DMARCER
Sign in Get started
How it works

How anyone can pretend to be you - and what stops them

Email was never built to prove who a message is really from. A handful of DNS controls fix that. Here's what each one does, why it matters, and how they fit together - without the jargon.

d SPF DKIM DMARC MTA-STS TLS-RPT DNSSEC Blacklist

The problem: a forgeable "From" line

By default, a sender can put any address in the "From" field - including yours. Nothing in the original email standard checks it. That's how phishing, invoice fraud and brand impersonation work: the message looks like it came from you, so people trust it.

The fix isn't one switch. It's four DNS-based controls that, together, let receiving mail servers verify a message and decide what to do with fakes.

The four controls

  • SPF - declares which servers are allowed to send for your domain.
  • DKIM - adds a tamper-proof signature that proves a message is genuinely yours.
  • DMARC - ties SPF and DKIM together, sets the policy for fakes, and reports who's impersonating you.
  • MTA-STS - forces mail to your domain over encrypted connections.

Where DMARCER fits

We continuously watch these controls across all your domains, score where you stand, and explain - in plain English - exactly where you're exposed. Understanding the problem is free; closing the gaps is what the platform's for.

Get started
Free domain check

Check your domain security

See how your domain's security compares to your competitors.