Everything you need to secure your domains
From your first DMARC record to full enforcement across hundreds of domains — SpoofSentry covers monitoring, enforcement, threat response, compliance, and MSSP operations in one platform.
Monitoring & Visibility
Understand your domain security posture before you act.
Domain Security Score →
100-point composite score across 9 dimensions: DMARC policy, SPF alignment, DKIM alignment, sender coverage, MTA-STS, BIMI readiness, lookalike threat exposure, managed SPF/DKIM, and DANE. Letter grades A–F with historical trending.
DMARC Aggregate Reports
Parse and visualize RUA reports. See pass/fail rates, sender breakdown, geographic distribution, and 30/60/90-day trends.
Forensic Reports
Ingest RUF forensic reports with PII redaction. Classify failures as DKIM, SPF, alignment, or suspected spoofing.
Sender Classification
AI-powered sender identification. Automatically detect 26+ ESP providers, classify senders as legitimate, suspicious, or malicious with confidence scores.
Industry Benchmarking
Compare your domain score against anonymized industry peers. See your percentile ranking by vertical.
Enforcement & Remediation
Move from p=none to p=reject safely with simulation and rollback.
Guided Enforcement →
Step-by-step progression from monitor to quarantine to reject. Readiness gates block premature advancement. Rollback in one click.
Enforcement Simulator
What-if analysis: replay historical traffic against a proposed policy. See exactly which senders would be affected before changing DNS.
Remediation Playbooks
8 playbook types: SPF hardening, DKIM deployment, DMARC enforcement, MTA-STS, DANE, BIMI, dangling DNS remediation, and lookalike response.
DNS Management
Direct DNS record publishing via Cloudflare, Route 53, Azure DNS, GoDaddy, or Google Cloud DNS. Drift detection with nightly reconciliation.
SPF Dependency Analysis
Visualize SPF include chains, count DNS lookups, detect redundant entries, and optimize to stay under the 10-lookup limit.
Threat Detection & Response
Detect, investigate, and take down domain threats.
Spoofing Campaign Detection
Statistical anomaly detection across volume, geography, authentication rates, and sender behavior. Z-score analysis against rolling baselines with multi-dimensional severity scoring. Timeline reconstruction with IP attribution.
Lookalike Domain Monitoring
Detect typosquats, homoglyphs, TLD variants, combo-squats, and subdomain abuse. Risk scoring 0–100 with registration and infrastructure checks.
Takedown Orchestration
Full lifecycle case management: automated evidence collection, multi-channel abuse dispatch (Google Web Risk, Netcraft, URLhaus, registrar/host email), case tracking, and escalation. Downstream action timelines are controlled by third-party providers.
Dangling DNS Detection →
Scan for CNAME takeover risks, orphaned records, and SubdoMailing indicators across your entire domain portfolio.
Third-Party Risk Monitoring
Monitor vendor domains that send email on your behalf. Detect when a vendor’s DMARC posture degrades before it affects your deliverability.
Compliance & Reporting
Generate evidence for audits and keep leadership informed.
9-Framework Compliance
Evidence bundles and control mappings for SOC 2, ISO 27001, NIST CSF, PCI-DSS v4, HIPAA, NIS2, CISA BOD 18-01, NCSC CAF, and ASD Essential Eight.
AI Executive Summaries
Plain-English summaries for leadership. Weekly digests, monthly briefs, incident narratives, and domain assessments.
Outcome Measurement
Before/after enforcement proof, time-to-detect (TTD), time-to-remediate (TTR), and ROI estimation with configurable assumptions.
Scheduled Reports
Daily, weekly, or monthly reports in PDF, Markdown, or HTML. Delivered via email with shareable links.
BIMI/VMC Workflow
End-to-end BIMI readiness assessment, VMC readiness assessment and lifecycle tracking, and DNS deployment.
Platform & Scale
Enterprise-grade infrastructure for MSPs, MSSPs, and multi-domain organizations.
MSSP Multi-Tenancy
Pooled billing, customer impersonation, portfolio analytics, white-label branding, and bulk operations across managed tenants.
Enterprise SSO
OIDC + SAML 2.0 with SCIM 2.0 automated provisioning. Domain-verified enforcement, JIT provisioning, and group-based role mapping.
25+ Integrations
Slack, Teams, Splunk, Datadog, Elastic, Sentinel, ConnectWise, Autotask, HaloPSA, ServiceNow, Okta, and more.
API & Webhooks
RESTful API with 700+ endpoints, OpenAPI documentation, outbound webhooks with HMAC signing and delivery tracking.
Role-Based Access
Role-based access control with 8 roles across 28 resource types (91 effective permissions). MFA (TOTP + WebAuthn), IP allowlisting, and privileged access management.
Ready to secure your domains?
Start with a free domain check — no account needed. Or jump straight in with a 14-day free trial.