incident patterns we encounter most often. If your situation matches one of these, the engagement is structured for you. If your situation does not match (most senders do not need this product), the discovery call covers what does fit.

Incident 01

Spamhaus SBL or DBL listing with active business impact

Your IP or domain landed on a major Spamhaus blocklist. Outbound delivery to Microsoft, Gmail, and most enterprise mail gateways is broken. Bounces show 550 5.7.1 or 550 5.7.501 codes referencing Spamhaus. The diagnostic identifies the root cause (compromised credentials, list quality issue, content pattern, infrastructure problem), the remediation fixes it, the delisting submission includes the evidence Spamhaus requires for review, and the re-warming prevents immediate re-listing. Most common incident type we handle.

Incident 02

Sustained Postmaster Tools Bad reputation

Google Postmaster Tools shows your domain reputation as Bad for 7+ consecutive days, or the IP reputation as Low for sustained periods. Gmail placement has cratered to 30 to 50 percent inbox or worse. The recovery focuses on identifying what behavior is driving the Google-side classification (high complaint rate, suspicious volume patterns, authentication failures), fixing the underlying issue, and gradually rebuilding reputation through controlled volume reduction and re-warming. Recovery typically takes 14 to 28 days.

Incident 03

Microsoft SNDS Red status with delivery failures

Your IP shows Red on Microsoft SNDS sustained over multiple days. Outlook and Microsoft 365 delivery rates have collapsed. Recovery engagements for Microsoft-side issues are structurally different from Spamhaus or Google because Microsoft uses signals that overlap but do not align perfectly with the other major receivers. The diagnostic identifies the Microsoft-specific triggers, the remediation addresses them, and the re-warming includes Microsoft-targeted volume coordination.

Incident 04

Compromised sending account with downstream reputation damage

Your Workspace, Microsoft 365, or other ESP account was compromised, the attacker sent spam from your domain, and now your reputation is wrecked across multiple blacklists and receiver-side systems. The recovery includes credential rotation guidance, post-incident audit, coordinated delisting across affected services, and re-warming. Customers in this scenario often need our work alongside their security team's incident response; we coordinate with whoever is handling the broader incident.

Incident 05

Repeat blacklist offender with operational pattern issues

Your IPs have been listed on Spamhaus or other major blacklists multiple times over recent months, suggesting a pattern issue rather than a one-time incident. Recovery for repeat offenders is structurally different: in addition to the technical recovery, we identify the operational pattern driving the relistings (typically a list-quality issue, a content issue, or a volume management issue that the team keeps reverting to), and we recommend operational changes to prevent the next incident. Customers with this pattern often graduate to ongoing monitoring after the recovery.

Incident 06

Migration-induced reputation incidents

You migrated from one ESP to another, your old IP space carried reputation that the new platform inherited and could not handle, and now both old and new IPs have problems. Recovery engagements during migration are coordinated work: we cannot fix reputation on infrastructure you no longer control, but we can stabilize the new infrastructure and document a clean migration path that prevents the cascade. Customers in this scenario often combine the recovery with our /migration-service product for a full transition.

How the recovery actually runs

How long does reputation recovery take?

Recovery runs from about 10 days for a delisting up to six weeks when full re-warming is needed. Below is the engagement structure for a Recovery Engagement (€2,499) or Full Recovery + Re-warming (€4,999). The Diagnostic-only product (€499) covers Phase 1 and 2 only and produces a remediation playbook that the customer executes themselves. Phases 3 through 6 are where the full engagement adds value over self-service.

01

Triage and baseline (day 1)

A 60 to 90 minute call with whoever in your team is currently handling the incident. We capture the symptoms (which receivers are affected, what bounce codes are arriving, when the issue started, what changed in the period leading up), pull current state from Postmaster Tools, SNDS, Sender Score, and 50+ blacklist sources, and identify which blacklists or reputation systems are actively impacting you. The triage output identifies the immediate priorities and the order to address them.

02

Root cause diagnostic (day 1-3)

The technical investigation that identifies what actually caused the incident. This phase is where the engagement adds the most value because most teams cannot do this themselves: the diagnostic involves cross-referencing DMARC reports, mail server logs, Postmaster data, recent campaign sends, list quality patterns, content analysis, and historical context. The output is a written diagnostic report identifying the root cause with evidence, the secondary contributing factors, and the remediation steps required.

03

Remediation execution (day 3-7)

The actual fix work. Depending on root cause: list cleaning to remove invalid addresses and spam traps, content adjustments to remove spam-triggering patterns, server configuration changes to fix authentication issues, credential rotation for compromised accounts, infrastructure changes to address volume management problems. Most remediation is work the customer team executes with our guidance; for Full Recovery engagements we can execute on our side where it makes operational sense (DMARC reporting setup, monitoring configuration, warming pool integration).

04

Coordinated delisting submission (day 5-10)

Once the remediation is complete, we coordinate the delisting submissions. The submission is free and the customer team can do it themselves; what we add is the documentation that the major blacklists actually require for review. Spamhaus rejects vague requests; the documentation we prepare includes the diagnostic evidence, the specific remediation actions taken, the timeline, and the technical details that demonstrate the underlying issue is genuinely resolved. Submissions usually result in delisting within 24 to 72 hours when the documentation is right.

05

Re-warming (day 10-42, Full Recovery only)

Post-delisting reputation rebuilding. The IP or domain is delisted but reputation has been damaged; sending at full volume immediately would re-trigger the listing within days. We run a coordinated re-warming similar to our /ip-warming product (which is what this phase actually is): controlled volume ramp, dynamic curve based on real placement metrics, daily reputation reports, gradual return to target volume. The re-warming phase is included only in the Full Recovery + Re-warming product because most senders without re-warming get re-listed within 1 to 2 weeks.

06

Closing report and handoff (final day)

Documented closing report covering what happened, what was done, what reputation state was achieved, and recommended ongoing practices to prevent recurrence. The report is structured for both technical teams (specific actions, monitoring metrics, alert thresholds) and executive teams (incident summary, business impact, prevention measures). Customers who subscribe to /deliverability-monitoring after recovery get the monitoring configured to specifically watch for the failure pattern that caused this incident, providing early warning if similar conditions recur.

How we compare to alternative paths

Honest comparison with DIY, Warmy/MailReach, and traditional consulting

Most senders considering recovery services compare three paths: do it yourself, use a tool-based service, or hire deliverability consulting. Below is an honest comparison.

Attribute OS Domains DIY Warmy / MailReach Traditional consulting
Total cost for typical Spamhaus recovery €2,499 (Recovery Engagement) €0 cash + 20 to 60 hours engineering $129/mo subscription (ongoing) €3,000 to €8,000
Outcome guarantee Yes, refund if not stabilized No, you own the outcome No explicit guarantee Variable, contract-dependent
Time to delisting 5 to 10 days typical 5 to 21 days (depends on expertise) No specific timeline 7 to 21 days typical
Re-warming included Yes, in Full Recovery (€4,999) You execute warmup manually Yes, AI-driven warmup Variable, often extra cost
Engineer-led vs AI-driven Engineer-led, with humans on every engagement Your engineers AI-driven, mostly automated Engineer-led
EU sovereign Yes, Austrian GmbH You choose your tools No, US company Variable
Years of email operations 17 years (since 2008) Variable 2018 Variable
Includes diagnostic of root cause Yes, written report Your responsibility Limited (tool diagnostics) Usually yes
Pricing — one-time engagements

How much does reputation recovery cost?

Engagements are €499 (Diagnostic), €2,499 (Recovery Engagement) and €4,999 (Full Recovery + Re-warming), plus custom for complex cases. Pricing is per-engagement, not subscription. The work has a defined start and end, produces documented outcomes, and the engagement closes. Customers needing ongoing protection after recovery typically subscribe to /deliverability-monitoring at €49 to €399 per month depending on scale; the monitoring is the natural follow-on to the recovery work.

Diagnostic

For teams confident in their execution who need an expert root cause analysis.

€499 one-time

Diagnostic delivered within 5 business days

Ideal for

Internal teams with deliverability experience who can execute remediation themselves once they know what is wrong; senders evaluating whether to hire a full recovery or DIY.

  • Triage and baseline assessment
  • Root cause diagnostic with written report
  • Remediation playbook tailored to your incident
  • Reading list of receiver-specific guidance
  • One follow-up call (30 min) within 14 days
  • Email support during the engagement window (14 days)
  • Customer executes remediation independently
  • Deduction of €499 from Recovery Engagement if you upgrade within 14 days
Order Diagnostic
Most chosen

Recovery Engagement

Standard engagement for typical Spamhaus or Postmaster reputation incidents.

€2,499 one-time

Engagement starts within 24 to 48 hours of contract sign

Ideal for

Senders with active reputation crisis affecting business operations; teams without in-house deliverability expertise; agencies handling client incidents.

  • Everything in Diagnostic
  • Remediation execution guidance with daily check-ins
  • Coordinated delisting submission with documented evidence
  • Direct coordination with Spamhaus, Barracuda, Microsoft, Google as needed
  • Daily progress reports during the engagement
  • 14-day engagement window from triage to delisting confirmation
  • Outcome guarantee: refund if reputation does not stabilize
  • 30-day post-engagement support window for follow-up questions
Order Recovery Engagement

Full Recovery + Re-warming

For severe incidents where re-warming after delisting is essential.

€4,999 one-time

Engagement starts within 24 to 48 hours of contract sign

Ideal for

Senders with severe reputation damage requiring re-warming; senders with high-volume operations that cannot afford post-delisting re-listing; senders who experienced compromise and need infrastructure-side rebuild.

  • Everything in Recovery Engagement
  • 28-day post-delisting re-warming on the affected IPs
  • Dynamic warming curve based on real placement metrics
  • Coordination with /ip-warming methodology
  • Daily reports during re-warming phase
  • Final placement report with per-receiver breakdown
  • 42-day total engagement window
  • Outcome guarantee: refund if reputation does not stabilize after re-warming
  • Quarterly review session post-handoff (free for first 90 days)
Order Full Recovery

Custom

For multi-IP incidents, repeat offender patterns, or complex compromise scenarios.

Custom engagement

Engagement starts 5 to 10 business days after contract sign

Ideal for

Multi-IP fleets affected simultaneously; repeat offender patterns requiring operational consultation; compromised infrastructure needing security coordination; agencies with multiple client incidents simultaneously.

  • Custom engagement scoping based on incident severity
  • Multi-IP coordinated recovery
  • Repeat-offender operational pattern review
  • Security incident coordination if applicable
  • Multi-week or multi-month engagement timelines
  • Dedicated deliverability engineer assigned
  • Custom outcome metrics and SLA terms
  • Custom contractual structure
  • Discovery call (90 min) before engagement
Talk to sales

Engagements that fail to stabilize reputation within the documented window get a full refund or extended engagement at no charge, customer choice. Diagnostic-only engagements are not refundable since the diagnostic is the deliverable; if the diagnostic determines the incident is genuinely unrecoverable (rare but possible), we communicate that clearly and the next steps depend on the situation. Customers who upgrade from Diagnostic to Recovery Engagement within 14 days get the €499 Diagnostic fee deducted from the upgrade.

Real questions from teams in crisis

What buyers ask when reputation has collapsed

Why pay €2,499 when Spamhaus delisting is free?

Two reasons. First: the delisting submission is free, but the work that makes the submission actually result in delisting is not. Spamhaus rejects vague requests; the form asks for evidence of the fix, technical details about what changed, and demonstration that the issue is genuinely resolved. Without that documentation, the request gets rejected or sits in a queue. Our engagement produces the documentation as a byproduct of the diagnostic and remediation work. Second: the work that prevents immediate re-listing. Most senders who do DIY delisting get re-listed within days because they did not address the root cause; the diagnostic identifies what actually needs to change, the remediation makes the change, and the delisting submission documents both. The form is the easy part; the rest is the product.

What is the realistic timeline for recovery?

For typical Spamhaus listings with clear root cause: 5 to 10 days from engagement start to delisting confirmation. For Postmaster Tools Bad reputation: 14 to 28 days for reputation to return to Medium or High. For Microsoft SNDS Red: 14 to 21 days typically. Full Recovery + Re-warming engagements run 42 days end to end because the re-warming phase is the longest. Custom engagements (multi-IP, repeat offender, compromise) vary widely: a coordinated multi-IP fleet recovery can take 2 to 3 months. The triage call gives a more specific timeline based on your situation.

How honest are you about whether we should buy this versus do it ourselves?

Genuinely honest. About 30 percent of inquiries get a recommendation to do it themselves with our diagnostic playbook (€499) rather than the full engagement. Common scenarios where DIY is the right answer: clear root cause already known, internal team with deliverability experience, simple Spamhaus PBL listing (which is automatic and self-service), single small Postmaster reputation drop with obvious cause. Common scenarios where the full engagement adds value: severe Spamhaus SBL or DBL listings, sustained Postmaster Bad reputation, suspected compromise, repeat offender patterns, executive pressure for fast resolution. The triage call covers which side you fall on.

What happens if you cannot recover the reputation?

The contractual outcome is reputation stabilization at the volume level you specified during onboarding. If we cannot achieve that within the engagement window, the customer gets a full refund or an extended engagement at no charge, customer choice. We have not had a complete recovery failure in the last 24 months but the warranty exists because reputation work has inherent probabilistic elements. In rare cases where the diagnostic determines the IP is genuinely unrecoverable (typically because the underlying business issue cannot be resolved, or because the IP has been compromised in ways that preclude recovery), we communicate that clearly during the diagnostic phase and the customer can stop the engagement at the diagnostic-only price.

Do you handle reputation across all blacklists or only major ones?

Major blacklists with real receiver impact: Spamhaus (SBL, CSS, XBL, PBL, DBL), Barracuda BRBL, SORBS aggregate, UCEPROTECT levels 1 and 2, Invaluement, the major regional lists. Plus receiver-side reputation systems: Google Postmaster Tools, Microsoft SNDS, Sender Score, Talos. We do not chase delisting on minor blacklists with negligible real-world impact (UCEPROTECT level 3, obscure DNSBLs, hyperlocal regional lists with under 100 users) because the work-to-impact ratio is poor. The diagnostic identifies which blacklists actually matter for your situation and the engagement focuses on those.

How do you handle the situation where the customer caused the incident through bad practice?

We address it directly, on the triage call. About 60 percent of incidents we recover from have a list quality issue at the root, 25 percent have a content or volume management issue, 10 percent are compromise-related, and 5 percent are infrastructure or registrar issues. For incidents caused by customer practice, we are explicit during the diagnostic about what changed and what needs to stop changing. We are not in the business of letting customers continue the practice that caused the incident; if the customer cannot or will not address the root cause, we will tell them the recovery will not stick and recommend they reconsider. The contract refund clause protects them if we proceed and fail; the upfront honesty protects them from wasting money on recovery that gets reversed within weeks.

What information do you need to start a recovery engagement?

During the triage call, we capture: the symptoms (bounce codes, error messages, affected receivers), the timeline (when the issue started, what changed in the period leading up), the affected infrastructure (IPs, domains, sending platform, MTA configuration), the recent activity (campaigns sent in the last 14 days, volume patterns, content patterns), and any prior reputation incidents. We also need read access to Postmaster Tools data and SNDS if you have access (we can help set up access if you do not). For deeper diagnostic work, we may need read access to your mail server logs, your DMARC reports, or your sending platform admin views. We never need write access to anything; the customer team executes any changes.

How does this work for compromised account scenarios?

Compromised account recoveries are typically the most complex because the reputation damage is one part of a broader security incident. We coordinate with your security team or incident response team if you have one. Our scope is the email reputation recovery: identifying which infrastructure was affected, documenting the compromise impact for delisting submissions (Spamhaus and Microsoft both want this evidence), coordinating credential rotation timing with the delisting cycle, executing post-compromise re-warming. We do not do general security incident response (forensics, broader system rebuild, customer notification), but we work alongside whoever is doing that. Most compromise recoveries fit the Full Recovery + Re-warming engagement scope.

Can we add ongoing monitoring after the recovery completes?

Yes, and most recovery customers do. The /deliverability-monitoring product subscribes for €49 to €399 per month depending on scale, and the monitoring is configured to specifically watch for the failure pattern that caused this incident. Recovery customers get the first month of monitoring at half price as part of the engagement; the discount exists because the monitoring data from the recovery feeds directly into the monitoring baseline, which makes ongoing monitoring substantially more useful than starting from scratch. Most recovery customers stay on monitoring for 6 to 24 months; some stay permanently.

What is the difference between this and your /ip-warming product?

IP warming assumes you have a clean IP that needs reputation built up gradually (new dedicated IP, dormant IP being reactivated). Reputation recovery assumes you have a damaged IP that needs reputation rebuilt after damage. The remediation work is different: IP warming has no listings to clear, no damage to repair, just gradual reputation establishment from zero. Recovery includes diagnostic work, delisting coordination, remediation execution, then re-warming. Customers occasionally need both: a recovery engagement that determines the affected IP cannot be fully recovered, plus an /ip-warming engagement on a replacement IP. We coordinate the two if both apply to your situation.

Do you help with the executive communication during the incident?

Limited. We provide a written incident summary suitable for executive briefing as part of the closing report, and during active engagements we provide daily status updates that customers can forward to executive teams. We do not write executive communications or join executive briefings; the customer's internal team handles internal communication. For Custom engagements with severe business impact, we can include executive briefing support as an additional scope item; this is rare but it has happened for incidents affecting business operations significantly.

How do we know the engagement actually fixed the problem versus just got us through this incident?

The closing report documents what changed and what is monitored to detect recurrence. Customers who continue with /deliverability-monitoring afterward get explicit alerts if the conditions that caused this incident start recurring; that is the most reliable way to know the fix held. For customers who do not continue with monitoring, the absence of recurrence over 90 days is the typical confirmation. We do not provide guarantees beyond the engagement window; reputation work depends on ongoing customer behavior, and we cannot promise that a sender will not relapse into the practices that caused the original incident.

What is your stance on emergency engagements outside business hours?

Standard engagement starts within 24 to 48 hours of contract sign during business hours. For genuine emergencies (active business shutdown due to email failures, executive escalation), we can start within 4 to 8 hours including same-day on weekends, with a 50% emergency premium on the engagement price. The emergency premium covers the staff overtime and the displacement of other work. We document the emergency basis in the contract; if the situation does not actually warrant emergency status (we have seen "emergencies" that were really standard business-hours tickets dressed up), we will say so during the triage and refund the premium.

Do you handle reputation issues with niche or regional blacklists?

Yes if they have real impact on your audience, no if they do not. The diagnostic identifies which blacklists actually matter for your specific situation: a sender targeting US enterprise audiences cares about Spamhaus, Barracuda, Microsoft SNDS, and a few others; a sender targeting LATAM consumer audiences may care about regional Spanish-language lists, Mail.ru reputation, and others. We do not waste engagement time on lists with negligible impact on your audience. If you are listed on a regional list with significant impact on your audience, the engagement covers it. The triage call covers which lists matter for your specific situation.

Can recovery engagements work for customers using ESPs we do not operate?

Yes. Most recovery customers run their sending on someone else: SendGrid, Mailgun, AWS SES, their own PowerMTA on Hetzner, or various other infrastructure. The recovery engagement focuses on your IPs and domains regardless of what is producing the email. We coordinate with the ESP team where coordination helps (some ESPs are responsive to coordinated delisting submissions, others are slower) and we work around it where coordination does not help. The engagement does not require migrating to our infrastructure; about 70 percent of recovery customers stay on their existing ESP after recovery, and that is fine.

How does pricing scale for very large incidents (50+ IPs affected simultaneously)?

Custom engagement scoping based on actual incident shape. A 50-IP fleet recovery with a single root cause typically lands around €15,000 to €25,000 because the diagnostic and remediation phases are largely shared across IPs and only the delisting + re-warming work scales linearly. A 50-IP fleet recovery with multiple distinct root causes (often the case for compromised infrastructure) costs more, sometimes substantially more, because each root cause needs separate diagnostic and remediation work. The triage call covers the specific scope. Customers running ongoing fleet operations with recurring reputation incidents often shift to a retainer arrangement at €5,000 to €15,000 per month, which is a different product shape from one-time engagements.

How do you handle customer-side denial about the root cause?

Directly, on the triage call. Some customers arrive convinced the listing is unjust or that an external party caused it; the diagnostic sometimes confirms that, more often it identifies a customer-side cause the customer does not want to accept. We are explicit during the diagnostic about what the data shows. For incidents where the customer cannot or will not accept the root cause, the engagement does not proceed because the recovery will not stick: we refund the diagnostic fee minus the time already spent and recommend the customer reconsider. This is rare but it happens; we prefer the awkward conversation to taking the engagement fee on a recovery that will not work.

Can engagements be scoped for specific receivers only (e.g. Microsoft only)?

Yes, when that is the actual problem shape. Some incidents affect Microsoft-side reputation specifically without major Spamhaus or Google involvement; in those cases the engagement is scoped to Microsoft work (SNDS coordination, Outlook delivery rebuild, Microsoft sender support engagement). The pricing is the same as Recovery Engagement (€2,499) because the work intensity is similar even when the scope is narrower. For customers whose only problem is a single receiver issue, we can also recommend self-service paths if the situation is simple enough; not every Microsoft yellow status warrants a paid engagement.

What is your refund process if recovery does not stabilize?

Documented in the engagement contract. If reputation does not stabilize within the documented engagement window (14 days for Recovery, 42 days for Full Recovery + Re-warming), the customer chooses between full refund of the engagement fee or extended engagement at no additional charge. The choice is the customer's; we do not push one option over the other. Refunds process within 10 business days of the engagement window closing. Extended engagements run with the same terms as the original. We have not had to invoke the refund clause in the last 24 months but the clause exists because reputation work is probabilistic and the contract should be clean.

Do you provide written reports we can share with executives or legal teams?

Yes, and many customers need them. The closing report is structured so the technical sections (specific actions, monitoring metrics, alert thresholds) and the executive sections (incident summary, business impact, prevention measures) can be shared independently. For incidents involving compromise or potential legal implications (data breach disclosures, regulatory notifications), we coordinate with your legal team on what the report should and should not include; we have written reports to specifications from in-house counsel several times. The report is delivered as PDF with editable Word source if customizations are needed for internal distribution. Custom engagements can include legal-specific reporting at no additional charge if it is part of the original scope.

How to engage

Triage call first, contract second, engagement third

For active incidents, the triage call is the right starting point regardless of which engagement size you might end up with. The call is no charge and helps clarify whether DIY, Diagnostic-only, Recovery, or Full Recovery is the right shape. About 30 percent of triage calls conclude with a recommendation to DIY; the other 70 percent move to a contract within 24 to 48 hours.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment