Without DMARC enforcement, anyone can send email that looks like it's from your domain — including fake invoices or wire instructions to your clients. We read only public DNS (the same data any attacker sees) and show your exact exposure in seconds.
Sender Policy Framework — tells receiving servers which machines are allowed to send email for your domain. Without it, anyone can.
A cryptographic signature on every email you send. Receivers use it to confirm the message wasn't forged or tampered with in transit.
The policy that ties SPF and DKIM together and tells receivers what to do with fakes — monitor, quarantine, or reject. The single most important control.
Yes. The instant scan reads your public DNS and returns a score plus your top issues at no cost. The full audit with copy-paste DNS records to fix everything is a paid upgrade.
Gmail, Yahoo, and Microsoft now require proper email authentication from bulk senders (Google/Yahoo since Feb 2024), and increasingly filter or reject unauthenticated mail from others. Those rules target high-volume senders and are met by even a basic DMARC record. But a basic record (p=none) only monitors — it doesn't stop anyone from impersonating your domain. Real protection means moving safely to enforcement (p=reject). The free scan shows exactly where your domain stands.
We read only public DNS — the same data any attacker sees. We never access your private systems or credentials. We keep your scan result to prepare your report; we never sell or share it.
The full audit gives you the exact DNS records to paste into your provider. If you'd rather have it done for you, reply to the report and we'll handle the setup.