Most ecommerce founders delete unsolicited site-audit emails on sight. I read every one of them, even the ones that look like obvious cold-outreach spam from a random address. The reason is the cost of being wrong. One legitimate signal in a hundred junk emails is worth more than the hour it takes to skim them, because the legitimate signal is almost always something that has been quietly breaking the store for weeks.
A few days ago one of my clients went to a small Liverpool ecommerce meetup organised specifically for merchants. Small businesses turned up looking for feedback. I pulled a business card afterwards and ran a quick check on the site. SimilarWeb showed low traffic, which already suggested the operator could use the help. When I looked at the setup, the site was not responding at all on http://yourstore.co.uk and only working on www. That is the kind of thing a normal customer never reports and a normal owner never notices.
MageCloud Founder Inbox Note
What an Unsolicited Site-Audit Email Actually Looks Like
THE EMAILS MOST FOUNDERS DELETE
Unsolicited site-audit notes
The signal-to-noise ratio looks bad. The signal that does come through is usually worth the inbox time.
THE TELL IT IS REAL
A specific URL with a specific symptom
“Your http version returns nothing” is the format of someone who actually looked. Marketing pitches do not name URLs and symptoms.
WHAT TO DO ABOUT IT
Skim, do not delete
Three minutes per morning. The one email that matters lands a few times a year and the cost of missing it is significant.
Paul Ryazanov · MageCloud · ten years reading inbox traffic from across the ecommerce ecosystem
Why the First Move Was to Email the Owner
When I find a real problem on a stranger’s site, the first move is not to write a blog post about it. It is to try to tell the owner. I sent an email to the address on the business card and a message through the live chat on the site. The email bounced with a delivery failure, which itself was a useful diagnostic. The live chat delivered the message.
The owner read the chat and replied that everything was working for them without issue. That answer is the wrong answer to give a customer reporting a specific URL with a specific symptom. The right answer is to open the URL on a phone with a fresh browser and check, then come back and confirm or push back with evidence. The same instinct sits behind the daily monitoring stack I run on every ecommerce site. If a stranger is willing to tell you for free that part of your store is broken, the only mistake is not investigating before answering.
The Format That Tells You an Email Is Worth Reading
Real site-audit emails have a shape that marketing spam does not. They name a URL. They describe a symptom. They sometimes include a screenshot or a step-by-step reproduction. They almost never include a pitch for paid work, or a list of “10 ways to grow your revenue,” or a promise of a free strategy session. The sender is usually a developer, an agency operator, or another founder who happened to notice a tell and could not let it sit unreported.
The format gives you a fast filter. If the email names a specific page and a specific behaviour, read it. If the email opens with “I noticed your site could be improved” and never gets more concrete, delete it. Three minutes per morning of this filter is all that is required, and the one signal a quarter is usually a problem that would have cost real revenue if it had run another six months unfixed.
Why “It Works for Us” Is the Wrong First Response
The response the Liverpool owner sent back is the same response I have seen across hundreds of inbound notes about small problems. “Everything is working for us.” That answer assumes the reporter is wrong and the operator is right. It is almost always the other way around. The reporter has tested from a perspective the operator never tests from, on a setup the operator never uses, at a URL the operator never types in.
What the right response looks like is genuinely simple. Open the reported URL in a private browser window on a different device than the one you usually use. If it works there, ask the reporter for one more detail and try again from the same conditions they tried. The cost of doing this is one minute. The cost of not doing it is occasionally a multi-week silent revenue leak that the next customer is going to hit and not bother to report. The same principle is at the centre of how MageCloud earns trust without contracts or retainers: the relationship is built by reading the inbound feedback and acting on it, not by setting up barriers to receiving it.
What Reading Every Email Has Caught for MageCloud
We get a lot of inbound on our own MageCloud sites. A real chunk of it is from India, which is the same kind of inbound that most founders treat as default spam. I read all of it. Most of it is what you would expect. A meaningful portion is not. The notes from outside our usual customer base have flagged broken redirect chains, busted checkout flows on a specific OS version, a Cloudflare rule that was silently blocking a country we sell into, and several SEO issues that did not surface in any of our own scans. None of those would have hit our internal monitoring because the symptoms were specific to user conditions we do not regularly test.
The cost of reading every one of those emails is real but small. The cost of one of them being right and going unread is occasionally significant. The maths is not close.
The One Email That Pays for the Whole Habit
You might get one email this year that matters. Just one. But sometimes it is the one that names the broken thing nobody else has the right combination of access and curiosity to catch. The founders I trust treat that one email as the entire return on the habit and stop arguing with themselves about the rest of the inbox.
If you are running a store and the next site-audit email lands in your inbox tomorrow morning, the move is to skim it before deleting. If the email names a URL and a symptom, open the URL and check. If the email is generic and pitchy, delete it without guilt. The cost of the filter is small enough that running it forever is the right default.
Where to Find Me Next
If you want to swap the strangest unsolicited site-audit email you have ever received, or compare notes on the inbound habits that actually pay off, come find me at the next Ecommerce Camp UK. The marketplace room always has at least one of these stories going.
Related reading: Run the Spam Email’s Own Website Through PageSpeed. The sixty-second test that sorts the inbox before you spend real attention on it.