Free DMARC, SPF & DKIM check in 10 seconds. Then we walk you to full p=reject protection — and stand guard forever: alerts on every new sender, failure or spoofing attempt. Any DNS provider. Plain English, no admin-speak.
The three biggest mailbox providers on Earth now demand SPF, DKIM and DMARC from anyone sending volume — and they no longer just filter violators to spam. Microsoft rejects outright with error 550 5.7.515 (since May 2025); Gmail began rejecting non-compliant senders in November 2025.
Gmail & Yahoo (2024, Gmail rejecting since Nov 2025), Microsoft Outlook (May 2025). This is the new plumbing of email, not a trend.
More than half of domains with DMARC never reach enforcement (2026 adoption data). A record without a policy protects nothing.
Run email through 4–5 services and you'll silently break it. We count your lookups on every check.
Run the free check. See your protection grade (A–F), SPF lookup count, and every issue — each one explained like you're a business owner, not a sysadmin.
Add one DNS record (we give you the exact line to paste). Mailbox providers start sending us daily reports about who's sending email as you.
We identify every legitimate sender, hand you copy-paste fixes for each, and move your policy up step by step. Then we stand guard — forever.
Dedicated DMARC platforms start at $25–36/month. Cloudflare's free tool only works if your DNS lives on Cloudflare — and stops at recommendations: no alerts, no digests, no guided path to enforcement. We do the part that matters.
Paid tiers open soon. Waitlist members get 3 months of Monitor free at launch.
Probably not. If your policy says p=none — like more than half of all DMARC records in 2026 — you have monitoring with zero protection. Anyone can still spoof your domain. The value is in reaching p=reject safely.
That's exactly why we exist. We watch your reports first, identify every legitimate service sending as you (your CRM, your invoicing tool, your newsletter app), help you authenticate each one, and only then tighten the policy. Nothing legitimate breaks.
If your DNS is on Cloudflare, it's a decent report viewer with record recommendations. But it only works for domains on Cloudflare DNS, keeps about 30 days of history, sends no alerts or digests when something breaks or someone starts spoofing you, and leaves the move from p=none to p=reject entirely to you, "at your own pace". DMARCKeeper works with any DNS provider, watches your reports continuously, alerts you the day something changes, and moves your policy up step by step without breaking legitimate mail.
Enforcement thresholds target bulk senders, but two things make this everyone's problem: rejections and spam-folder placement hit smaller senders too, and Microsoft's threshold is sticky — cross 5,000/day even once (one big promo, one product launch) and the requirements apply to your domain permanently. Spoofing doesn't care about your volume at all.
Just your domain name for the free check. To connect monitoring: access to your DNS (wherever you bought your domain) and 5 minutes. We give you the exact records to paste.