Don't just see failures. Understand them.
A DMARC failure could be an attacker spoofing you, a legitimate service you forgot to authorise, or a harmless false alarm. Most tools just show you that something failed. DMARCER tells you which — in plain English, the moment you open the report.
Clear verdicts on every failure
Tiers: instant, then optional AI
First verdict, no credits needed
Two kinds of report, one hard question
When you turn DMARC on, mail providers around the world start sending you reports about messages claiming to be from your domain. Aggregate reports summarise who’s sending in your name and whether they passed authentication. Failure (forensic) reports capture individual messages that failed – the closest thing you get to seeing an attack as it happens.
The trouble is they arrive as dense XML, and every failure poses the same hard question: is this an attacker impersonating you, a real service you forgot to set up properly, or a harmless quirk of how email is forwarded? Get it wrong and you either dismiss a genuine attack, or you block your own invoices and newsletters. Doing that triage by hand, message by message, is how real threats get lost in the noise.
Why this matters – whoever you are
- Running your own domains? You get a clear answer without needing an email-security specialist on staff.
- Managing clients? You triage failures across every client in minutes, not hours – and can show them exactly what you caught.
A verdict on every report, the moment you open it
DMARCER doesn’t simply repeat what the receiving mail server said. It independently re-computes SPF and DKIM alignment from the report itself – checking whether the part of the message that authenticated actually matches the domain in the visible “From” address – and then applies a clear set of rules to reach one of four verdicts. It’s instant, runs on every report automatically, and never costs a credit.
Likely spoofing
Nothing aligns and nothing legitimate explains it. Treat it as an attacker impersonating you. Example: a server in another country sending “invoice” mail as your domain with no valid signature. Action: this is exactly what enforcement (p=reject) stops.
Failing legitimate sender
A real service of yours is sending, but its authentication isn’t set up correctly. Example: a new marketing tool that isn’t in your SPF record yet. Action: authorise it before you tighten your policy, so you don’t block your own mail.
Likely false positive
The message actually passes once you account for how it was handled (often forwarding). Example: a mailing list that re-sends your message. Action: safe to ignore – we tell you so you don’t waste time chasing it.
Inconclusive
The report doesn’t carry enough signal for a confident call. Action: rather than guess, DMARCER tells you exactly what to check next to resolve it.
Findings and next steps, not just a label
Under every verdict, DMARCER lists the specific findings that drove it – SPF result and alignment, DKIM result and alignment, its own independent read of DMARC – each marked pass, warning or fail. Then it spells out the concrete next step in language you can act on (or forward to a client) without decoding jargon.
- Per-check findings: SPF, DKIM, alignment, DMARC opinion
- Severity on each: pass / warning / fail
- Plain-English “what to do next” for the verdict
- Mark-as-reviewed with a full audit trail
When you want the full story, ask the AI
For a report that needs a closer look, generate an AI analysis on demand. Crucially, it’s grounded in the deterministic verdict above – so it starts from established facts rather than guessing – and writes up what happened and what to do in clear prose you can hand straight to a colleague or a client.
It runs only when you choose, so there are no surprises: it’s metered by credits included with your plan, switched on per user by an administrator, and gated behind a data-protection acknowledgement because it involves message content. Every analysis is saved to that report’s history, so re-opening it shows what was found before.
- Built on the deterministic read – not hallucinated
- Runs only on demand, metered by plan credits
- Enabled per user, with a data-protection step
- Every response saved to the report’s history
- The same on-demand analysis works on your aggregate DMARC data, summarising the last 14 days and your top senders
See the whole picture, then drill into one message
Verdicts sit inside a full reporting view. Start with the aggregate picture – every sending source, its volume, where in the world it’s sending from, and whether it’s passing – then drill all the way down to an individual failed message and its verdict. Sources are enriched with location and network owner so an unfamiliar sender is easy to recognise or rule out.
- Aggregate view: sources, volume, pass/fail trend
- Geographic map of where mail claims to originate
- Drill-down to a single message and its verdict
- Source enrichment: country, network, provider
Built for the sensitivity of this data
Failure reports can contain personal data – subjects, recipients, headers. DMARCER treats them accordingly: viewing them needs a dedicated permission separate from ordinary reporting, every view is logged, and they’re deleted automatically on a retention schedule you control – from days to indefinitely. For a business that means GDPR-friendly handling out of the box; for an MSP it means clean separation and accountability across every client’s data. See how we handle your data →
Where this fits in the platform
Source identification →
Name every sender behind the verdicts.
Enforcement journey →
Use the verdicts to reach p=reject safely.
Security score →
How it all rolls into one 0–100 number.
Security & trust →
Data residency, retention and audit.
See what’s really sending as your domain
Run a free check to see your domain’s posture – then put forensic verdicts to work on every domain you protect.
Check your domain