Frequently Asked Questions

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol designed to give domain owners the ability to protect their domain from unauthorized email use, commonly known as email spoofing.

The purpose and primary outcome of implementing DMARC is to protect a domain from being used in email compromise attacks, phishing emails, email scams, and other cyber threat activities.

Bottom line: without DMARC enforcement setup, your domain can be abused, leading to reputation damage.

Learn more about how DMARC protects your business from email spoofing.

VerifyDMARC is specially optimised for MSPs and IT teams managing many domains, providing tools and features that streamline operations, enhance security, and ensure efficient management.

Key benefits include:

1. Centralised Management: A single platform offers complete visibility and control over all client domains, simplifying the monitoring and management of DMARC records and email security policies.
2. Scalability: Features like bulk import/export and generous domain limits cater to the needs of growing businesses and fluctuating client lists, allowing MSPs to scale up or down without hassle.
3. Proactive Security: Automated detection of weak DMARC policies and potential email threats helps MSPs proactively secure their clients' email ecosystems against spoofing and phishing.
4. Efficiency in Operations: Streamlined onboarding processes and domain management tools like tagging and unlimited admin access reduce administrative overhead and improve team collaboration.
5. Enhanced Compliance and Reporting: Comprehensive and clear reporting tools support compliance with regulatory requirements and provide actionable insights for MSPs to deliver value to their clients.

By focusing on these specific aspects, VerifyDMARC aids MSPs and IT teams in not just managing but also optimising email security across extensive and diverse domain portfolios.

While SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) help authenticate the sources and integrity of emails, they alone do not offer any protection against "From" address spoofing, which is a common tactic used in phishing and impersonation attacks:

1. SPF Shortcomings: SPF authenticates the return-path domain (the domain used during the SMTP handshake), not the "From" domain displayed in the email header. Thus, it doesn't prevent malicious actors from spoofing the visible "From" address to deceive recipients.
2. DKIM Shortcomings: DKIM verifies that the content of an email remains unchanged from its original state and it authenticates the domain that signed the email. However, it doesn't validate the "From" domain that the recipient sees, allowing spoofers to misuse a trusted domain's "From" address even if the email is signed correctly under another domain.

DMARC solves these issues by requiring alignment between the "From" domain and the domains validated by SPF and/or DKIM, ensuring that the sender's visible address is legitimate.

It also allows domain owners to enforce policies that dictate how receivers should handle emails that fail these checks, thereby providing a robust defence against email spoofing.

This makes DMARC an essential layer of protection for complete email authentication and security.

Transport Layer Security (TLS) Reporting is a mechanism that allows domain owners to receive feedback on email delivery attempts to their domain, specifically the encryption aspect of these connections.

It's particularly crucial if you use or plan to use advanced email security methods like MTA-STS or DANE to enforce TLS. These methods do not allow fallback to unencrypted transmission therefore can cause delivery issues if not configured correctly. TLS Reporting helps you ensure that legitimate emails are actually being delivered to your domain, rather than being blocked due to security misconfigurations.

In essence, TLS Reporting helps you maintain a balance between strong security and reliable email delivery, providing valuable insights to troubleshoot any issues that arise from implementing stricter email security policies.

No, you don't have to use TLS Reporting. It's an optional feature that you can choose to implement for your domains. Here are some key points to consider:

1. Voluntary implementation: You can decide whether or not to turn on TLS Reporting for your domains.
2. Selective activation: You can activate TLS Reporting for some domains and not others, giving you flexibility in your implementation.
3. DMARC prerequisite: Before setting up TLS Reporting for a domain, you need to have DMARC configured for that domain or subdomain first.
4. No automatic subdomain coverage: Unlike DMARC, which applies policy to subdomains even when the subdomain does not have its own record, a TLS Reporting record needs to be explicitly set up for each domain or subdomain that receives mail.
5. Receiving domains only: TLS Reporting is relevant only for domains that receive email (i.e. have MX records), not for domains used solely for sending.

In summary, while TLS Reporting can provide valuable insights, it's not mandatory. You have control over if and where you implement it, but remember to set up DMARC first and configure it separately for each receiving domain or subdomain.

Yes, you can easily change your subscription plan at any time through the 'Manage Billing' button under Settings, Organisation. This flexibility allows you to adjust your plan based on your evolving needs, whether you require more or less scale.

Stripe, our payment processor, automatically calculates the prorated amount when you change plans. If you are upgrading, a credit from the unused portion of your current plan is applied towards the new plan's cost. If downgrading, your account is credited with the difference for the unused portion.

Any prorated charges or credits are applied immediately.

Note: Credits from downgrading remain in your account to be used against future invoices and are not refundable if you decide to close your account.

Yes, you can switch from a yearly plan to a monthly plan at any time through 'Manage Billing' under Settings, Organisation. When you make this change, Stripe's billing system will handle the proration automatically.

The moment you decide to change your plan, Stripe calculates the unused portion of your yearly plan and issues a credit to your account. It then applies this credit towards the cost of the new monthly plan.

This proration ensures that you are fairly charged when switching plans, without any penalty.

Note: We do not refund or transfer unused credit if you choose to close the organisation account.

If the number of reported emails approaches your plan's monthly limit, we will notify you to help you manage your usage and avoid service disruptions.

• Notifications at 80% and 100% Usage: We will send an alert to the Stripe billing email address associated with your account when your email reports reach 80% of your monthly limit, and again when they reach 100%.
• Processing Stops After Limit Exceeded: If your reported emails exceed your plan's capacity, we will temporarily stop processing incoming DMARC reports until the start of the next calendar month. You will still be able to access all other functionalities.
• Immediate Resumption by Upgrading: To resume report processing immediately, you can upgrade your plan at any time through 'Manage Billing'.

Note: Be sure to upgrade your plan before reaching 100% to avoid a gap in your data. Any remaining term on your plan is credited against your new plan so there is no penalty for upgrading mid-cycle.

VerifyDMARC offers various plans tailored to different needs, from small to larger businesses. All business plans include unlimited admin users and generous domain limits, specifically designed to accommodate the needs of MSPs and digital agencies.

On principle, we dislike feature-gating, so all plans feature premium features like Microsoft 365 Single Sign-on, automatic subdomain detection and API access.

Check plan pricing for DMARC monitoring here, or if you do not see a plan that meets your needs, please contact us for a custom quote.

Choosing a yearly plan not only helps in reducing the administrative overhead of monthly renewals but also offers financial benefits such as two months free compared to monthly billing, making it a cost-effective option for long-term email security management.

To ensure fairness, we allow changing from yearly to monthly plans at any time and provide a prorated credit for any unused portion.

Yes, VerifyDMARC supports the creation of multiple separate organisations under a single billing account. This feature is particularly beneficial for MSPs who may need to manage customer domains and their own internal domains distinctly.

Once multiple organisations are set up, users with access to more than one will see an organisation switcher upon signing in. Each organisation operates on its own billing cycle and is invoiced independently.

If you would like a separate organisation account setup under your single billing email address, please contact us.

VerifyDMARC is designed to streamline and enhance the management of your DMARC needs with a comprehensive suite of features including:

• Comprehensive Dashboard: View all your domains and their email sending activities in one place with automatically highlighted issues.
• DMARC Record Generator: Simplifies the process of setting up DMARC for your domains.
• Proactive Security: Automatically identifies and helps tighten loose DMARC policies.
• Bulk Domain Management: Import/export via API or CSV with built-in deduplication and automatic subdomain detection.
• API & Single Sign-On: Available on all plans for integration, automation, and simplified access.
• Privacy by Design: Your data is exclusively yours; we purge DMARC reports automatically.

Setting up DMARC with VerifyDMARC is straightforward:

1. DMARC Record Generator: Use the DMARC Record Generator in your dashboard to quickly generate a DMARC record for your domain. Policy preferences are pre-populated to align with any existing DMARC policy.
2. DNS Record Update: Add the generated DMARC TXT record to your domain's DNS settings through your DNS provider or registrar.
3. Bulk Domain Import: If you're setting up multiple domains, use bulk import via CSV or API.

For detailed instructions, refer to our Docs.

Privacy by Design means that we incorporate privacy at the initial design stages and throughout the lifecycle of our services. We strongly adhere to the principle of data minimisation, only processing and storing the data required to deliver our service.

At VerifyDMARC, your data is yours alone; we do not share your data with third parties not listed under sub-processors in our Privacy Policy, and automatically purge DMARC reports to protect your privacy.

At VerifyDMARC, we maintain the highest standards of security including:

• Advanced Authentication: JWT-secured API routes, passwordless or Microsoft 365 SSO, and OpenID Connect on the back-end.
• M2M API Security: API keys are viewable only once to prevent unauthorized access.
• Data Encryption: Customer data is encrypted both in transit and at rest.
• Secure Storage: Data stored using AWS and Google Cloud with global security compliance.
• EU Data Residency: DMARC data stored within the European Union, retained only as needed.
• Incident Response: Comprehensive incident response plan for quick and effective breach management.

To ensure the DMARC data you use for decision-making is both authentic and valid, we implement multiple layers of protective measures:

• Enforcing DMARC compliance on incoming reports to verify they originate from the sender they claim to be.
• Verifying the report sender against a list of known, trusted mail receivers.
• Validating the report data against the DMARC XML schema to ensure correct structure and content.

With these rigorous checks, we confidently process 99% of all incoming DMARC reports.

We meticulously select and manage our third-party providers through:

• Rigorous selection process with comprehensive security assessments.
• Shared responsibility model clarifying security roles.
• Regular security assessments and audits.
• Strict contractual data security and privacy clauses.
• Encryption of all data in transit and at rest.
• Incident management and remediation procedures.

For detailed information about our sub-processors, refer to our Privacy Policy.

VerifyDMARC offers streamlined bulk import features designed to simplify and accelerate onboarding:

1. Preparation: Compile a list of domains as a CSV file, or prepare for API submission.
2. CSV Import: Upload your CSV directly through the UI. Our system processes and adds each domain automatically.
3. API Integration: Use our API for programmatic imports — ideal for continuous updates and integrations with PSA/RMM tools.
4. Deduplication: Built-in deduplication lets you re-import your master list anytime without creating duplicates.
5. DNS Setup: Set up DMARC TXT records for each domain using our generator and guidance.

Using bulk import significantly reduces the time required to onboard multiple domains.