DMARC rollout ยท Web3 operations
Email sender inventory builder
Map each system that sends as your domains before enforcement. Track the visible From, provider, owner, DKIM identity, Return-Path, and receiver evidence for every message stream.
Rows stay in this browser until cleared. Exports contain only the fields shown here.
ROLLOUT REVIEW
Open evidence work
A completed inventory is not proof that every legitimate sender is covered. Confirm each active path with a recently received message and trusted receiver results before changing DMARC policy.
LIVE PUBLIC CONFIGURATION
Check the first visible From domain
Verify public SPF, DMARC, transport policy, and optional DKIM/PTR evidence. A complete remediation report is 5 USDC on Base Mainnet.Evidence boundary
Inventory identities from real production messages
DMARC evaluates the domain in the message's visible From field. A provider name or envelope identity is not a substitute.
Record the signing domain and selector from a current message. DNS guessing cannot establish which key an active stream uses.
SPF authenticates the envelope path. Receiver-reported DMARC evidence is still needed to establish whether a passing identity aligned.
Primary references: RFC 9989 DMARC, Google email sender guidelines, and Microsoft DMARC guidance.