Back to Agents

DMARC+ Agent

Implements and manages email authentication protocols to prevent spoofing and protect your domain reputation.

DNS Providers (Cloudflare, AWS, GoDaddy)Google WorkspaceOffice 365Postmark

Hire this Agent

Created By
HHunto AI
Last UpdateLast update a month ago
CategoryBrand
Share

DMARC Record

v=DMARC1; p=none; rua=mailto:[email protected]
Observation Mode - No Enforcement
Collecting Data...
Monitoring email authentication

Observation Mode

Publishing p=none policy to collect authentication data

Mailchimp
198.2.128.1
pass
Volume: high
SendGrid
167.89.0.1
pass
Volume: medium
Office 365
40.92.0.1
pass
Volume: high
Unknown
185.234.219.1
fail
Volume: low

Sender Mapping

Identifying all services sending email on your behalf

SPF Record
v=spf1 include:_spf.google.com ~all
DKIM Signature
selector._domainkey.example.com
Authentication Rate98%

Configuration

Setting up SPF and DKIM for legitimate senders

Observation
p=none
Quarantine
p=quarantine
Full Protection
p=reject
Active
100% Protection Active
All spoofing attempts blocked

Enforcement

Upgrading policy to p=reject for full protection

Email Health

Delivery Rate99.8%
↑ 2.3% improvement
Spoofing Blocked1,247
This month
BIMI Ready
Logo verified in inboxes

Monitoring & BIMI

Continuous monitoring with verified logo display

Live Workflow

Description

The DMARC+ Agent simplifies the complex journey to email authentication enforcement (p=reject). Email spoofing is a primary vector for attacks, and configuring SPF, DKIM, and DMARC correctly is notoriously difficult for large organizations. This agent ingests DMARC XML reports from receivers globally, visualizes your email ecosystem, and helps you identify legitimate senders vs. unauthorized spoofers. It automates the analysis required to safely move your policy to "reject" without blocking critical business communications.

How it works?

The agent sets up a dedicated reporting address to receive daily DMARC aggregate reports. It parses these XML files to map out every IP address sending email on your behalf. Using threat intelligence, it automatically classifies services (e.g., classifying an IP as "Mailchimp" or "Salesforce"). It highlights authentication gaps—where SPF or DKIM is failing—and provides copy-paste DNS record updates to fix them. Once all legitimate sources are authenticated, it guides you to switch your DMARC policy to "Quarantine" and finally "Reject."

Key Features

  • sender Intelligence: Automatic identification of email vendors (SendGrid, HubSpot, etc.) from IP addresses.
  • Configuration Wizards: Step-by-step guides to configuring DKIM/SPF for 100+ common services.
  • Alerting: Notifications when authentication rates drop or when a new, unauthorized high-volume sender appears.
  • BIMI Readiness: Helps you reach the standards required to display your verified logo in customer inboxes (BIMI).
  • Forensic Analysis: Limited analysis of failure reports to understand specific spoofing tactics.

    • Step by Step

    1
    Observation Agent publishes a 'p=none' DMARC record to start collecting data without affecting mail flow.
    2
    Asset Mapping Over 2-4 weeks, it builds a complete map of all services sending email as your domain.
    3
    Authorization You approve legitimate senders; the Agent provides the specific SPF/DKIM records to add to your DNS.
    4
    Enforcement Once coverage reaches >95%, the Agent advises continuously upgrading policy to 'p=quarantine' and then 'p=reject'.
    5
    Maintenance Ongoing monitoring ensuring new tools added by marketing/HR don't break email deliverability.

    Available Integrations

  • DNS Hosting: Cloudflare, Route53, GoDaddy, Namecheap.
  • Email Providers: Google Workspace, Office 365, Exchange.
  • ESPs: SendGrid, Mailgun, Postmark.

    • *Note: Hunto AI also customizes each agent, integrations, activity, and output as required by the security teams in different industries.*

    Expected Output

  • Full Enforcement: Domain set to 'p=reject', stopping 100% of direct domain spoofing.
  • Deliverability Dashboard: Live view of email acceptance rates at major providers (Gmail, Yahoo, Outlook).
  • Sender Inventory: A complete list of authorized email services used by your company.
  • BIMI Certification: Preparation for verified logo display in emails.