DMARC Monitoring

DMARC monitoring: see who's sending email as your domain

DMARC reports are XML files that nobody reads. We decode them into a dashboard that shows you every service, server, and sender using your domain — and whether they're authorised.

Start monitoring free See setup (1 DNS record)
No credit card Works with any provider 2-minute setup
cloudmailin.com/dmarc/senders

DMARC · Senders

acme.com · last 30 days

12,487 emails analysed
94.2 % compliant 2.1% vs last period
Compliant
9,872 79%
Forwarded
1,124 9%
Accepted
774 6.2%
Failed
717 5.8%

Top Senders

G google.com 6,841
CM cloudmailin.net 2,104
Z zendesk.com 927
? 185.244.9.0/24 · unknown 717

How it works

Point your DMARC record at us. We handle the rest.

01

Add one DNS record

A single TXT record at _dmarc.yourdomain.com tells inboxes where to send aggregate reports.

_dmarc IN TXT "v=DMARC1; p=none;
 rua=mailto: acme@dmarc.cloudmailin.local "
02

We collect reports

Gmail, Yahoo, Microsoft, Apple and every major ISP send us daily aggregate reports about mail claiming to be from your domain.

google.com yahoo.com outlook.com apple.com + 40 more
03

See your dashboard

One compliance number. A breakdown by sender. Every IP with its PTR, SPF & DKIM alignment. No XML in sight.

Senders Reports IPs

Feature 01 · Senders Dashboard

The one number that tells you your domain is healthy

Compliance at a glance, then drill in. Every sender grouped by status, with SPF and DKIM alignment on every row.

acme.com mail.acme.com app.acme.com
94.2 % compliant 12,487 emails analysed
Fully Compliant
9,872 79%
Possible Forwards
1,124 9%
Accepted
774 6.2%
Unknown / Threats
717 5.8%

Disposition

Accepted 11,482
Quarantine 683
Rejected 322

Compliant Senders

google.com Google Workspace
6,841
cloudmta.net CloudMailin
2,104
zdsys.com Zendesk
927
intercom.io Intercom
318

Failed Senders

?
185.244.9.0/24 Unidentified
412
?
ispgateway.de Unidentified
218
!
unknown-legacy Old DKIM key
87

Feature 02 · Sender Intelligence

We recognise hundreds of email services. Not just IP addresses.

Every IP in your DMARC reports is joined against a curated database of known email infrastructure. You see service names, not CIDR blocks.

360+
known senders
Google Workspace Microsoft 365 Yahoo Zoho Apple Fastmail HEY Proton Mail Zendesk Shopify Mimecast Cloudflare BT GMX Mail.ru QQ Mail Kpn OVH

Feature 03 · Report Coverage

Know when every provider is reporting

A heatmap shows which organisations have sent you aggregate reports on which days. Gaps mean reports are missing — usually a DNS misconfiguration.

Provider Apr 9 Apr 10 Apr 11 Apr 12 Apr 13 Apr 14 Apr 15 Apr 16 Apr 17 Apr 18 Total
Google Workspace
524 498 531 487 512 493 541 507 519 4,612
Yahoo
87 91 104 78 93 99 108 85 96 841
Microsoft 365
201 189 215 198 207 194 211 203 196 1,814
Apple
42 38 45 41 39 44 37 43 40 369
Fastmail
18 22 19 21 17 23 20 18 158
Proton Mail
8 11 9 12 7 10 9 11 8 85
Zoho
5 7 6 4 8 5 6 7 48

Feature 04 · IP Drilldown

Every IP. Every PTR. Every reporter.

When you find a problem at the sender level, drill into the individual IPs. PTR reverse lookups identify servers. Reporter columns show which ISPs flagged what.

  • PTR reverse lookup

    Auto-resolves every source IP to its hostname.

  • Grouped by sender suffix

    All *.cloudmailin.net IPs collapse into one expandable row.

  • Filter by reporter & From header

    Focus on a specific ISP's reports or a specific domain.

DMARC IP Drilldown

Structured Reports

Reports your AI can actually read

Every DMARC snapshot exports as clean, structured markdown. Feed it to your AI assistant for analysis, paste it into a compliance ticket, or share a versioned URL with your team. Machine-readable by default, human-readable when you need it.

  • Structured for AI — paste into ChatGPT, Claude, or your internal tools

  • Full compliance summary with sender breakdown

  • Disposition & policy detail per domain

  • Versioned URL — share by link, no attachment needed

dmarc-report-acme-2026-04.md 
## DMARC Report — acme.com
Period: Apr 01 – Apr 14, 2026

### Compliance
Overall:  94.2% compliant  (12,487 emails)
Trend:    +2.1% vs previous period

### Disposition
Accepted:   11,482  (91.9%)
Quarantine: 683     (5.5%)
Rejected:   322     (2.6%)

### Top Senders
| Sender            | Count | SPF  | DKIM |
|-------------------|-------|------|------|
| google.com        | 6,841 | pass | pass |
| cloudmailin.net   | 2,104 | pass | pass |
| zendesk.com       |   927 | pass | pass |
| 185.244.9.0/24    |   412 | fail | fail |

Why DMARC matters

Without DMARC monitoring, unauthorised senders quietly wreck your deliverability

Since February 2024, Gmail and Yahoo require valid DMARC for bulk senders. Microsoft is following. Without visibility into who's sending as you, you're guessing at your reputation.

DMARC aggregate reports contain the answer — but they're delivered as XML, one file per provider per day, and they're unreadable without tooling.

CloudMailin turns them into a dashboard. Compliance percentage. Sender breakdown. Threat detection. One number that tells you whether your domain is healthy, every day.

Read our complete guide to DMARC, SPF, and DKIM →

What you'll catch

Domain spoofing

Someone sending as you without permission

Stale DKIM keys

Old keys still signing, new ones not rotated in DNS

Shadow IT sending

Marketing uses a SaaS you didn't authorise

Misconfigured SPF

Record missing includes for services you actually use

What's different

Not another XML-summary tool

Built for engineers who want answers, not spreadsheets.

Sender-first view

Most tools show reports. We show who's sending — 100+ services identified by name, not IP.

Live, not weekly

Reports ingested as they arrive. Dashboard reflects today's data, not last Monday's digest.

Markdown export

Share with ops and security without screenshots. Paste straight into Confluence or a ticket.

Works anywhere

Use us with any mail provider. No lock-in, no sending switch required to start monitoring.

One platform

Sending, receiving, and authentication — one account

DMARC monitoring pairs naturally with your existing CloudMailin email. Send outbound via our SMTP? Your reports are already structured. Receive inbound via webhooks? You know our platform.

16+
years processing email

Inbound Email

Receive via HTTP webhook. Parsed JSON, attachments extracted, POST to your endpoint.

Learn more →

Outbound Email

Transactional via API or SMTP. DKIM signing, bounces, delivery tracking built in.

Learn more →
You're here

DMARC Reports

Dashboard + sender intel + threat detection. Works with any email provider, not just ours.

Get started →

Setup

One DNS record. Two minutes.

Add this TXT record at your DNS provider. Reports will start arriving within 24 hours.

DNS TXT record
$
; At your DNS provider, add:
_dmarc .yourdomain.com IN TXT
"v=DMARC1; p=none; rua=mailto:yourdomain@dmarc.cloudmailin.local; fo=1; aspf=r;"
p=none · monitoring mode (no mail affected) fo=1 · forensic on any failure aspf=r · relaxed alignment
Sign up and get your DMARC address

Works with any mail provider — Google Workspace, Microsoft 365, Fastmail, your own server.

Trusted infrastructure

The same platform that processes billions of emails

16+

Years running

99.99%

Uptime

12M+

Emails analysed / month

Free

To get started

Testimonials

Don't just take our word for it

Andreas Santoro

Andreas Santoro

CTO, ExpressSteuer

CloudMailin has been instrumental in our growth at ExpressSteuer. The system is not only incredibly easy to implement, but also highly reliable and robust. What's more, their support team is simply amazing - always quick to respond and provide effective solutions to any challenge we encounter. We couldn't be more pleased with the service provided by CloudMailin!

Dan

Dan

CamelCamelCamel.com

Thanks for the rock solid decade

Francisco (Kiko) R.

Francisco (Kiko) R.

Head of Engineering, ProFinda.com

The product is perfect, feature rich, nice and intuitive UI and great support. It was really easy to integrate it into our application. It enables our application to receive inbound traffic, to give better support to clients and to expand our mailing options.

FAQ

DMARC monitoring FAQ

Do I need to already use CloudMailin for sending?
No. DMARC monitoring works with any outbound email provider. Add one DNS record pointing to CloudMailin and reports flow to us. You can keep sending through Google Workspace, Microsoft 365, CloudMailin, or your own server.
How quickly will I see DMARC data?
Most providers send aggregate reports once a day. You'll typically see your first report within 24 hours of the DNS record propagating. Major providers (Google, Yahoo, Microsoft) start within a few hours.
Is p=none safe?
Yes — p=none is the recommended starting posture. It tells providers "report what you see, but don't take action on anything." Once you understand your sender landscape, move to p=quarantine and then p=reject to actively enforce.
Can I monitor multiple domains?
Yes. Add the DMARC record to each domain you want to monitor — they all roll up into one dashboard with a domain selector. Great for agencies and multi-brand companies.
Do you read the message contents?
No. DMARC aggregate reports (RUA) are metadata only — counts, IPs, alignment results. They contain no message content, subject lines, or recipient addresses. That's a DMARC-protocol guarantee, not ours.

Start monitoring your domain

Free to start. One DNS record. First report within 24 hours.

Get Started Free Book a demo