DMARC Monitoring for MSPs

Stop client emails
from landing in spam.

Most MSPs don't know their clients' emails are failing authentication checks - until the calls start coming in.

For MSP owners and technical directors managing email across 50 to 500 client domains.

The Problem

You're sending emails into a black hole.

Right now, there could be client domains on your watch failing authentication checks - emails bouncing, invoices vanishing into spam, domains getting spoofed - and you'd have no way to know until someone calls you about it.

550 5.7.1 A client's password reset never arrives. Then their invoices stop going through. By the time you hear about it, they're already looking for a new MSP.
Spam folder Gmail and Microsoft are silently quarantining your clients' messages. No bounce, no error - just a growing pile of 'I never got that email' tickets.
Spoofed Someone sends phishing emails from your client's domain. Their customers get scammed. And the finger points at you - the one who manages their email.

MXBastion watches every domain you manage - so these problems get caught and fixed before anyone notices.

bounce-notification.eml
From: [email protected]
To: [email protected]
Subject: Delivery Status Notification (Failure)

--- Below this line is the bounce message ---

550 5.7.1 Unauthenticated email from
your-company.com is not accepted due
to domain's DMARC policy.

DMARC policy:  p=none (no enforcement)
SPF:           FAIL (too many DNS lookups)
DKIM:          FAIL (signature not found)
Alignment:     FAIL

Action required: Fix your email
authentication configuration.
With MXBastion

No more 'did you get my email?' calls.

With MXBastion protecting your domains, every email is authenticated, every threat is caught, and you never get blindsided by a client call again.

Every client email lands in the inbox

SPF, DKIM, and DMARC all pass. Receiving servers trust the message. Your clients' invoices arrive, their password resets work, and their customers stop asking 'did you send that?'

Authentication Rate 100%

Continuous Monitoring

DNS records checked every 6 hours. DMARC reports processed as they arrive. When something drifts, you fix it the same day - not three weeks later after a client churns.

Proactive Issue Resolution

When something breaks, you get the exact DNS record to fix it. No Googling RFC specs, no guessing at syntax. Copy, paste, done - verified in minutes, not days.

How It Works

From vulnerable to protected in days, not months.

Use MXBastion and every client domain reaches full DMARC enforcement - p=reject - with guided steps and zero guesswork.

1

Add Your Domains

5 minutes

Enter your domains and we instantly scan their SPF, DKIM, and DMARC records.

2

Review Authentication

24 hours

We collect and analyze your first DMARC aggregate reports to map all legitimate senders.

3

Tighten Enforcement

1-2 weeks

Gradually move from p=none to p=reject with guided steps and safety checks at each stage.

4

Monitor & Protect

Ongoing

Continuous monitoring catches config drift, spoofing attempts, and new sender issues in real time.

DMARC Enforcement Progression

p=none

Monitor only. No emails are blocked. You see what's happening but nothing is enforced.

p=quarantine

Suspicious emails go to spam. Legitimate mail still delivers. A safe middle ground.

p=reject

Full protection. Unauthenticated emails are rejected. Your domain can't be spoofed.

Platform Preview

See your domain health at a glance.

app.mxbastion.com/dashboard
Dashboard
Domains
Reports
Alerts
Settings
4
Domains
98.2%
Auth Rate
2
Warnings
1
Critical
acme-corp.com Healthy
DMARC pass SPF pass DKIM pass
store.acme-corp.com Warning
DMARC pass SPF pass DKIM misaligned
legacy-app.io Critical
DMARC fail SPF too many lookups DKIM pass
notifications.acme-corp.com Healthy
DMARC pass SPF pass DKIM pass
Authentication Results
Last 7 days — improving trend
Mon
Tue
Wed
Thu
Fri
Sat
Sun
Critical Issue

SPF Exceeds 10 Lookup Limit

legacy-app.io has 13 DNS lookups in its SPF record. RFC 7208 limits this to 10.

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Domains

+ Add Domain
Domain DMARC Policy SPF DKIM Status Last Checked
acme-corp.com p=reject Pass Aligned Healthy 2 hours ago
store.acme-corp.com p=quarantine Pass Misaligned Warning 4 hours ago
legacy-app.io p=none 13 lookups Missing Critical 1 hour ago
notifications.acme-corp.com p=reject Pass Aligned Healthy 30 min ago
mail.clientco.org p=quarantine Pass Aligned Healthy 3 hours ago
invoices.bigretail.com p=reject Pass Aligned Healthy 1 hour ago

DMARC Aggregate Reports

acme-corp.com — Last 30 days
12,847
Total Emails
97.3%
Pass Rate
346
Failed
8
Sources
Sending Source Volume SPF DKIM Aligned
Google Workspace209.85.220.0/24 8,421 Pass Pass Yes
SendGrid167.89.0.0/17 3,204 Pass Pass Yes
Mailchimp205.201.128.0/20 876 Pass Partial DKIM only
Unknown203.0.113.42 346 Fail Fail No

Alert History

Last 7 days
Spoofing attempt detected
203.0.113.42 sent 346 unauthenticated emails as acme-corp.com. All rejected by p=reject policy.
2 hours ago
DKIM alignment failed
DKIM signatures on store.acme-corp.com are signing with a mismatched domain. 4% of emails affected.
5 hours ago
SPF record exceeds lookup limit
legacy-app.io has 13 DNS lookups (limit: 10). SPF is returning permerror for all emails.
1 day ago
DMARC policy upgrade recommended
store.acme-corp.com has had 99.1% pass rate for 14 days. Ready to move from p=quarantine to p=reject.
2 days ago
Weekly digest sent
Status report for 4 domains delivered to [email protected] and #email-ops Slack channel.
3 days ago

Settings

Notification Channels

Email [email protected]
Slack #email-ops
PagerDuty Not configured

Check Frequency

DNS record checks Every 6 hours
DMARC report processing Real-time
Weekly digest Mondays, 9:00 AM UTC

Team

Sarah Chen Owner
Mike Torres Admin
Alex Kim Viewer
acme-corp.com Healthy
DMARC SPF DKIM
store.acme-corp.com Warning
DMARC SPF DKIM
legacy-app.io Critical
DMARC SPF DKIM
notifications.acme-corp.com Healthy
DMARC SPF DKIM
Pricing

Simple, transparent pricing

All plans include SSO and full API access. No hidden fees.

Starter

For small teams

$29 /mo
  • 15 domains
  • 200,000 emails/mo
  • DMARC, SPF, DKIM monitoring
  • SSO + API access
Get Started
Most Popular

Growth

For growing MSPs

$49 /mo
  • 50 domains
  • 1,000,000 emails/mo
  • DMARC, SPF, DKIM monitoring
  • SSO + API access
Get Started

Pro

For established MSPs

$69 /mo
  • 150 domains
  • 5,000,000 emails/mo
  • DMARC, SPF, DKIM monitoring
  • SSO + API access
Get Started

Scale

For large-scale operations

$129 /mo
  • 500 domains
  • 15,000,000 emails/mo
  • DMARC, SPF, DKIM monitoring
  • SSO + API access
Get Started