Email Authentication Intelligence

Stop client emails
from landing in spam.

Monitor DMARC, SPF, and DKIM across every client domain - before bounces become tickets.

For MSP owners and technical directors responsible for email across 50 to 500 client domains.

The Problem

You're sending emails into a black hole.

Without proper DMARC enforcement, your transactional emails silently land in spam, your invoices get rejected, and anyone on the internet can send email pretending to be you.

550 5.7.1 Your emails are being rejected outright by receiving servers. Password resets, invoices, onboarding flows - gone.
Spam folder Gmail and Microsoft are quarantining your messages. Your customers never see them.
Spoofed Someone is sending phishing emails from your domain. Your brand reputation is on the line.
bounce-notification.eml
From: [email protected]
To: [email protected]
Subject: Delivery Status Notification (Failure)

--- Below this line is the bounce message ---

550 5.7.1 Unauthenticated email from
your-company.com is not accepted due
to domain's DMARC policy.

DMARC policy:  p=none (no enforcement)
SPF:           FAIL (too many DNS lookups)
DKIM:          FAIL (signature not found)
Alignment:     FAIL

Action required: Fix your email
authentication configuration.
What You Get

Email that actually reaches the inbox.

100% Authenticated Delivery

Every email from your domain passes SPF, DKIM, and DMARC checks. Receiving servers trust your messages and deliver them to the inbox, not the spam folder.

Authentication Rate 100%

Continuous Monitoring

We check your DNS records every 6 hours and process DMARC aggregate reports as they arrive. If something drifts, you know immediately - not weeks later when deliverability tanks.

Proactive Issue Resolution

When we detect a problem, you get the exact DNS record change needed to fix it. No Googling, no guessing. Copy the fix, paste it in your DNS provider, and we verify the change.

How It Works

From vulnerable to protected in days, not months.

1

Add Your Domains

5 minutes

Enter your domains and we instantly scan their SPF, DKIM, and DMARC records.

2

Review Authentication

24 hours

We collect and analyze your first DMARC aggregate reports to map all legitimate senders.

3

Tighten Enforcement

1-2 weeks

Gradually move from p=none to p=reject with guided steps and safety checks at each stage.

4

Monitor & Protect

Ongoing

Continuous monitoring catches config drift, spoofing attempts, and new sender issues in real time.

DMARC Enforcement Progression

p=none

Monitor only. No emails are blocked. You see what's happening but nothing is enforced.

p=quarantine

Suspicious emails go to spam. Legitimate mail still delivers. A safe middle ground.

p=reject

Full protection. Unauthenticated emails are rejected. Your domain can't be spoofed.

Platform Preview

See your domain health at a glance.

app.mxbastion.com/dashboard
Dashboard
Domains
Reports
Alerts
Settings
4
Domains
98.2%
Auth Rate
2
Warnings
1
Critical
acme-corp.com Healthy
DMARC pass SPF pass DKIM pass
store.acme-corp.com Warning
DMARC pass SPF pass DKIM misaligned
legacy-app.io Critical
DMARC fail SPF too many lookups DKIM pass
notifications.acme-corp.com Healthy
DMARC pass SPF pass DKIM pass
Authentication Results
Last 7 days — improving trend
Mon
Tue
Wed
Thu
Fri
Sat
Sun
Critical Issue

SPF Exceeds 10 Lookup Limit

legacy-app.io has 13 DNS lookups in its SPF record. RFC 7208 limits this to 10.

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Domains

+ Add Domain
Domain DMARC Policy SPF DKIM Status Last Checked
acme-corp.com p=reject Pass Aligned Healthy 2 hours ago
store.acme-corp.com p=quarantine Pass Misaligned Warning 4 hours ago
legacy-app.io p=none 13 lookups Missing Critical 1 hour ago
notifications.acme-corp.com p=reject Pass Aligned Healthy 30 min ago
mail.clientco.org p=quarantine Pass Aligned Healthy 3 hours ago
invoices.bigretail.com p=reject Pass Aligned Healthy 1 hour ago

DMARC Aggregate Reports

acme-corp.com — Last 30 days
12,847
Total Emails
97.3%
Pass Rate
346
Failed
8
Sources
Sending Source Volume SPF DKIM Aligned
Google Workspace209.85.220.0/24 8,421 Pass Pass Yes
SendGrid167.89.0.0/17 3,204 Pass Pass Yes
Mailchimp205.201.128.0/20 876 Pass Partial DKIM only
Unknown203.0.113.42 346 Fail Fail No

Alert History

Last 7 days
Spoofing attempt detected
203.0.113.42 sent 346 unauthenticated emails as acme-corp.com. All rejected by p=reject policy.
2 hours ago
DKIM alignment failed
DKIM signatures on store.acme-corp.com are signing with a mismatched domain. 4% of emails affected.
5 hours ago
SPF record exceeds lookup limit
legacy-app.io has 13 DNS lookups (limit: 10). SPF is returning permerror for all emails.
1 day ago
DMARC policy upgrade recommended
store.acme-corp.com has had 99.1% pass rate for 14 days. Ready to move from p=quarantine to p=reject.
2 days ago
Weekly digest sent
Status report for 4 domains delivered to [email protected] and #email-ops Slack channel.
3 days ago

Settings

Notification Channels

Email [email protected]
Slack #email-ops
PagerDuty Not configured

Check Frequency

DNS record checks Every 6 hours
DMARC report processing Real-time
Weekly digest Mondays, 9:00 AM UTC

Team

Sarah Chen Owner
Mike Torres Admin
Alex Kim Viewer
acme-corp.com Healthy
DMARC SPF DKIM
store.acme-corp.com Warning
DMARC SPF DKIM
legacy-app.io Critical
DMARC SPF DKIM
notifications.acme-corp.com Healthy
DMARC SPF DKIM
Get Early Access

Stop losing emails to spam.

Full DMARC, SPF, and DKIM monitoring across all your domains
Guided enforcement progression from p=none to p=reject
Real-time alerts for spoofing attempts and config drift
Actionable fix recommendations with exact DNS record changes

Request Early Access

We'll reach out to you personally. When MXBastion is ready, you'll be among the first to get access.