Why monitor DMARC if it's already published?

Publishing is configuration; monitoring is control. Audits and new requirements expect continuous evidence, not just the DNS record.

Do you deliver auditor-ready reports?

Yes. Monthly per-domain PDF with timeline, sources, and disposition — ready to attach to SOC 2 / ISO 27001 / LGPD evidence.

Does it work for multiple clients (MSP)?

Yes, on the MSP plan. Multi-tenant, white-label, per-client billing.

How long until reports start flowing?

After pointing the RUA record, reports typically arrive within 24h from major providers (Google, Yahoo, Microsoft).

DMARC monitoring

DMARC, done before the auditor asks.

Forwarded mail forensics, automatic source classification, monthly auditor-ready PDFs. Built by a Head of Security at a regulated fintech.

Get started Run a free check

v=DMARC1

v=DMARC1; p=quarantine; rua=mailto:reports@your.tld; pct=100; aspf=s; adkim=s

We collect RUA reports and classify each source by SPF/DKIM/disposition.
We recommend the next policy (none → quarantine → reject) from data.
Monthly PDF ready for SOC 2 / ISO 27001 / LGPD evidence.

Why DMARC is no longer optional.

Google and Yahoo's October 2023 sender requirements push every brand toward enforced DMARC. PCI DSS 4.0 (March 2025) makes DMARC alignment expected for cardholder-data domains. Most SMBs deploy DMARC, then never look at the reports — until the day they need them.

Oct 2023

Google + Yahoo bulk-sender requirements

Senders >5k msgs/day to Gmail/Yahoo must align SPF, DKIM, and DMARC with p=none minimum.
Mar 2025

PCI DSS 4.0 §12.5.3

Domains touching cardholder data must publish DMARC and monitor enforcement.
Ongoing

LGPD / SOC 2 / ISO 27001

Audits expect monthly monitoring evidence, not just published configuration.

How Atalaia solves it.

01

Ingest

Point each domain's RUA to {tenant}@reports.atalaia.observer.
02

Aggregate

A dedicated parser classifies every source by SPF, DKIM, and disposition.
03

Monitor

Timeline, top sources, alerts when DNS changes or alignment drops.
04

Recommend

Policy ramp guidance (none → quarantine → reject) backed by data, not opinion.
05

Prove

Monthly exec summary and audit-ready PDF generated automatically.

Free DMARC checker

Check SPF, DKIM, and DMARC for any domain. No login. No tracking. Indexable, shareable.

Pricing

Transparent. No "talk to sales" on Starter or Pro. Cancel any time.

Free

1 domain
Public checker
7-day aggregate

Run a free check

Starter

$19/mo

1 domain
DMARC + SSL + WHOIS
1 status page

Get started

Pro

$79/mo

5 domains
+ headers + subdomain + cron
+ cookie/LGPD

Get started

Business

$199/mo

25 domains
+ DNS drift + takeover
+ compliance reports + API + SSO

Get started

MSP

$299/mo + $5/domain

Unlimited multi-tenant
White-label
Per-client billing

Get started

Comparison

Feature	Atalaia	dmarcian	EasyDMARC
Entry paid plan	$19/mo	$19/mo	$39.99/mo
Public free tier (1 domain)	Yes	Yes	Yes
Multi-tenant / MSP white-label	From $299/mo	MSP plan, custom	MSP plan, custom
SOC 2 / ISO 27001 audit pack	Included on Business	Not advertised	Not advertised
PT-BR content / BR-LGPD support	Yes	No	Partial
Open source / self-host	No	No	No

Factual table from public competitor pricing pages, May 2026. Prices and features change — always verify against official sources.

FAQ

Why monitor DMARC if it's already published?: Publishing is configuration; monitoring is control. Audits and new requirements expect continuous evidence, not just the DNS record.
Do you deliver auditor-ready reports?: Yes. Monthly per-domain PDF with timeline, sources, and disposition — ready to attach to SOC 2 / ISO 27001 / LGPD evidence.
Does it work for multiple clients (MSP)?: Yes, on the MSP plan. Multi-tenant, white-label, per-client billing.
How long until reports start flowing?: After pointing the RUA record, reports typically arrive within 24h from major providers (Google, Yahoo, Microsoft).