DDMARC
Complete Email Authentication Suite

Every protocol. One platform.

Monitor DMARC, SPF, DKIM, MTA-STS, BIMI, ARC, and DANE from a single dashboard. Free MTA-STS and BIMI hosting included with all plans.

Start Free TrialView Pricing
10B+
Emails analyzed monthly
50K+
Domains protected
99.99%
Platform uptime
<1s
Report processing time
Free MTA-STS policy hosting + BIMI SVG logo hosting included with all plans — even the free tier!
How It Works

Get started in minutes

Simple setup process to start monitoring your email authentication.

1

Connect Your Domain

Add your domain and publish a DMARC record. We provide the exact DNS records to add.

2

Collect Reports

Email providers send aggregate and forensic reports to our dedicated endpoints.

3

Parse & Analyze

Our engine parses XML reports, enriches with geolocation, and identifies patterns.

4

Visualize & Alert

View insights in your dashboard and receive alerts for policy violations.

Protocols

Full email authentication coverage

Every major email authentication protocol, monitored and analyzed in real-time.

DMARC

Domain-based Message Authentication, Reporting & Conformance

The cornerstone of email authentication that ties SPF and DKIM together, enabling domain owners to protect their brand from phishing and spoofing attacks.

Key Benefits

Prevent email spoofing and phishing attacks
Gain visibility into who sends email on your behalf
Improve email deliverability rates
Meet compliance requirements (PCI-DSS, HIPAA, GDPR)

Platform Features

  • Aggregate (RUA) and forensic (RUF) report processing
  • Real-time policy violation alerts
  • Authentication pass/fail analytics
  • Sender source identification and geolocation
  • Policy recommendation engine
  • Subdomain policy inheritance tracking
  • Historical trend analysis
  • Failure forensics with sample messages
Standard:RFC 7489

DMARC Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

SPF

Sender Policy Framework

Define which mail servers are authorized to send email on behalf of your domain. Essential for preventing unauthorized senders from impersonating your organization.

Key Benefits

Block unauthorized email senders
Reduce spam and phishing from your domain
Improve sender reputation
Foundation for DMARC alignment

Platform Features

  • SPF record syntax validation
  • DNS lookup limit checker (10 lookup max)
  • Include/redirect chain analysis
  • Flattening recommendations
  • Real-time SPF pass/fail monitoring
  • Unauthorized sender detection
  • Void lookup detection
  • IPv4/IPv6 range optimization
Standard:RFC 7208

SPF Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

DKIM

DomainKeys Identified Mail

Cryptographically sign your emails to prove authenticity and integrity. Recipients can verify that messages haven't been tampered with in transit.

Key Benefits

Prove email authenticity cryptographically
Protect message integrity in transit
Build sender reputation over time
Enable DMARC alignment verification

Platform Features

  • DKIM signature validation
  • Selector discovery and monitoring
  • Key rotation tracking and alerts
  • Signature alignment analysis
  • Multiple selector support
  • Key strength recommendations (RSA/Ed25519)
  • Body hash verification
  • Header canonicalization analysis
Standard:RFC 6376

DKIM Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

MTA-STS

Free Hosting

Mail Transfer Agent Strict Transport Security

Enforce TLS encryption for incoming email to prevent man-in-the-middle and downgrade attacks. Ensures emails are always encrypted in transit.

Key Benefits

Enforce TLS encryption for all inbound mail
Prevent STARTTLS downgrade attacks
Protect against man-in-the-middle attacks
Improve overall email security posture

Platform Features

  • Free MTA-STS policy file hosting
  • Automatic .well-known endpoint serving
  • Policy mode management (testing/enforce)
  • TLS-RPT report processing
  • Certificate validation monitoring
  • MX record consistency checking
  • Policy versioning and history
  • Automatic HTTPS certificate management
Standard:RFC 8461

MTA-STS Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

BIMI

Free Hosting

Brand Indicators for Message Identification

Display your brand logo in supported email clients, increasing brand recognition and trust. Requires DMARC enforcement policy.

Key Benefits

Display brand logo in email clients
Increase email open rates by up to 10%
Build trust with visual brand verification
Stand out in crowded inboxes

Platform Features

  • Free SVG logo hosting
  • VMC (Verified Mark Certificate) support
  • Logo format validation (SVG Tiny PS)
  • BIMI record generator
  • Email client compatibility checker
  • Logo display preview across clients
  • CMC (Common Mark Certificate) support
  • Automatic format conversion assistance
Standard:RFC 9495

BIMI Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

ARC

Authenticated Received Chain

Preserve authentication results when emails are forwarded through intermediaries like mailing lists, ensuring legitimate forwarded mail isn't rejected.

Key Benefits

Maintain authentication through forwarding
Reduce false positives from mailing lists
Trace email path through intermediaries
Improve delivery of forwarded emails

Platform Features

  • ARC chain validation
  • Forwarding path analysis
  • Mailing list authentication tracking
  • ARC seal verification
  • Chain break detection
  • Intermediary reputation scoring
  • ARC-Authentication-Results parsing
  • Chain integrity verification
Standard:RFC 8617

ARC Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47

DANE/TLSA

DNS-based Authentication of Named Entities

Use DNSSEC to authenticate TLS certificates for email servers, providing cryptographic proof that you're connecting to the right server.

Key Benefits

Cryptographic server authentication via DNS
Eliminate reliance on certificate authorities
Prevent certificate misissuance attacks
Strongest email transport security

Platform Features

  • TLSA record monitoring
  • Certificate pinning validation
  • DNSSEC chain verification
  • MX to TLSA mapping
  • Rollover detection and alerts
  • Compatibility reporting
  • Usage type verification (PKIX-TA/EE, DANE-TA/EE)
  • Certificate association validation
Standard:RFC 7672

DANE/TLSA Dashboard

Real-time monitoring and analytics

Pass Rate
98.5%
Failures Today
23
Sources Detected
47
Deployment Guide

Path to full DMARC enforcement

Follow our proven methodology to safely deploy DMARC from monitoring to full enforcement.

Phase 1p=none

Monitor

Week 1-2

Deploy DMARC in monitoring mode to collect data about all email sources without affecting delivery.

  • Publish DMARC record with p=none
  • Configure report collection
  • Identify all legitimate sending sources
  • Document third-party senders
Phase 2p=none

Analyze

Week 3-4

Review authentication results, configure SPF/DKIM for all legitimate senders, and fix alignment issues.

  • Review aggregate reports
  • Configure SPF for all senders
  • Enable DKIM signing
  • Fix alignment failures
Phase 3p=quarantine

Quarantine

Week 5-6

Move to quarantine policy to start filtering suspicious emails while monitoring for false positives.

  • Update to p=quarantine
  • Monitor quarantine rates
  • Review forensic reports
  • Adjust as needed
Phase 4p=reject

Enforce

Week 7+

Full enforcement mode. Unauthorized emails are rejected, protecting your domain from abuse.

  • Upgrade to p=reject
  • Enable BIMI for brand display
  • Configure MTA-STS
  • Ongoing monitoring
Use Cases

Trusted by security-conscious organizations

See how different industries use DDMARC to protect their email communications.

Enterprise Security

Protect your organization from CEO fraud, vendor impersonation, and targeted phishing attacks.

90% reduction in spoofing attempts

Financial Services

Meet regulatory requirements for email security and protect customers from fraud.

PCI-DSS, SOX compliance ready

Healthcare

Secure patient communications and protect against HIPAA violations from email spoofing.

HIPAA-compliant email security

Government

Implement BOD 18-01 requirements and protect citizens from domain impersonation.

FedRAMP ready architecture
Platform

Built for teams and enterprises

Powerful tools to manage email authentication at scale.

Automatic Report Collection

Connect IMAP/POP3/Graph API mailbox for automatic DMARC report fetching. No manual uploads needed.

IMAP/POP3 support
Microsoft Graph API
Google Workspace API
Custom webhook ingestion

Visual Analytics Dashboard

Interactive charts for authentication results, trends, source IP analysis, and geolocation maps.

Real-time dashboards
Custom date ranges
Drill-down analysis
Exportable charts

Multi-Domain Management

Monitor unlimited domains from a single dashboard with organization-based access control.

Unlimited domains (Pro+)
Domain grouping
Bulk operations
Cross-domain analytics

Smart Alerting

Real-time alerts for policy violations, new senders, authentication failures, and anomalies.

Email notifications
Slack/Teams webhooks
PagerDuty integration
Custom thresholds

Team Collaboration

Role-based access control with admin, member, and viewer permissions. SSO/SAML support.

RBAC permissions
SSO/SAML 2.0
Audit logging
Team workspaces

Real-time Processing

Reports processed instantly as they arrive. Sub-second query performance on analytics.

Instant processing
Sub-second queries
Streaming updates
No batch delays

API Access

Full REST API for integration with your security tools, SIEM, and automation workflows.

RESTful API
Webhook callbacks
OpenAPI spec
Rate limiting

Comprehensive Reports

Executive summaries, compliance reports, and detailed technical breakdowns. Export to PDF/CSV.

Scheduled reports
PDF/CSV export
Custom templates
Compliance reports
Integrations

Works with your existing stack

Seamlessly integrate with email providers, marketing tools, and security platforms.

Microsoft 365Email Provider
Google WorkspaceEmail Provider
Amazon SESSending Service
SendGridSending Service
MailchimpMarketing
HubSpotMarketing
SalesforceCRM
ZendeskSupport
SplunkSIEM
DatadogMonitoring
PagerDutyAlerting
SlackCommunication

Need a custom integration? Contact us

Trust & Compliance

Enterprise-grade security and compliance

Built with security, privacy, and reliability as core principles.

SOC 2 Type II

Certified for security, availability, and confidentiality controls. Audited annually by independent third party.

ISO 27001

Information security management system certified. Comprehensive risk management framework.

Privacy-First

GDPR compliant. Your data is never shared or sold. Data residency options in US, EU, and APAC.

Security-First

End-to-end encryption, zero-trust architecture, regular penetration testing, bug bounty program.

IPv6-First

Full IPv6 support across all services. Dual-stack infrastructure for modern networks.

99.99% Uptime

Enterprise SLA with multi-region redundancy and automatic failover. Real-time status page.

Start protecting your domain today

Ready to secure your email?

Start monitoring your DMARC reports today. Free 14-day trial, no credit card required.

Get Started FreeContact Sales