How does DMARC monitoring work?
DMARC tells receiving mail servers how to handle messages that fail authentication for your domain — and asks them to send you aggregate reports about what they saw. Those reports are XML, they arrive from dozens of providers every day, and reading them by hand is miserable. CertSentry ingests, deduplicates and summarises them for you.
Setting it up
- Add a domain to monitor. CertSentry gives you a unique reporting address.
- Point your domain's DMARC
ruatag at that address. - Reports start flowing in automatically — there's nothing to poll or upload.
What you get out of it
- A clear view of which sources are sending as your domain, and whether they pass SPF and DKIM alignment.
- An alert when a new sending source appears — invaluable for catching both shadow IT (a new SaaS sending on your behalf) and outright spoofing.
- An alert when the failure rate crosses your threshold (5% by default), throttled to at most once every 24 hours per domain so a single noisy reporter can't flood you.
Why it's worth doing
DMARC is how you move from "we published a policy and hoped" to actually seeing who sends as you. It's the difference between discovering a spoofing campaign from reports versus from a customer who got phished.
Availability
DMARC monitoring is included on Pro (1 domain) and Agency (5 domains). Additional domains can be purchased as an add-on, and the Agency plan keeps reports for longer. See what's included in each plan.