Invoice fraud · domain spoofing

A scammer can email your customer a fake invoice from your domain right now.

Your customer pays the scammer's bank account. You only find out when they ask why their order never shipped. DMARC Guardian locks down your domain, tells you who is forging it, and pages you the moment a DNS change breaks your protection — before the next invoice goes out.

Stop the impostors — start 90-day trial → Is my domain already being forged? →

Find out in 15 seconds — no signup, no card →

Free domain check

Is your domain being forged right now?

No signup. Takes 15 seconds.

Every way a forger takes money through your domain — and how we stop it.

Google, Microsoft, and Yahoo already tell you who is impersonating you — in unreadable XML no one opens. We turn those reports into a dashboard that names the forger, the break, and the fix, before the next fake invoice goes out.

free tool

Find out if anyone is forging you — in 15 seconds

Type your domain. We tell you — in plain English — whether a scammer could send a fake invoice from it right now. No signup, no card.

automatic ingestion

See who is sending invoices as you

Every provider your domain talks to reports back on who is pretending to be you. We turn those reports into a list of senders — before one of their fakes hits a customer.

real-time checks

Catch the DNS break that quietly lets spoofers in

One bad copy-paste by your provider and your protections go dark. We keep live DNS under watch and page you the moment a record drifts out of policy.

historical data

Spot the day your legitimate mail stops being trusted

When your real emails start landing in spam, minutes matter. We track pass/fail over time per sender so you catch a broken key before your reset emails stop working.

email + webhook

Get paged the moment your domain starts getting forged

Email and webhook alerts fire the instant a forged message is detected or DMARC enforcement slips. Daily digests so nothing rots in a queue for a week.

team-ready

Keep the ops team out of each other's domains

Multi-org with role-based access. Admins manage their own domain without ever seeing someone else's reports — because "we share a login" is how incidents happen.

Close the hole before the next invoice goes out.

Five minutes, one DNS record. No agents, no firewall rules, no SDK.

01

Paste one line into your DNS

This single TXT record tells every mail provider on earth to report forgeries to us — and to quarantine the obvious ones immediately.

_dmarc.your.domain TXT
"v=DMARC1; p=quarantine;
 rua=mailto:dmarc@dmarc-guardian.com"

02

We see the forgers within 24h

Gmail, Microsoft, and Yahoo start sending us reports of everyone trying to send as you. No action needed on your side — we handle the inbox, the parsing, the cleanup.

03

You get a name, a break, and a fix

When something goes wrong we tell you who did it, which record broke, and the exact line to change. No learn-DMARC-first detour.

What's included — and what isn't

Included

  • DMARC aggregate report parsing
  • SPF flattening + DKIM verification
  • DMARC alignment tracking
  • Real-time alerts (email + webhook)
  • Multi-domain, multi-org, RBAC
  • EU-hosted, GDPR-compliant
  • Unlimited team members

Not included

  • White-label client reports — On our roadmap for Q3 2026
  • BIMI management — Cosmetic feature, not authentication
  • Phone support — Small team. Email within 24h guaranteed.
  • SSO / SAML — SAML 2.0 for Okta & Entra ID — org admin pastes IdP metadata

Simple pricing

Find out who is forging your domain today. 90-day free trial. No credit card.

See pricing →

EU

Data hosted in Europe

GDPR

Fully compliant

90d

Historical reports

24h

Support response