Email Authentication.
Open Source. Done Right.
One 14MB binary. Full DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT & ARC stack. Self-host or use our cloud. Deploy in 60 seconds.
Email's Authentication Crisis
Google, Microsoft, and Yahoo now reject unauthenticated email from bulk senders. PCI DSS 4.0 made DMARC mandatory in March 2025. NIS2 carries penalties up to €10M. Your domain is either compliant, or it's a liability.
One Platform. Every Protocol.
All protocols included at every tier. No upsells.
DMARC
Domain policy & aggregate reporting
RFC 7489SPF
Sender IP authorization
RFC 7208DKIM
Cryptographic message signing
RFC 6376BIMI
Brand logo in inbox
RFC draftMTA-STS
TLS enforcement for SMTP
RFC 8461TLS-RPT
TLS failure reporting
RFC 8460ARC
Forwarding chain authentication
RFC 8617Built for Every Team
Whether you're a developer, IT admin, or compliance officer — DMARCguard speaks your language.
Single Binary, Zero Dependencies
14MB Go binary with embedded SQLite. No Docker compose, no Kubernetes, no Postgres. Deploy in 60 seconds.
API-First Design
Full REST API with webhook integrations. Automate domain monitoring, report ingestion, and alert routing.
MCP Server Built In
17 Model Context Protocol tools for AI-native workflows. Query compliance scores, generate DNS records, analyze trends.
Self-Host Anywhere
Run on bare metal, VMs, or containers. Your infrastructure, your data, your control. MIT licensed.
From Zero to Enforcement in Three Steps
Discover
Scan your domain. See every sender, every authentication gap, every vulnerability.
Configure
AI generates your DNS records. Copy-paste or use our API. We verify propagation.
Enforce
Move to p=reject with confidence. Real-time monitoring catches issues before they impact delivery.
Open Source Because Security Demands Transparency
Inspect every line of code. Self-host on your infrastructure. No vendor lock-in.
Self-Hosted
Free forever- Full protocol stack
- Your infrastructure
- Community support
- MIT licensed
Cloud
Managed hosting- Everything in Self-Hosted
- Automatic updates
- 99.9% uptime SLA
- Priority support
What Makes DMARCguard Different
| Feature | DMARCguard | EasyDMARC | PowerDMARC | dmarcian | Valimail |
|---|---|---|---|---|---|
| Open-source core | ✓ | ✗ | ✗ | ✗ | ✗ |
| Self-hostable | ✓ | ✗ | ✗ | ✗ | ✗ |
| ARC chain analysis | ✓ | ✗ | ✗ | ✗ | ✗ |
| All features every tier | ✓ | ✗ | ✗ | ✗ | ✗ |
| Single binary deploy | ✓ | ✗ | ✗ | ✗ | ✗ |
| AI remediation engine | ✓ | Limited | Limited | ✗ | ✗ |
| Full protocol stack | ✓ | Partial | Partial | Partial | Split |
| Transparent pricing | ✓ | ✓ | ✓ | ✗ | ✗ |
Free Email Security Tools
Validate your records in seconds. No signup required.
DMARC Record Checker
Validate your DMARC policy, check tag syntax, and get actionable recommendations to improve email authentication.
→SPF Record Checker
Analyze your SPF record for syntax errors, DNS lookup limits, and flattening opportunities.
→BIMI Record Checker
Verify your BIMI DNS record and SVG logo compliance for inbox brand display.
→DKIM Record Checker
Look up DKIM public keys by selector, verify key sizes against RFC 8301, and detect algorithm issues.
→MTA-STS Checker
Validate your MTA-STS policy file and DNS record to enforce TLS encryption on inbound mail.
→TLS-RPT Checker
Validate your SMTP TLS Reporting record, check report destinations, and verify MTA-STS integration.
→Transparent Pricing. Every Feature Included.
No credit card required. No feature gates. No surprises.
Starter
per domain
- Cloud-hosted
- Up to 10 domains
- Email support
- All features included
Enterprise
volume pricing
- SSO / SAML
- Unlimited domains
- SLA & priority support
- Compliance reporting
Built for the Compliance Era
RFC 7489 · RFC 7208 · RFC 6376 · RFC 8461 · RFC 8460 · RFC 8617 — every parser validated against specification.