Set up records
We generate your initial DMARC record with p=none and a reporting address. You add it once to your DNS.
Product · DMARC
DMARC you actually understand.
Aggregate and forensic reports from Google, Microsoft and 700+ other
mail servers, visualized. From p=none to
p=reject — guided, safe, without putting deliverability at risk.
The ranking
Top providers by mail volume
| # | Provider | Mails ▼ | Pass | DKIM |
|---|---|---|---|---|
| 01 | 77,708 | 97.5% | ||
| 02 | Microsoft 365 |
59,688 | 99.6% | |
| 03 | Proton |
49,286 | 97.9% |
How it works
Three stages to p=reject
No big bang, no delivery outages. Gradual tightening with visibility at every stage.
Collect reports
Mailantis aggregates XML reports from every major mail provider and visualizes SPF/DKIM alignment per sender IP.
Tighten the policy
Once your legitimate senders run alignment-clean, the wizard guides you to p=quarantine and finally p=reject.
Features
Everything DMARC needs — nothing it doesn't.
Aggregate report parser per RFC 7489
Forensic reports (RFC 6591), GDPR-pseudonymized
SPF/DKIM alignment visualization per sender
Source IP reverse lookup + geo information
Policy progression wizard (none → quarantine → reject)
Threat detection: flag spoofing attempts actively
Slack, Teams, webhook and PagerDuty alerts
Multi-tenant for MSPs (sub-org isolation)
Report storage in certified EU data centres (DPA downloadable)
API export (JSON / CSV) for your own analyses
DNS record
One TXT record is enough to start.
Mailantis generates it to match your sender landscape.
What a typical DMARC record looks like
v=DMARC1 defines the version. p=quarantine sets the policy for the main domain — suspicious mail goes to spam.
rua=… is the address for daily aggregate reports — at Mailantis you get a dedicated reporting mailbox.
pct=100 applies the policy to all mail — the direct jump instead of a staggered ramp-up. The Mailantis wizard shows you when that's safe after p=none monitoring.
Host: _dmarc.example.com · Type: TXTv=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100; adkim=r; aspf=r
Pricing
DMARC monitoring at a clear entry price
One plan for SMBs and agencies — Enterprise and Partner terms on request.
Monitoring
from €30/ month per domain
Aggregate & forensic reports, alert engine (Slack/Teams/webhook), policy wizard, API. Scales with domain count.
Open appEnterprise & Partner
on request
Multi-tenancy (MSP), white-label, SSO, custom SLA, on-premise. Consolidated invoice across all sub-orgs.
Get in touchFAQ
Common questions about DMARC monitoring
Do I need both SPF and DKIM for DMARC?
Yes. DMARC builds on SPF and/or DKIM. At least one of the two must be correctly configured and aligned with the From domain for DMARC to pass. Setting up both is best practice.
What happens at p=reject?
Mail that is not authenticated and aligned via either SPF or DKIM is completely rejected by the receiving server. This is the strictest stage and protects against spoofing — provided all legitimate senders are inventoried first.
How long does the path to p=reject take?
With a clean sender inventory, 4–8 weeks. For grown organizations with many unknown senders (service providers, newsletter tools, auto-responders), 3–6 months. Mailantis guides you step by step.
What does DMARC monitoring cost at Mailantis?
Monitoring starts from €30/month per domain — including aggregate and forensic reports plus the alert engine. Concrete terms depend on domain count, visible after registration or in a sales call. Cancel monthly.
Migration from dmarcian, EasyDMARC or Valimail?
Easy: change the rua address in your DMARC record to the Mailantis address. From then on, all new reports land with us. Historical reports we import on request.