Mail Domain Check

DMARC rollout ยท Web3 operations

Email sender inventory builder

Map each system that sends as your domains before enforcement. Track the visible From, provider, owner, DKIM identity, Return-Path, and receiver evidence for every message stream.

Saved locally

LOCAL WORKSPACE

Sending systems and evidence

0Active streams
0DMARC confirmed
0Need verification
0Inventory gaps

Rows stay in this browser until cleared. Exports contain only the fields shown here.

ROLLOUT REVIEW

Open evidence work

    A completed inventory is not proof that every legitimate sender is covered. Confirm each active path with a recently received message and trusted receiver results before changing DMARC policy.

    LIVE PUBLIC CONFIGURATION

    Check the first visible From domain

    Verify public SPF, DMARC, transport policy, and optional DKIM/PTR evidence. A complete remediation report is 5 USDC on Base Mainnet.
    Run live domain check

    Evidence boundary

    Inventory identities from real production messages

    FromRecipient-visible identity

    DMARC evaluates the domain in the message's visible From field. A provider name or envelope identity is not a substitute.

    d= / s=DKIM signing path

    Record the signing domain and selector from a current message. DNS guessing cannot establish which key an active stream uses.

    MAIL FROMSPF identity

    SPF authenticates the envelope path. Receiver-reported DMARC evidence is still needed to establish whether a passing identity aligned.

    Primary references: RFC 9989 DMARC, Google email sender guidelines, and Microsoft DMARC guidance.