How to implement internal QA and approval workflows to prevent repeats?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Most email mistakes don't happen because someone was careless. They happen because there was no process to catch them. A QA and approval workflow is what stands between a rushed send and a deliverability crisis, or worse, a blast to people who unsubscribed last week.
Here's how to build one that actually holds.
Step 1: Define who owns what
Before you build any checklist, you need clarity on roles. Someone writes the campaign. Someone reviews it. Someone approves it. Those can't all be the same person. Even in a small team, a second set of eyes on content, list selection, and settings is the minimum bar. For anything touching DNS or authentication changes, that approval should come from whoever owns your technical infrastructure.
Step 2: Run a pre-send checklist on every campaign
A checklist sounds basic, but most teams don't use one consistently. Build it into your process as a non-optional step. It should cover at minimum:
- Subject line and preview text reviewed (no typos, no misleading copy)
- Correct list or segment selected and confirmed
- Suppression list applied (unsubscribes, complaints, bounces)
- Send time, from name, and reply-to all correct
- Links tested and working
- Unsubscribe link present and functional
So this checklist should be signed off by the reviewer, not just the sender. In tools like HubSpot, Brevo, or ActiveCampaign, you can build approval steps directly into the campaign workflow so nothing can be sent without sign-off.
Step 3: Verify lists before every upload
But the list is where most disasters start. Uploading the wrong list or a stale one can tank your sender reputation in a single send. Before any list goes into your ESP, document where it came from, when it was last collected, and whether it's gone through validation. If the source isn't documented, it doesn't get uploaded. That's the rule.
For older or unfamiliar lists, run them through a validation service before touching your sending infrastructure. (We clean lists if you need a hand ;))
Step 4: Gate infrastructure changes separately
DNS records, authentication settings, sending domain changes, these need their own approval track. They're not campaign edits. A well-meaning change to an SPF record that breaks your configuration can cause immediate delivery failures across everything you send. Require written documentation of what changed, why, and who approved it. Then test after every change, not before you go home.
Step 5: Use staged sends for anything at scale
For large or high-stakes campaigns, don't send to everyone at once. Send to a small segment first, maybe 5-10%, wait an hour, and check your bounce rate, complaint signals, and any early open data. If something looks off, you still have time to pull the rest. This alone has saved more than a few teams from a full-scale deliverability crisis.
Step 6: Log everything
When something goes wrong, you need to be able to trace it back. Keep a record of who approved each campaign, what list was used, what settings were active at send time, and any changes made in the 48 hours before. Shared logins and untracked changes make this nearly impossible, which is exactly why individual accounts and an audit trail matter so much.
None of this needs to be complicated. A shared doc, a Slack thread, a built-in ESP approval step. The format doesn't matter as much as the habit. The goal is that no campaign leaves without two people having looked at it and one person having signed off.
If you're not sure whether your current setup has gaps, reach out and we'll take a look with you.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.