Practical notes from the people who built DMARC Guardian. Real failure modes from real reports — written for the operator on call at 22:47, not the analyst writing a whitepaper. No fluff, no RFCs cited unless they actually help.
Your DMARC reports show authentication failures from IPs you don't recognize sending to recipients you don't expect. Before you panic, check this — forwarding is the most common source of scary-looking-but-benign rows in aggregate reports.
Your DMARC reports show authentication failures from IPs you don't recognize sending to recipients you don't expect. Before you panic, check this — forwarding is the most common source of scary-looking-but-benign rows in aggregate reports.
Your emails to outlook.com and hotmail.com users are bouncing with 550 5.7.515. Here is who this actually affects, who it does not, and the exact steps to stop the rejections.
Your emails to Gmail users are bouncing with 550 5.7.26 and customers aren't hearing from you. Here is what changed, why it's happening to you right now, and the exact commands to find and fix the problem.
You're reading aggregate reports and see permerror or temperror in the SPF results. One of them is a fire alarm. The other is a blip. Here's how to tell them apart and what to do about each.
You added SendGrid or Amazon SES, SPF is passing, but DMARC reports still show failures. This is the alignment problem — and it's not a bug in your SPF record. Here's what's actually happening and how to fix it.
One stale vendor DMARC record — left from a decommissioned integration — is all it takes: a subdomain-specific p=none silently overrides your root p=reject and inheritance never kicks in. Here is what actually leaves you exposed and why adding sp=reject takes five minutes.
How aggregate (RUA) reports differ from forensic (RUF) data and what operators should focus on first.
You configured DKIM once and it's been "working" ever since. But DKIM private keys age out, leak, and get compromised — and most teams have no rotation process in place. Here's what the risk looks like and how to fix it before it matters.
Your SPF record hit the 10-lookup limit and now DMARC reports show permerror for a growing chunk of your mail. Here is exactly what happened and how to fix it without breaking the senders you already have.
A step-by-step guide for DevOps engineers and solo admins who set up DMARC monitoring months ago and still haven't enforced it — and why that matters.
Notes on email authentication, deliverability, and how we ship DMARC Guardian.
A plain-English walkthrough for non-technical founders whose customer emails disappear into spam folders. No acronyms until explained.
A practical checklist for DevOps engineers and solo admins who need email authentication done right without drowning in RFC specs.
If your onboarding emails, password resets, or invoices keep hitting spam folders, SPF, DKIM, and DMARC misconfiguration is the likely cause. Here's how to diagnose and fix it without reading an RFC.
Type your domain. We will tell you — in plain English — whether anyone can forge a fake invoice from it today. 15 seconds. No signup, no card.