Email Deliverability Audit
Read-only: scans the customer database for malformed emails, role accounts, disposable domains, and bounce-suspect patterns to protect sender reputation.
shopify-admin-email-deliverability-audit
Purpose
Scans the entire customer list and flags addresses that will hurt email deliverability if included in marketing sends: syntactically invalid addresses, role accounts (info@, admin@, sales@), known disposable / temporary domains, and suspected hard-bounce patterns. Output is a suppression list ready to import into your email platform. Read-only — no mutations.
Prerequisites
shopify store auth --store --scopes read_customers read_customersParameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| store | string | yes | — | Store domain (e.g., mystore.myshopify.com) |
| marketing_consent_only | bool | no | true | Only scan customers who currently accept marketing — those are the ones at risk of being mailed |
| disposable_domains | array | no | built-in list | Override built-in disposable-domain list |
| role_localparts | array | no | ["info","admin","sales","support","contact","noreply","help","webmaster","postmaster"] | Local-part prefixes to flag as role accounts |
| format | string | no | human | Output format: human or json |
Safety
> ℹ️ Read-only skill — no mutations are executed. Safe to run at any time. No emails are sent, no marketing consent is changed.
Detection Rules
For each customer email, run these checks in order and assign one or more flags:
invalid_syntax — fails RFC 5322 local-part / domain validation, missing @, contains whitespace, double dots, leading/trailing dotrole_account — local part exactly matches a role_localparts entry (case-insensitive)disposable_domain — domain matches the disposable-domain list (mailinator, guerrillamail, tempmail-style domains, etc.)plus_alias — contains + in local part (informational; not a deliverability problem on its own, but useful for de-duplication)bounce_suspect — heuristics: numeric-only local part, length > 64 chars, ALL-CAPS, repeated characters (aaaaa), keyboard rolls (asdfghjk)duplicate — same normalized email already seen in the customer setA customer can carry multiple flags; the most severe (invalid_syntax > bounce_suspect > disposable_domain > role_account > plus_alias) drives the recommended action.
Workflow Steps
customers — query Inputs: first: 250, select id, defaultEmailAddress { emailAddress, marketingState }, numberOfOrders, tags, pagination cursor. If marketing_consent_only: true, filter query: "email_marketing_state:subscribed"
Expected output: All targeted customers with email; paginate until hasNextPage: false
GraphQL Operations
# customers:query — validated against api_version 2025-01
query DeliverabilityAudit($query: String, $after: String) {
customers(first: 250, after: $after, query: $query) {
edges {
node {
id
displayName
defaultEmailAddress {
emailAddress
marketingState
}
numberOfOrders
amountSpent {
amount
currencyCode
}
tags
createdAt
}
}
pageInfo {
hasNextPage
endCursor
}
}
}
Session Tracking
Claude MUST emit the following output at each stage. This is mandatory.
On start, emit:
╔══════════════════════════════════════════════╗
║ SKILL: Email Deliverability Audit ║
║ Store: <store domain> ║
║ Started: <YYYY-MM-DD HH:MM UTC> ║
╚══════════════════════════════════════════════╝
After each step, emit:
[N/TOTAL] <QUERY|MUTATION> <OperationName>
→ Params: <brief summary of key inputs>
→ Result: <count or outcome>
On completion, emit:
For format: human (default):
══════════════════════════════════════════════
EMAIL DELIVERABILITY AUDIT
Customers scanned: <n>
Subscribed customers: <n>
─────────────────────────────
Invalid syntax: <n> (<pct>%) 🔴 suppress
Role accounts: <n> (<pct>%) ⚠️ suppress
Disposable domains: <n> (<pct>%) ⚠️ suppress
Bounce-suspect patterns: <n> (<pct>%) ⚠️ review
Plus aliases: <n> (<pct>%) ℹ️ informational
Duplicates: <n> (<pct>%) ℹ️ informational
Recommended suppression: <n> (<pct>% of subscribed)
Output: deliverability_audit_<date>.csv
══════════════════════════════════════════════
For format: json, emit:
{
"skill": "email-deliverability-audit",
"store": "<domain>",
"customers_scanned": 0,
"flags": {
"invalid_syntax": 0,
"role_account": 0,
"disposable_domain": 0,
"bounce_suspect": 0,
"plus_alias": 0,
"duplicate": 0
},
"recommended_suppressions": 0,
"output_file": "deliverability_audit_<date>.csv"
}
Output Format
CSV file deliverability_audit_ with columns:
customer_id, email, flags, recommended_action, marketing_state, order_count, total_spent, created_at
recommended_action is one of: suppress, review, keep.
Error Handling
| Error | Cause | Recovery |
|---|---|---|
THROTTLED | API rate limit exceeded | Wait 2 seconds, retry up to 3 times |
| Customer with no email | Phone-only / POS account | Skip, do not include in suppression list |
| Disposable list out of date | New temp-mail domain not in built-in list | Caller can override via disposable_domains parameter |
| Unicode local parts | Internationalized email addresses | Normalize via NFC; do not flag valid IDN domains |
Best Practices
role_account flags as soft-suppression: those addresses rarely consent to marketing meaningfully and frequently mark mail as spam.marketing-consent-report to confirm consent state aligns with what your email service provider has on file.