What is a DMARC tool?

A DMARC tool collects the aggregate reports that mail providers send to your domain and turns the raw XML into something you can read. DMARCTrust gives you a dedicated reporting address, receives reports from Microsoft 365, Gmail, Yahoo, and other major providers, and parses them into charts, source lists, and DNS alerts so you can see who sends as your domain and move safely to p=reject.

Does Microsoft 365 have a DMARC analyzer?

No. Microsoft 365 lets you publish a DMARC record and validates inbound mail against it, but it does not parse the aggregate reports it asks other providers to send. That is the gap DMARCTrust fills. You set the record in Microsoft 365, paste our reporting address into the rua tag, and we read and decode the reports Microsoft 365 does not.

How much does DMARC software cost?

DMARCTrust is free for 1 domain with 50 detailed aggregate reports per month and 7-day retention. Starter is $19 per month for 2 domains, unlimited reports, 90-day retention, forensics, DNS alerts, source insights, TLS-RPT, and API access. Pro is $49 per month for 5 domains, 180-day retention, SPF Optimizer, and hosted MTA-STS. Extra domains are $15 per month each. Billing works in USD, EUR, GBP, CAD, and AUD.

How fast are reports parsed?

Within minutes of receipt. Providers send DMARC aggregate reports on their own schedule, usually once a day, and as soon as a report arrives at your dedicated address we decode it and update your dashboard. We also re-check your DMARC, SPF, and BIMI records every 5 minutes and alert you when one changes.

Do you need access to my mailbox?

No. You get a dedicated reporting address that points only at our parser, and you paste it into your DMARC record's rua tag. Providers send their reports there. We never connect to, read, or touch your own mailbox.

Does this work for providers other than Office 365?

Yes. DMARC is provider-agnostic, so DMARCTrust works the same whether your mail runs on Microsoft 365, Office 365, Google Workspace, or any other host. One account can monitor domains across different providers at once, because we read the reports rather than connecting to your mail platform.

DMARC software

DMARC software for teams that ship email.

DMARCTrust is DMARC software that reads the aggregate reports Microsoft 365, Gmail, and other major providers send you. Get a dedicated reporting address, paste it into your DMARC record, and we turn those reports into a dashboard you can act on. Free for 1 domain.

Start free See pricing

No credit card
Live in under a minute
We never touch your mailbox
Built by ex-Mailjet engineers

DMARC software dashboard showing sending sources, SPF and DKIM alignment, and authentication failures

Built by Florian Le Goff & Marc Lelu, ex-Mailjet deliverability engineers. Last updated June 3, 2026.

How the DMARC software works

It takes three steps and no access to your inbox. You keep control of your DNS and your mail; we just read the reports your providers already send.

Get your reporting address

Sign up and we generate a dedicated rua address like [email protected]. It is yours alone and points only at our parser, never at your mailbox.

Paste it into your DMARC record

Add the address to the rua tag of your domain's _dmarc TXT record. That tells every mail provider where to send daily aggregate reports.

We parse the XML for you

Microsoft 365, Gmail, Yahoo, and others send compressed XML within a day. We receive and parse it within minutes, then turn it into charts, source lists, and alerts.

See every source sending as your domain

Raw DMARC reports are rows of source IPs and pass/fail codes. This DMARC software groups them by sender, resolves the provider, and shows SPF and DKIM alignment for each one. That is how you catch a spoofer, or the SaaS tool a colleague signed up for last year, and fix the alignment before you tighten your policy.

DMARC software dashboard listing sending sources by IP with SPF and DKIM alignment percentages

Chart of daily SPF and DKIM alignment trends produced by DMARCTrust

Track alignment until you can enforce

Moving from p=none to p=reject is a judgment call. DMARCTrust charts your daily SPF and DKIM alignment over time so you can watch pass rates climb and confirm every legitimate sender is authenticated before you switch your policy to reject.

DMARC software for Office 365 and any mail host

Microsoft 365 sets up the DMARC record. It does not parse the aggregate reports it asks other providers to send. That gap is where DMARCTrust fits. We are the DMARC software for Office 365 that reads the reports Microsoft can't, and the same setup works for Google Workspace or any host because DMARC is provider-agnostic.

You set the record in Microsoft 365

Follow Microsoft's guide to publish a DMARC record with our rua address. Microsoft validates inbound mail and asks reporters to send results to you.

We read the reports Microsoft can't

Microsoft 365 has no built-in report parser. Paste your DMARCTrust address into the rua tag and we collect and decode the XML automatically.

Same tool for every provider

Run Office 365 and Google Workspace on different domains? One DMARCTrust account reads reports from all of them. Nothing is tied to your mail host.

More than basic reporting

DMARC software should do more than dump the XML on screen. Paid plans add the depth deliverability teams want.

Aggregate (RUA) and forensic (RUF) report parsing with full message-level detail.
Source insights that resolve each sending IP to a provider and show its alignment.
DNS record monitoring every 5 minutes for DMARC, SPF, and BIMI, with change alerts.

Catch transport failures with TLS-RPT

TLS-RPT reports tell you when a sending server could not establish encrypted delivery to your domain. This DMARC software ingests these reports and lays out the failures by policy, so a misconfigured MTA-STS or expired certificate surfaces before it degrades your mail.

TLS-RPT transport encryption report in the DMARCTrust dashboard

DNS change history with timestamps in DMARCTrust

DNS change history and alerts

We check your DMARC, SPF, and BIMI records every 5 minutes and keep a timestamped history. When a record changes, you get an alert, so a teammate editing DNS or a registrar glitch never breaks your authentication without warning.

Why this is the best DMARC software for focused teams

DMARCTrust does the reporting job well and prices it in plain numbers. Our first reviewer on G2 scored it 5.0 out of 5. Here is how it differs from the all-in-one suites.

Transparent pricing

Free, $19 Starter, $49 Pro, extra domains $15 each. The numbers are on the page, not behind a sales call. Billing in USD, EUR, GBP, CAD, or AUD.

Set up in minutes

Get a reporting address, paste one DNS tag, and reports start flowing. There is no mailbox to connect and nothing to install.

We never touch your mailbox

Your dedicated rua address points only at our parser. We read the DMARC reports providers send. We never read your email.

Built by people who scaled email

DMARCTrust is built by Florian Le Goff and Marc Lelu, ex-Mailjet engineers who helped scale Mailjet to billions of emails.

Verify your own sending with Inbox Inspector

DMARC reports show how the world authenticates your domain. Inbox Inspector checks how individual mailbox providers judge a specific campaign you send, with per-ESP SPF, DKIM, and DMARC verdicts. You can confirm a new sending setup passes everywhere before you press send to your list.

Inbox Inspector showing per-ESP SPF, DKIM, and DMARC verdicts

DMARCTrust co-founder Marc Lelu with email infrastructure servers

Built by deliverability engineers

DMARCTrust comes from Florian Le Goff and Marc Lelu, ex-Mailjet engineers who helped scale Mailjet to billions of emails. We built the DMARC software we wanted back when we ran sending infrastructure ourselves: it parses your reports within minutes and never needs access to your inbox. Billing works in USD, EUR, GBP, CAD, and AUD.

Works alongside

Analyze a single DMARC report

Have one XML aggregate report in hand? Open it in our free DMARC report analyzer to read it instantly, with no signup required.

Host your MTA-STS policy

Add SMTP TLS enforcement without running a web server. Pro plans host your MTA-STS policy with Receiver Shield.

Check verdicts with Inbox Inspector

See how each mailbox provider scores your SPF, DKIM, and DMARC on a real campaign before you send.

What is a DMARC tool?: A DMARC tool collects the aggregate reports that mail providers send to your domain and turns the raw XML into something you can read. DMARCTrust gives you a dedicated reporting address, receives reports from Microsoft 365, Gmail, Yahoo, and other major providers, and parses them into charts, source lists, and DNS alerts so you can see who sends as your domain and move safely to p=reject.
Does Microsoft 365 have a DMARC analyzer?: No. Microsoft 365 lets you publish a DMARC record and validates inbound mail against it, but it does not parse the aggregate reports it asks other providers to send. That is the gap DMARCTrust fills. You set the record in Microsoft 365, paste our reporting address into the rua tag, and we read and decode the reports Microsoft 365 does not.
How much does DMARC software cost?: DMARCTrust is free for 1 domain with 50 detailed aggregate reports per month and 7-day retention. Starter is $19 per month for 2 domains, unlimited reports, 90-day retention, forensics, DNS alerts, source insights, TLS-RPT, and API access. Pro is $49 per month for 5 domains, 180-day retention, SPF Optimizer, and hosted MTA-STS. Extra domains are $15 per month each. Billing works in USD, EUR, GBP, CAD, and AUD.
How fast are reports parsed?: Within minutes of receipt. Providers send DMARC aggregate reports on their own schedule, usually once a day, and as soon as a report arrives at your dedicated address we decode it and update your dashboard. We also re-check your DMARC, SPF, and BIMI records every 5 minutes and alert you when one changes.
Do you need access to my mailbox?: No. You get a dedicated reporting address that points only at our parser, and you paste it into your DMARC record's rua tag. Providers send their reports there. We never connect to, read, or touch your own mailbox.
Does this work for providers other than Office 365?: Yes. DMARC is provider-agnostic, so DMARCTrust works the same whether your mail runs on Microsoft 365, Office 365, Google Workspace, or any other host. One account can monitor domains across different providers at once, because we read the reports rather than connecting to your mail platform.

Start reading your DMARC reports today

Get your dedicated reporting address in under a minute, paste it into your DMARC record, and watch the reports Microsoft 365 and Gmail send you turn into something you can act on. Free for 1 domain, no credit card.