DMARC Consulting | Expert Email Authentication Services

Why organizations get stuck

DMARC tools show you data. But data alone does not get you to enforcement.

The monitoring trap

Most organizations publish a DMARC record with p=none and start collecting reports. Months later, they are still at p=none. The reports are hard to read, the sending sources are hard to identify, and nobody wants to be the person who blocked a legitimate email by moving too fast.

The vendor puzzle

A typical organization sends email from 5 to 20 different platforms: marketing automation, CRM, support tickets, billing, HR tools, signature services. Each one needs to be identified, authenticated with SPF or DKIM, and tested before you can enforce your DMARC policy. Miss one, and legitimate email gets rejected.

Compliance deadlines are here

Google and Yahoo now require DMARC for bulk senders. PCI DSS v4.0 mandates DMARC enforcement since March 2025. These are not future requirements. They are active today, and non-compliance means deliverability problems or failed audits.

The cost of getting it wrong

A misconfigured DMARC policy can block customer invoices, password reset emails, or order confirmations. Users notice within hours. Getting the enforcement step right the first time is much cheaper than cleaning up after it goes wrong.

ML

Marc Lelu

Email infrastructure & DMARC expert

I have been building and operating email infrastructure for over 15 years. I graduated from Telecom Paris in 2008, then joined Orange, then co-founded Mailjet, where we went from zero to processing billions of emails a month.

I know what happens on both sides: the sending infrastructure and the receiving policies that protect domains. I have guided organizations from p=none to full enforcement across dozens of domains and hundreds of sending sources.

My clients come from the US, Canada, Australia, Singapore, Brazil, and across Europe. Email authentication problems look the same regardless of timezone, and so does the work to fix them.

Full background

What I help with

DMARC deployment

From p=none to p=reject. Every sending source mapped. Every vendor worked through. Enforcement only when nothing legitimate will bounce.

Email deliverability audit

A full read of your SPF, DKIM, DMARC, MTA-STS, and BIMI records. Written findings with clear recommendations — before something breaks, not after.

Multi-domain strategy

For organizations with dozens or hundreds of domains. Which ones to tackle first, how to handle subdomains, and a rollout sequence that doesn't create more problems than it solves.

Incident response

Your domain is being spoofed or your emails are landing in spam. Fast diagnosis of what broke, and a fix that doesn't create new problems in the process.

Team training

Hands-on workshops for your IT team on email authentication fundamentals. Build internal expertise so you can maintain your setup independently.

Compliance readiness

Google and Yahoo bulk sender rules, PCI DSS v4.0 DMARC mandates, security audits. A concrete plan that gets you compliant on time, not just theoretically on track.

Is this for you?

If any of these sound familiar, this is probably for you.

You have been at p=none for months

You started monitoring but the reports are overwhelming. You need someone to interpret the data and build a path to enforcement.

You manage one critical or even several critical domains and need a strategy

Parent companies, subsidiaries, product brands. You need a prioritized rollout plan, not domain-by-domain firefighting.

You face a compliance deadline

PCI DSS v4.0, Google/Yahoo sender requirements, or a security audit requires DMARC enforcement on a timeline.

Your emails are going to spam or being spoofed

Something broke and you need fast, expert help before it impacts revenue or customer trust.

How it works

1

Free pre-qualification

Describe your situation by email. I'll review your records, figure out the scope, and send back a written quote. No call required, no commitment.

2

Hands-on engagement

Scope agreed, I work directly with your team. Regular calls, shared docs, DNS change instructions your IT team can act on. You see everything, there's no black box.

3

Enforcement achieved

Your domains reach p=reject with all legitimate sources properly authenticated. Your team has the knowledge to maintain it.

Transparent pricing

One rate, no surprises. Pre-qualification and initial assessment are always free.

Consulting rate

$500 / hour

Free initial assessment by email

Detailed scope and quote before any billing

You work directly with Marc, not a junior analyst

15+ years building email infrastructure

Invoiced monthly, pay only for hours used

Get a free assessment

Common questions

: It depends on the number of domains and sending sources. A single domain with a few vendors can reach enforcement in 4 to 6 weeks. A complex organization with dozens of domains and many third-party senders typically takes 3 to 6 months. I will give you a realistic timeline during the free assessment.
: No. I can work with any DMARC monitoring tool you already use, or help you set one up. DMARCTrust is one option, but consulting is tool-agnostic. The focus is on getting your authentication right, regardless of the platform.
: I will review your current DMARC, SPF, and DKIM records, look at your domain structure, and give you an honest overview of what needs to happen. You will receive a written summary with a scope estimate and a quote. There is no obligation to proceed.
: Yes. Most engagements involve regular calls with your IT or security team. I give your team clear instructions for DNS changes and vendor configurations. The goal is to get you to enforcement, not to make you dependent on me long-term.
: That works too. A one-time email authentication audit typically takes 2 to 4 hours depending on the number of domains. You will receive a detailed report with findings, risks, and recommended actions.

Tell me about your situation

Describe your email setup and what you are trying to achieve. I will review it and get back to you with an honest assessment, free of charge.

Get DMARC right the first time