DMARC monitoring service

A DMARC policy is a set of rules and instructions that a domain owner publishes as a DNS record to tell mailbox providers how to handle messages that fail authentication checks. Implementing DMARC helps to prevent email spoofing and phishing attacks and maintain good deliverability by specifying that no action should be taken/the message is simply monitored (p=none), the message should be quarantined (sent to spam, p=quarantine), or blocked completely (p=reject).

DMARC aggregate reports provide information about the DMARC, SPF and DKIM record authentication status of all emails that go through the authentication process. These reports are forwarded by mailbox providers in XML format, and include information such as sending source IP, authentication results, and applied policy. MailerSend’s DMARC monitoring tool converts this data into an easily readable format on the DMARC dashboard, highlighting authentication failures and providing recommendations on what to improve. You can learn more about how to read DMARC reports in our guide. 

Forensic reports contain information about authentication failures, and contain sensitive information forr troubleshooting, sometimes including parts of the message body and email headers. Aggregate reports provide information about all emails that go through the authentication process, regardless of whether they pass or fail. They do not contain any sensitive information but they do provide important details for monitoring domain activity.

To monitor DMARC for multiple domains, you’ll need to add each domain individually. In MailerSend, Professional plans can add up to 10 domains. Starter plans can add 1 domain to try out the feature for 30 days. If you’d like to continue using the feature or need to add more domains, you can purchase up to 10 more domains via the Domain monitor add-on for $2 per domain. 

MailerSend’s DMARC analyzer turns the raw data provided in DMARC reports from mailbox providers into easy-to-read, actionable insights, with recommendations for how to improve authentication.

Relaxed DKIM or SPF record alignment means that the organizational domain must be the same, in other words, subdomains will pass. For example, yourdomain.com and email.yourdomain.com count as a match. Strict alignment means that the domains must match exactly, so yourdomain.com and email.yourdomain.com will not match and the alignment will fail. 

If the DMARC monitoring tool is showing your email domain’s status as Mismatch, it means that the DMARC record published on your domain's DNS does not match the record in MailerSend. Check out our DMARC monitoring guide and follow the steps to correctly set up your DMARC record. 

Yes, you can customize the settings of your DMARC record and set the desired percentage of emails that you want your policy to apply to. Learn more in our DMARC monitoring guide. 

For email authentication projects, you’ll want to track SPF, DKIM and DMARC pass rates, volume by mail source, failure rate by source, authentication failures, number of rejected/quarantined emails, and inbox placement rates.