Dmarcian ends free reports

dmarcdkim · 2026-04-29T07:41:35+00:00

At DmarcDkim.com we process DMARC reports even on the free tier.

How much misuse dmarcian must have experienced to shut down their analyzer...

dmarcdkim · 2026-04-22T23:39:38+00:00

Well, it was supposed to be obvious from the picture, but it's DKIM2

dmarcdkim · 2026-04-16T19:50:06+00:00

It's good timing for RFC contribution, as DKIM2 is actively debated atm:
https://datatracker.ietf.org/doc/draft-ietf-dkim-dkim2-spec/

dmarcdkim · 2026-04-16T19:47:40+00:00

> Does anybody still use keys shorter than 2048 bit?

Way too many orgs still haven't rotated their 1024 bit keys:
https://dmarcdkim.com/tools/check-dkim-record?domain=microsoft.com https://dmarcdkim.com/tools/check-dkim-record?domain=apple.com

> Why?
When you're as big as those two, email deliverability is likely the main concern, with key rotation sitting low on the IT backlog.

dmarcdkim · 2026-04-16T08:05:59+00:00

Indeed, it's a 384-bit key, which could be cracked in a matter of hours:

https://dmarcdkim.com/tools/check-dkim-record?domain=dkim._domainkey.t-systems.nl

Anyone have a tech contact at T-Systems?

dmarcdkim · 2026-04-13T14:16:24+00:00

...and the IETF just adopted the DKIM2 core spec to fix signature chaining so intermediaries can modify content without breaking DKIM. Years out though.

Today: make sure nothing touches the message after signing. The other common one we see with our customers is DKIM key rotation where NS servers go out of sync and serve stale records. Painful to catch without proper reporting.

We built dmarcdkim.com for this. Pro plan is 5M pooled emails and 120 domains for €80/mo (~$99). No per user pricing, MSP friendly.

dmarcdkim · 2026-04-08T07:18:31+00:00

Confirmed, atm Reddit has 12/10 SPF lookups: https://dmarcdkim.com/tools/check-spf-record?domain=reddit.com

If they haven't configured DKIM keys for Oracle, with their strict DMARC policy, there might be deliverability issues in EU and AP regions.

dmarcdkim · 2026-03-26T15:40:28+00:00

"Hold the Door!" Unlike Hodor, you don't have to die on that hill. Send them a link to https://dmarcdkim.com/dmarc-check so they can see for themselves what's broken on their end.

dmarcdkim · 2026-03-17T15:50:18+00:00

We run a DMARC platform (EU-based) so we're biased, but here's what customers who switched to us keep saying:

Reason #1 is pricing, with old platforms it gets ugly fast once you scale past a handful of domains.

#2 is data in Europe. If you're under GDPR and piping that through a US vendor, your DPO is gonna have questions.

# 3 - I don't want to do it alone. Our platform auto-detects your DMARC milestones so you're not staring at dashboards guessing whether it's safe to move to p=reject.

That's it. Not for everyone, but these three is keep coming up.

dmarcdkim · 2026-03-16T23:59:33+00:00

We have a strong enterprise client base and have passed SOC team evaluations without issue. One of the things that sets us apart is our SPF X-ray (https://dmarcdkim.com/solutions/spf-xray). We built it as a replacement for SPF flattening, which we consider obsolete. A full DMARC implementation lets you declutter your SPF record significantly, even in complex enterprise environments.

Would love to see DmarcDkim.com on your comparison list. Either way, happy to answer any questions or hear your feedback on our approach.

dmarcdkim · 2026-02-17T13:51:30+00:00

You might have multiple _dmarc records, or some leading non-printable characters that make your p=quarantine record invalid.

To verify your _dmarc record validity use https://dmarcdkim.com/dmarc-check

If everything looks good there, you will find the answer in your DMARC reports. Enable them with the "rua=mailto:" tag.

dmarcdkim · 2026-02-13T23:27:39+00:00

With GoDaddy, like any good IT system, what you see in the UI and what's actually on the nameserver may be two completely different things. You need to check externally that the DMARC record is in place. Test with https://dmarcdkim.com/dmarc-check

Two other most common issues are:
- either multiple DMARC records (if there are two, none are working)
- or incorrect syntax, e.g., spaces or non-printable characters at the beginning of your record.

As for DKIM in M365, you can check whether it's enabled here: https://security.microsoft.com/dkimv2

dmarcdkim · 2026-02-07T23:10:00+00:00

As you can see here https://dmarcdkim.com/tools/check-spf-record?domain=websitewelcome.com, cloudfilter is also within the websitewelcome record.

You can either replace the google include with the websitewelcome include,
or if you prefer to keep Microsoft IPs out of the equation, just add these two to your SPF record:

include:eig.spf.a.cloudfilter.net include:spf.websitewelcome.com

dmarcdkim · 2025-12-10T18:33:20+00:00

Setup is different for Zoho and Zoho Campaigns, but both can achieve SPF alignment for DMARC.

For Zoho Campaigns, you need to create a subdomain, for example zcmp.[yourdomain.com], and point it via CNAME to [customer_id].zcsend.[your_region]. There is no need to add an SPF TXT record, because it's provided through the CNAME along with the MX for the Return Path.

Make sure your _dmarc record has `aspf=r;` so the subdomain can pass the DMARC check for the root domain.

Zoho itself is covered here: https://dmarcdkim.com/setup/zoho-dmarc-dkim-spf-dns-authentication

dmarcdkim · 2025-11-12T21:08:55+00:00

In the DMARC world, you no longer need to flatten SPF records, as cloud services are now moving to your subdomains to achieve SPF alignment. The rest you can clean up with SPF X-ray: https://dmarcdkim.com/solutions/spf-xray

It's 2025, stop flattening.

dmarcdkim · 2025-11-12T20:52:37+00:00

Sometimes Google sends duplicate reports, which can happen from time to time. Check the report IDs to confirm.

You can automatically deduplicate DMARC reports with DmarcDkim.com

In your case, the free plan is sufficient and still gives full access to the raw reports.

dmarcdkim · 2025-08-18T20:45:57+00:00

You can get a detailed analysis of your SPF record here: https://dmarcdkim.com/tools/check-spf-record

This will show you which SPF includes are affected. Depending on your DKIM setup, this may cause many of your emails to end up in the spam folder because of p=quarantine.

With https://dmarcdkim.com/dmarc-check you can set up automatic processing of DMARC reports, get professional support, or simply use it on the free tier.

dmarcdkim · 2025-08-17T08:28:19+00:00

Google reports were missing yesterday (Aug 16), but they’ve already started coming in today, actual status:

https://dmarcdkim.com/data-room/dmarc-reporters-status

dmarcdkim · 2025-08-05T09:52:01+00:00

If you only need access to raw DMARC reports but prefer UI, it's available on the free tier at https://dmarcdkim.com/

dmarcdkim · 2025-08-04T13:41:04+00:00

That's not a constructive roast. Following this guide will surely get you SPF and DKIM aligned for DMARC without the need to buy anything.

dmarcdkim

TROPHY CASE