Most domains are exposed. Is yours?
Without DMARC enforcement, your domain is vulnerable to email spoofing — where attackers send fraudulent messages that appear to come from you. Domain spoofing erodes customer trust and triggers compliance failures. Google, Microsoft, and Yahoo now reject unauthenticated email. PCI DSS 4.0 made DMARC mandatory. NIS2 carries penalties up to €10M.
of domains lack any DMARC record
Based on our scan of 5.5 million domainsof implementations stall at p=none
Based on our scan of 5.5 million domainsaverage cost of a data breach
IBM Cost of Data Breach 2024DMARCguard provides email spoofing protection that takes you from exposed to enforced — with clear steps, not just dashboards.
DMARC Enforcement: From p=none to p=reject
DMARC enforcement is the process of moving your domain's DMARC policy from monitoring (p=none) through quarantine (p=quarantine) to full rejection (p=reject) — where spoofed emails are blocked entirely.
Most domains stall at p=none — leaving them without email spoofing protection. Without visibility into who's sending on your behalf, tightening policy means risking legitimate mail getting blocked.
DMARCguard solves this with a three-stage enforcement workflow:
We identify every sending source by name (Mailchimp, Google Workspace, SendGrid — not raw IPs) so you know exactly who's authorized.
Our policy wizard shows you what will break before you change anything. Review alignment failures, fix SPF/DKIM misconfigurations with our DMARC generator, and confirm every legitimate sender passes.
Graduate to p=reject with confidence. Ongoing monitoring alerts you if anything changes after enforcement.
Most domains reach p=reject in 6 weeks with guided enforcement.
Built for the teams that own email security
Whether you're proving compliance, managing client domains, or automating infrastructure — DMARCguard speaks your language.
IT Security Teams
PCI DSS 4.0 deadline hit. Get compliance evidence in one click. Move from p=none to p=reject with guided enforcement. Exportable PDF reports for your auditor.
See plans →Managed Service Providers
200 domains, one dashboard. Bulk import via CSV, apply policy templates across clients, white-label the interface. API-first architecture for full data portability.
Talk to us about MSP pricing →DevOps & Platform Teams
REST API at every tier. 17 MCP tools for your AI stack. Full CSV/JSON export. Zero vendor lock-in.
See the protocol stack →Email Spoofing Protection Built on RFC Standards
RFC-strict implementation
Every parser maps directly to the specification. DMARC (RFC 7489), SPF (7208), DKIM (6376), MTA-STS (8461), TLS-RPT (8460), ARC (8617), DANE (7672).
Your data stays yours
SOC 2-ready architecture. GDPR by design. Full audit trail on every action.
Compliance without the guesswork
PCI DSS 4.0 Req 5.4.1, NIS2 alignment, exportable evidence for auditors — all built in.
50+ services identified automatically
Mailchimp, SendGrid, Google Workspace, Amazon SES — DMARCguard names your sending sources instead of showing raw IP addresses.
Every protocol. One platform.
SPF, DKIM, and DMARC form the foundation of email authentication. DMARCguard monitors all three plus 6 more — 7 free, DANE and ARF from Pro. Others gate basic protocols behind premium plans.
DMARC
Stop spoofed emails from reaching your recipients
RFC 7489SPF
Declare which servers can send email for your domain
RFC 7208DKIM
Prove emails weren't tampered with in transit
RFC 6376BIMI
Display your brand logo in recipients' inboxes
IETF DraftMTA-STS
Force encrypted email delivery — no downgrades
RFC 8461TLS-RPT
See when email encryption fails between servers
RFC 8460ARC
Preserve authentication through forwarding chains
RFC 8617DANE
Pin certificates to DNS — EU NIS2 compliance
RFC 7672ARF
Process abuse feedback reports with root-cause analysis and severity scoring
RFC 5965What you get that others don't
We built DMARCguard around the gaps every other tool leaves open.
| What you get | DMARCguard | EasyDMARC | dmarcian | PowerDMARC |
|---|---|---|---|---|
| 5 domains for under $50/mo | $39/mo | ~$90/mo | $240/mo | ~$60/mo |
| All 9 protocols — 7 free, 2 from Pro | 7 free, all 9 from $39/mo | Gated | DMARC only | Gated |
| See named senders, not raw IPs | 50+ services | Partial | ✕ | Partial |
| Step-by-step remediation guidance | Actionable fixes | Basic | Basic | Basic |
| ARC chain analysis | Full RFC 8617 | ✕ | ✕ | ✕ |
| DANE/TLSA validation | Full RFC 7672 | ✕ | ✕ | ✕ |
| API access without enterprise pricing | Pro tier | Enterprise only | Plus ($2,388/yr) | Enterprise only |
| Transparent, published pricing | All tiers public | ✓ | Hidden tiers | ✓ |
One Platform for DMARC Monitoring, Enforcement, and Compliance
Whether you're enforcing policy, proving compliance, or integrating with your stack — DMARCguard meets you where you are.
- Named sender identificationSee "Mailchimp" and "Zendesk", not raw IP addresses
- Step-by-step remediationActionable fixes, not just red/green dashboards
- A–F compliance scoringKnow exactly where every domain stands
- Smart alertingEmail, Slack, Teams, webhooks — get notified before issues escalate
- Named sender identificationSee "Mailchimp" and "Zendesk", not raw IP addresses
- Step-by-step remediationActionable fixes, not just red/green dashboards
- A–F compliance scoringKnow exactly where every domain stands
- Smart alertingEmail, Slack, Teams, webhooks — get notified before issues escalate
- PCI DSS 4.0 audit-readyRequirement 5.4.1 covered out of the box
- Exportable PDF reportsOne-click evidence for auditors
- Full audit trailEvery change logged, every action timestamped
- Role-based accessGive auditors read-only views, admins full control
- REST API at every tierNo enterprise paywall for programmatic access
- AI-ready with MCP tools17 tools for LLM-powered monitoring
- Webhooks & alertingPush events to Slack, Teams, PagerDuty, or any URL
- GitHub integration & CI/CD hooksAutomate domain onboarding and policy changes from your pipeline
How DMARC Monitoring Works
Discover
Add your domain and publish one DNS record. We scan your configuration and start collecting DMARC aggregate reports within minutes.
Configure
See exactly what’s misconfigured. Get copy-paste DNS fixes for SPF, DKIM, and DMARC — with our policy wizard guiding each step.
Enforce
Graduate from p=none to p=reject with confidence. Monitor ongoing compliance and get alerted when anything changes.
Most domains reach p=reject in 6 weeks with our guided policy wizard.
See DMARCguard in action
Every view designed to turn data into action.
Domain health at a glance — compliance grade, sender breakdown, and trend charts
See Mailchimp, Google Workspace, and SendGrid — not raw IP addresses
Step-by-step guidance from p=none to p=reject with confidence scores
One-click compliance evidence with exportable PDF reports for auditors
All 9 protocols scored and graded with copy-paste DNS fix recommendations
Ask questions about your email security in plain language. Get instant answers about compliance status, failing sources, and next steps — powered by 17 MCP tools.
DMARC Compliance Evidence for PCI DSS 4.0 and NIS2
PCI DSS 4.0 Requirement 5.4.1 mandates DMARC for any organization handling payment data. NIS2 carries penalties up to €10M for non-compliance. DMARCguard provides audit-ready compliance evidence — including compliance scoring, PDF reports for auditors, and a full audit trail of every policy change. Track your DMARC compliance status across all domains from one dashboard.
One plan. Every protocol. Every feature.
Start free with 2 domains. Go Pro for everything — $39/mo.
Founding Member — $39/mo forever. First 100 customers lock in 40%+ off. Permanently.
Hobbyist
For individuals getting started
For Personal Projects
- 2 domains
- 7 protocols
- 30 days data retention
- 5 AI queries/day
- Community support
Pro
Everything you need for email security
10 domains included · $5/extra
- 10 domains included
- 10 team members
- 1 year data retention
- All 9 protocols
- Unlimited AI
- Email support (24hr)
Enterprise
Unlimited scale with dedicated support
Custom plan · Dedicated support
- Unlimited domains
- Unlimited users
- Unlimited retention
- SAML SSO + SCIM
- SIEM integrations
- Priority support (4hr SLA)
We built DMARCguard because every DMARC monitoring tool we tried made the same mistake: they showed us data and expected us to figure out the rest. We read every RFC. We mapped every protocol. Then we built the tool we wished existed — one that tells you exactly what's wrong and exactly how to fix it.
We built it for clarity — because complexity shouldn't mean ugly, and security tools shouldn't require a PhD to use.
— The DMARCguard Team
110 GitHub stars in organic growth. Born from frustration. Built for clarity.
Frequently asked questions
What does DMARCguard actually do?
DMARCguard monitors your email authentication protocols — all 9 of them (DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, DANE, ARF) — from a single dashboard. It collects your DMARC aggregate reports, identifies who’s sending email on your behalf, and gives you step-by-step guidance to reach full enforcement (p=reject).
What if I need help getting to p=reject?
That’s exactly what we’re built for. DMARCguard identifies every authorized sender, flags misconfigurations, and gives you a step-by-step path from p=none through p=quarantine to p=reject. Paid plans include priority support for enforcement guidance.
Do I need to be technical to use it?
No. DMARCguard translates raw XML reports into plain-language insights. You’ll see sender names like “Mailchimp” and “Google Workspace” instead of IP addresses, and every issue comes with a clear recommended action.
Does DMARCguard help with PCI DSS 4.0 and NIS2 compliance?
Yes. PCI DSS 4.0 Requirement 5.4.1 mandates DMARC. DMARCguard provides compliance scoring, audit trails, and exportable PDF reports that serve as evidence for auditors. Our architecture also aligns with NIS2 and GDPR requirements.
How is DMARCguard different from EasyDMARC, dmarcian, or PowerDMARC?
Three key differences: (1) 7 core protocols free and all 9 from Pro — competitors gate even basic protocols behind premium plans, (2) we provide actionable remediation guidance, not just monitoring dashboards, and (3) our pricing is 50–80% lower for comparable coverage. See the full comparison above.
What’s the difference between the free plan and paid plans?
The Free plan covers 2 domains with 7 core protocols (DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC), 30 days data retention, and email alerts. Pro and Enterprise add DANE and ARF for the full 9-protocol stack, plus more domains, 10 team members, longer retention, compliance scoring, API access, PDF reports, and priority support.
How long does setup take?
Under 2 minutes. Add your domain, publish one DNS TXT record, and reports start flowing in. DMARCguard scans your existing DNS configuration immediately and shows your security grade before the first report arrives.
Can my team collaborate on this?
Yes. Pro supports 10 team members and Enterprise is unlimited. Role-based access lets you give auditors read-only views while admins manage policy changes. Every action is logged in the audit trail.
What happens to my data?
Your data is stored securely with encryption at rest and in transit. Retention depends on your plan (30 days to unlimited). We’re SOC 2-ready, GDPR-compliant by design, and you can export or delete your data at any time.
Is there a contract or cancellation fee?
No. All plans are month-to-month (or annual with 20% savings). Cancel anytime — no penalties, no lock-in. Your data remains exportable for 30 days after cancellation.
Is Your Domain Protected from Email Spoofing?
Check SPF, DKIM, and DMARC alongside 6 more protocols in 30 seconds. No signup required.
Google, Yahoo, and Microsoft are already rejecting non-compliant senders.
Your domain is either compliant — or it's a liability.
PCI DSS 4.0 made DMARC mandatory. NIS2 carries penalties up to €10M. The enforcement deadline isn't coming — it's here.
Protect Your Domain — FreeNo credit card. No sales call. Full protocol coverage in 2 minutes.