Open Source Self-Hostable Go + Vue 3

Email Authentication.
Open Source. Done Right.

One 14MB binary. Full DMARC, SPF, DKIM, BIMI, MTA-STS, TLS-RPT & ARC stack. Self-host or use our cloud. Deploy in 60 seconds.

Open-source core trusted by 80+ developers on GitHub

Google Workspace Microsoft 365 AWS SES Cloudflare SendGrid

Email's Authentication Crisis

84% of domains have no DMARC record at all
70% of DMARC implementations stall at p=none
$4.88M average cost of a data breach in 2024

Google, Microsoft, and Yahoo now reject unauthenticated email from bulk senders. PCI DSS 4.0 made DMARC mandatory in March 2025. NIS2 carries penalties up to €10M. Your domain is either compliant, or it's a liability.

One Platform. Every Protocol.

All protocols included at every tier. No upsells.

DMARC

Domain policy & aggregate reporting

RFC 7489

SPF

Sender IP authorization

RFC 7208

DKIM

Cryptographic message signing

RFC 6376

BIMI

Brand logo in inbox

RFC draft

MTA-STS

TLS enforcement for SMTP

RFC 8461

TLS-RPT

TLS failure reporting

RFC 8460

ARC

Forwarding chain authentication

RFC 8617

Built for Every Team

Whether you're a developer, IT admin, or compliance officer — DMARCguard speaks your language.

Single Binary, Zero Dependencies

14MB Go binary with embedded SQLite. No Docker compose, no Kubernetes, no Postgres. Deploy in 60 seconds.

API-First Design

Full REST API with webhook integrations. Automate domain monitoring, report ingestion, and alert routing.

MCP Server Built In

17 Model Context Protocol tools for AI-native workflows. Query compliance scores, generate DNS records, analyze trends.

Self-Host Anywhere

Run on bare metal, VMs, or containers. Your infrastructure, your data, your control. MIT licensed.

From Zero to Enforcement in Three Steps

1

Discover

Scan your domain. See every sender, every authentication gap, every vulnerability.

2

Configure

AI generates your DNS records. Copy-paste or use our API. We verify propagation.

3

Enforce

Move to p=reject with confidence. Real-time monitoring catches issues before they impact delivery.

Open Source Because Security Demands Transparency

Inspect every line of code. Self-host on your infrastructure. No vendor lock-in.

Self-Hosted

Free forever
  • Full protocol stack
  • Your infrastructure
  • Community support
  • MIT licensed
View on GitHub

What Makes DMARCguard Different

Feature DMARCguard EasyDMARC PowerDMARC dmarcian Valimail
Open-source core
Self-hostable
ARC chain analysis
All features every tier
Single binary deploy
AI remediation engine Limited Limited
Full protocol stack Partial Partial Partial Split
Transparent pricing

Transparent Pricing. Every Feature Included.

No credit card required. No feature gates. No surprises.

Community

Free

forever

  • Self-hosted
  • 1 domain
  • Full protocol stack
  • Community support
Self-Host

Enterprise

Custom

volume pricing

  • SSO / SAML
  • Unlimited domains
  • SLA & priority support
  • Compliance reporting
Contact Us

Built for the Compliance Era

PCI DSS 4.0 Req 5.4.1
NIS2 EU Directive
Google Bulk Sender Rules
Microsoft Outlook Requirements
Yahoo Sender Guidelines

RFC 7489 · RFC 7208 · RFC 6376 · RFC 8461 · RFC 8460 · RFC 8617 — every parser validated against specification.

Your domain is either protected,
or it's a target.