Skip to content
DDMARC
Built on SOC 2 & ISO 27001-certified infrastructure

Stop email spoofing. See every sender.

Real-time DMARC, SPF, and DKIM monitoring with managed MTA-STS and BIMI hosting included. Built for SMBs and MSPs on SOC 2-aligned infrastructure.

Start Free TrialSee How It Works
No credit card required
14-day free trial
Cancel anytime
Small business? Free in 5 minutesMSP or agency? See partner pricing
Authentication stream
yourdomain.com
  1. 03:24:18
    newsletter@yourdomain.com
    198.61.254.91·Mailgun
    Deliver
    aligned
  2. 03:24:15
    ceo@yourdomain.com
    185.220.101.34·unknown ASN
    Reject
    display-name spoof
  3. 03:24:12
    support@yourdomain.com
    40.107.243.85·Microsoft 365
    Deliver
    aligned
  4. 03:24:09
    billing@yourdomain.com
    54.240.48.18·Amazon SES
    Deliver
    aligned
  5. 03:24:06
    hr@yourdomain.com
    104.214.55.20·Workday
    Deliver
    aligned
1,247 checks · last 60sprocessing
Built for scale
Billions of auth events
6 regions
Global data centers
AES-256
Encryption end-to-end
IPv6-first
Dual-stack network

Check Your Domain's Email Security

Free comprehensive analysis with 15+ security checks and instant grade

15+ Security Checks Including:
DMARC
SPF
DKIM
MTA-STS
BIMI
TLS-RPT
MX
DNSSEC
Blacklist
IPv6
+5 more
Free forever. No signup required.Results in 30 seconds with DNS fix recommendations.

Works with the email stack you already pay for

Microsoft 365Microsoft 365
Google WorkspaceGoogle Workspace
Amazon SESAmazon SES
SendGridSendGrid
MailchimpMailchimp
MailgunMailgun

+any RUA/RUF-emitting receiver — ISPs, regional ESPs, on-prem MTAs

From zero to p=reject

Three steps. No XML wrangling.

Most teams ship a working DMARC policy in 4–6 weeks. The boring part is observability — we handle it.

012 min

Add your domain

Drop one TXT record into your DNS. Works with Cloudflare, Route 53, GoDaddy, Namecheap — any DNS provider.

  • Step-by-step wizard
  • Validates as you paste
  • Rollback in one click
DNS · TXT record
Name:   _dmarc.yourdomain.com
Type:   TXT
TTL:    3600
Value:  "v=DMARC1;p=none;rua=mailto:reports@ddmarc.com;adkim=r; aspf=r;fo=1"
validated148 ms
0224–48 hrs

Reports start landing

Google, Microsoft, Yahoo and every other receiver start sending aggregate reports to us. We parse the XML so you never have to.

  • First report in <48h
  • Forensic + aggregate
  • No mailbox to manage
Aggregate reports · last 24h290 total
google.com
142
outlook.com
89
yahoo.com
37
comcast.net
14
fastmail.com
8
XML parsed · readable views ready
032–6 weeks

You ship enforcement

Walk from p=none to p=reject without breaking a single legit sender. Policy Simulator shows the blast radius before any DNS change.

  • Sender-by-sender view
  • Simulate before you apply
  • Alert on regression
Enforcement path · yourdomain.com
p=none
Observe · day 1
p=quarantine
Partial · week 2
pct=25
Ramp · week 4
p=reject
Enforce · week 6
Start in 2 minutes

Free forever for 1 domain · No credit card

What you actually get

Built for the boring middle of DMARC.

Going from p=none to p=rejecttakes most teams 4–12 weeks. We make the middle observable, reversible, and fast.

Policy Simulator

See the blast radius before you enforce.

Replay the last 30 days against any policy. Which senders break under p=reject? Which ESPs need a DKIM key first? Answer before you touch DNS.

Aligned mail · projectionlast 30d
p=none
78%
p=quarantine
94%
p=reject
99%
3 senders need a DKIM key before p=reject

ARC Chain Monitoring

Track authentication across forwarders — mailing lists, alumni redirects, calendar forwarders — without false rejects.

ARC-Seal: i=1 cv=none
ARC-Seal: i=2 cv=pass
ARC-Seal: i=3 cv=pass

TLS-RPT Monitoring

Catch downgrade attacks and expired certs across every mail route. The transport-layer half of email security that nobody else watches.

TLS 1.3
1 downgrade
DMARC Reporting
Aggregate + forensic XML parsed into readable views.
Real-time Analytics
Pass/fail rates, sender breakdowns, weekly trends.
Failure Analysis
Group failures by sender, IP, and root cause.
Multi-Domain
All domains in one console with RBAC.
Security Insights
Alerts on suspicious activity and policy violations.
Smart Alerts
Slack, Teams, Discord, Telegram, webhooks.
Audit Log
Full trail of config and team actions.
Team Collaboration
Roles, scopes, and invite flows.
DNS Health Monitoring
SPF/DKIM/DMARC/MTA-STS/BIMI/TLS-RPT watched 24/7.

Every paid plan ships with managed MTA-STS + BIMI hosting. No add-ons.

Full feature list
Switching from another tool?

See how DDMARC compares

Migration is a DNS change. Run both tools in parallel for one billing cycle, then cut over.

DDMARC vs
EasyDMARC

vs. our MSP commitment tiers

Compare side-by-side
DDMARC vs
Dmarcian

vs. our managed hosting

Compare side-by-side
DDMARC vs
Agari (Fortra)

vs. enterprise-only pricing

Compare side-by-side
Using something else?
Point rua= → done

Works with any DMARC tool. Reports flow in under 48 hours.

Migration guide
Built for everyday operators

One keystroke from anywhere to anywhere.

Most DMARC dashboards make you click through 6 menus to find a sender. Hit ⌘K and ours surfaces it in two characters.

DDMARC · console⌘K
Open simESC
  • Go to domain
    newsroom.example.com
    GD
  • Open simulator
    Project p=reject impact
    SP
  • Invite teammate
    Org · Security & Ops
    IT
  • Inspect sender
    billing@yourdomain.com
    IS
↑↓ navigate↵ select4 of 142 actions
Keyboard-first
Every action reachable from ⌘K. Full WCAG 2.1 AA keyboard navigation.
Personalized views
Security focus, compliance, analytics, or executive — switch in one keystroke.
Mobile-first
Native swipe, pull-to-refresh, touch targets sized for thumbs.
Tour the dashboard
Integrations

Reports in. Alerts out.

Receive aggregate reports from every major receiver. Push alerts to wherever your team already lives.

Receive from
  • Microsoft 365
    Exchange Online aggregate
  • Google Workspace
    Gmail DMARC reports
  • Yahoo Mail
    Standard RUA/RUF
  • Apple iCloud Mail
    Consumer receiver coverage
  • Any RUA sender
    Standard DMARC format
Send to
  • Slack
    Channel + DM routing
  • Microsoft Teams
    Webhook-based posting
  • Discord
    Channel webhooks
  • Telegram
    Bot + group support
  • Email digest
    Daily / weekly summaries
  • Custom webhook
    Any POST endpoint
REST API · Webhooks · CSV/PDF export
Full programmatic access. Build whatever your pipeline needs.
API docs
MSP & agency program

White-label DMARC at partner economics.

From $299/mo for 100 domains, then $2.99/domain. Managed MTA-STS & BIMI hosting included — no per-feature add-ons.

See partner program
Security & Privacy

One posture report. No marketing.

Built on SOC 2 + ISO 27001 certified infrastructure with zero-trust controls. Below is what we ship — honestly labeled.

DDMARC · security posture
Continuously monitored · audited by PlatOps Security
Operational99.99% SLA
In progress
SOC 2 Type II
Built on PlatOps Security infrastructure (certified). DDMARC product audit in progress.
In progress
ISO 27001
Inherited from PlatOps Security ISO-certified controls. DDMARC product audit in progress.
Active
GDPR
Full alignment with EU data protection. Data residency in US, EU, or APAC.
Key controls
  • End-to-end encryption
    TLS 1.3 in transit · AES-256-GCM at rest
  • Zero-trust architecture
    Every request authenticated and authorized
  • Hardware security modules
    FIPS 140-2 Level 3 certified HSMs
  • IPv6-first network
    Modern dual-stack across all services
  • Data residency
    Choose: US, EU, or APAC
  • Privacy by design
    Data minimization + automatic retention
6 regions · IPv4 + IPv6 · AES-256Full security practices

Penetration testing and vulnerability assessments run quarterly. Incident reports published to /security/incidents.

FAQ

Questions, grouped by what you're trying to do.

Getting started

Migrating from another tool

Pricing & trial

Security & data

Free to start · 14-day trial · no card

From spoofed to enforced.

p=none
5 min
p=quarantine
Week 2
p=reject
Week 4–6
Get started freeTalk to sales

Drop to free Monitor plan on day 15 · no charge unless you opt in