Check your domain. Fix what's broken.
Prove you're compliant.
Monitor DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, and DANE from one dashboard. Get actionable fixes — not just data.
Most domains are exposed. Is yours?
Google, Microsoft, and Yahoo now reject unauthenticated email from bulk senders. PCI DSS 4.0 made DMARC mandatory in March 2025. NIS2 carries penalties up to €10M. Your domain is either compliant, or it's a liability.
of domains lack any DMARC record
Valimail 2024of implementations stall at p=none
dmarcian Industry Reportaverage cost of a data breach
IBM Cost of Data Breach 2024DMARCguard takes you from exposed to enforced — with clear steps, not just dashboards.
Built for the teams that own email security
Whether you're proving compliance, managing client domains, or automating infrastructure — DMARCguard speaks your language.
IT Security Teams
PCI DSS 4.0 deadline hit. Get compliance evidence in one click. Move from p=none to p=reject with guided enforcement. Exportable PDF reports for your auditor.
See plans →Managed Service Providers
200 domains, one dashboard. Bulk import via CSV, apply policy templates across clients, white-label the interface. On-premise deployment for full data control.
Talk to us about MSP pricing →DevOps & Platform Teams
REST API at every tier. 17 MCP tools for your AI stack. Webhook and SIEM integrations. Open-core parser you can audit on GitHub.
See the protocol stack →Why security teams trust DMARCguard
RFC-strict implementation
Every parser maps directly to the specification. DMARC (RFC 7489), SPF (7208), DKIM (6376), MTA-STS (8461), TLS-RPT (8460), ARC (8617), DANE (7672).
Your data stays yours
SOC 2-ready architecture. GDPR by design. Full audit trail on every action.
Compliance without the guesswork
PCI DSS 4.0 Req 5.4.1, NIS2 alignment, exportable evidence for auditors — all built in.
Open-core transparency
Our DMARC parsing engine is open-source and auditable on GitHub. The platform builds on it with enterprise capabilities you won't find elsewhere.
Every protocol. Every tier.
While competitors gate protocols behind premium plans, DMARCguard includes all 8 at every tier — including the free plan.
DMARC
Stop spoofed emails from reaching your recipients
RFC 7489SPF
Declare which servers can send email for your domain
RFC 7208DKIM
Prove emails weren't tampered with in transit
RFC 6376BIMI
Display your brand logo in recipients' inboxes
IETF DraftMTA-STS
Force encrypted email delivery — no downgrades
RFC 8461TLS-RPT
See when email encryption fails between servers
RFC 8460ARC
Preserve authentication through forwarding chains
RFC 8617DANE
Pin certificates to DNS — EU NIS2 compliance
RFC 7672What you get that others don't
We built DMARCguard around the gaps every other tool leaves open.
| What you get | DMARCguard | EasyDMARC | dmarcian | PowerDMARC |
|---|---|---|---|---|
| 5 domains for under $50/mo | $45/mo | ~$90/mo | $240/mo | ~$60/mo |
| All 8 protocols at every tier | No feature gates | Gated | DMARC only | Gated |
| See named senders, not raw IPs | 50+ services | Partial | ✕ | Partial |
| Step-by-step remediation guidance | Actionable fixes | Basic | Basic | Basic |
| ARC chain analysis | Full RFC 8617 | ✕ | ✕ | ✕ |
| DANE/TLSA validation | Full RFC 7672 | ✕ | ✕ | ✕ |
| API access without enterprise pricing | Pro tier | Enterprise only | Plus ($2,388/yr) | Enterprise only |
| Transparent, published pricing | All tiers public | ✓ | Hidden tiers | ✓ |
One platform. Three wins.
Whether you're enforcing policy, proving compliance, or integrating with your stack — DMARCguard meets you where you are.
- Named sender identificationSee "Mailchimp" and "Zendesk", not raw IP addresses
- Step-by-step remediationActionable fixes, not just red/green dashboards
- A–F compliance scoringKnow exactly where every domain stands
- Smart alertingEmail, Slack, Teams, webhooks — get notified before issues escalate
- PCI DSS 4.0 audit-readyRequirement 5.4.1 covered out of the box
- Exportable PDF reportsOne-click evidence for auditors
- Full audit trailEvery change logged, every action timestamped
- Role-based accessGive auditors read-only views, admins full control
- REST API at every tierNo enterprise paywall for programmatic access
- AI-ready with MCP tools17 tools for LLM-powered monitoring
- Webhook & SIEM integrationPush events to Splunk, Datadog, PagerDuty
- GitHub integration & CI/CD hooksAutomate domain onboarding and policy changes from your pipeline
From zero to enforcement in three steps
Discover
Add your domain and publish one DNS record. We scan your configuration and start collecting reports within minutes.
Configure
See exactly what's misconfigured. Get copy-paste DNS fixes for SPF, DKIM, and DMARC — with our policy wizard guiding each step.
Enforce
Graduate from p=none to p=reject with confidence. Monitor ongoing compliance and get alerted when anything changes.
Most domains reach p=reject in 6 weeks with our guided policy wizard.
See DMARCguard in action
34 purpose-built views designed to make email security simple, not overwhelming.
Domain health at a glance — compliance grade, sender breakdown, and trend charts
See Mailchimp, Google Workspace, and SendGrid — not raw IP addresses
Step-by-step guidance from p=none to p=reject with confidence scores
One-click compliance evidence with exportable PDF reports for auditors
All 8 protocols scored and graded with copy-paste DNS fix recommendations
Transparent pricing. Every protocol, every plan.
No feature gates on security. No surprise invoices. No credit card to start.
Founding pricing — available to our first 100 customers. Guaranteed for 18 months.
Starter
For individuals getting started with email security
- 2 domains
- All 8 protocols
- 30-day data retention
- Email alerts
- Community support
Pro
For teams enforcing compliance across multiple domains
- Up to 10 domains
- 5 team members
- 1-year data retention
- Compliance scoring
- Named sender identification
- API access (1K req/hr)
Business
For organizations with audit requirements and integrations
- Up to 25 domains
- 15 team members
- 2-year data retention
- PDF reports for auditors
- Webhooks + SIEM integration
- Priority support
Need unlimited domains, SSO, white-label, or on-premise deployment? Let's talk →
We built DMARCguard because every email security tool we tried made the same mistake: they showed us data and expected us to figure out the rest. We read every RFC. We mapped every protocol. Then we built the tool we wished existed — one that tells you exactly what's wrong and exactly how to fix it.
The core parser is open-source because security tools should be auditable. The platform is modern because complexity shouldn't mean ugly.
— The DMARCguard Team
80+ GitHub stars in organic growth. Born from frustration. Built for clarity.
Frequently asked questions
What does DMARCguard actually do?
DMARCguard monitors your email authentication protocols — DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT, ARC, and DANE — from a single dashboard. It collects your DMARC aggregate reports, identifies who’s sending email on your behalf, and gives you step-by-step guidance to reach full enforcement (p=reject).
What if I need help getting to p=reject?
That’s exactly what we’re built for. DMARCguard identifies every authorized sender, flags misconfigurations, and gives you a step-by-step path from p=none through p=quarantine to p=reject. Paid plans include priority support for enforcement guidance.
Do I need to be technical to use it?
No. DMARCguard translates raw XML reports into plain-language insights. You’ll see sender names like “Mailchimp” and “Google Workspace” instead of IP addresses, and every issue comes with a clear recommended action.
Does DMARCguard help with PCI DSS 4.0 and NIS2 compliance?
Yes. PCI DSS 4.0 Requirement 5.4.1 mandates DMARC. DMARCguard provides compliance scoring, audit trails, and exportable PDF reports that serve as evidence for auditors. Our architecture also aligns with NIS2 and GDPR requirements.
How is DMARCguard different from EasyDMARC, dmarcian, or PowerDMARC?
Three key differences: (1) all 8 protocols are included at every tier — competitors gate protocols behind premium plans, (2) we provide actionable remediation guidance, not just monitoring dashboards, and (3) our pricing is 50–80% lower for comparable coverage. See the full comparison above.
What’s the difference between the free plan and paid plans?
The free Starter plan covers 2 domains with all 8 protocols, 30-day data retention, and email alerts. Paid plans add more domains, team members, longer retention, compliance scoring, API access, PDF reports, and priority support. Every plan includes full protocol coverage — we never gate security features.
How long does setup take?
Under 2 minutes. Add your domain, publish one DNS TXT record, and reports start flowing in. DMARCguard scans your existing DNS configuration immediately and shows your security grade before the first report arrives.
Can my team collaborate on this?
Yes. Pro supports 5 team members, Business supports 15, and Enterprise is unlimited. Role-based access lets you give auditors read-only views while admins manage policy changes. Every action is logged in the audit trail.
What happens to my data?
Your data is stored securely with encryption at rest and in transit. Retention depends on your plan (30 days to unlimited). We’re SOC 2-ready, GDPR-compliant by design, and you can export or delete your data at any time.
Is there a contract or cancellation fee?
No. All plans are month-to-month (or annual with 20% savings). Cancel anytime — no penalties, no lock-in. Your data remains exportable for 30 days after cancellation.
See your domain's security score
DMARC, SPF, DKIM, and 5 more protocols checked in 30 seconds. No signup required.
Google, Yahoo, and Microsoft are already rejecting non-compliant senders.
Your domain is either compliant — or it's a liability.
PCI DSS 4.0 made DMARC mandatory. NIS2 carries penalties up to €10M. The enforcement deadline isn't coming — it's here.
Protect Your Domain — FreeNo credit card. No sales call. Full protocol coverage in 2 minutes.