Ask your DMARC data anything, in plain English

The idea: ask, don't dig

A connected assistant can read your real DMARC reports and answer in plain language, with tables and short summaries, computed by the same logic that powers your dashboard. So instead of opening a console and reading XML, you ask the question you actually have. If you haven't connected one yet, start with the setup guide (it takes about a minute).

A good prompt names the domain and, if it matters, the time range, and asks for the format you want ("use a table", "keep it to one screen"). Here are the ones worth saving.

Your morning check

Give me a one-screen health summary of my workspace: overall alignment, the 3 most important open action items, and any spoofing spike. Use a table.

You get back a short scorecard: your spoofer-adjusted alignment, whether spoofing is up or down this week, and the three things most worth your time, ranked. It's the 30-second "is anything on fire?" read.

Before you turn on enforcement

The scariest question with DMARC is "if I move to p=reject, will I block my own mail?" The honest answer depends on whether your failures are forwarding (safe, it survives on DKIM) or real gaps. Your assistant can tell you:

I want to move acme.com to p=reject. Break down whether my failures are forwarding or real auth gaps, and give me a go / no-go.

It splits your mail by authentication path, so you can see that, say, most of your "failures" are forwarded messages that still pass DKIM (safe to enforce), versus a sender that genuinely isn't aligned (fix that first). Then it gives you a verdict instead of a wall of numbers.

When mail goes to spam at one provider

My mail seems to do worse at Outlook than Gmail. Show me the pass rate by receiver for acme.com in a table, and explain any gap.

You get a row per receiver (Gmail, Outlook, Yahoo, and so on) with the DMARC pass rate at each, so a "Microsoft hates us" hunch becomes a specific, fixable difference. Pair it with a reverse-DNS check, which Microsoft cares about:

Check reverse DNS coverage for acme.com's sending IPs and list any that are missing a PTR record.

Digging into DKIM

Show me the DKIM status for acme.com: which selectors are signing my mail, their key sizes, and flag anything weak.

It lists the selectors actually signing your mail (seen in real reports), cross-references them against what you've published, and flags anything on a deprecated 1024-bit key, the kind of thing that's invisible until a provider starts warning on it.

Spoofing and unknown senders

Is acme.com being spoofed? Show how much DMARC blocked over 30 days, the trend, and the top attacking networks. Am I protected?

And when a report shows sources you don't recognize, you can triage them in the same breath:

List my unknown senders. For each, tell me if it looks like a real vendor I should label, or a spoofer, and why.

Is my brand logo set up (BIMI)?

Is BIMI set up correctly on acme.com? Validate the record, the logo, and the certificate, and tell me what's needed to show my logo in Gmail.

The weekly write-up

Write my weekly DMARC review as a short exec summary: what improved, what regressed, the top 3 things to fix, and any wins. Keep it skimmable.

This is the one teams paste into Slack. Because the answer is built from your real reports, the numbers match what's in the product.

Going from a question to a fix

Tokens are read-only by default, so an assistant can look but not touch. If you choose to enable write access when you create a token, it can also take a few safe actions for you, like labeling an unknown sender as a known vendor, or staging a one-click DNS fix:

198.2.128.0/18 is Mailchimp. Label it as a known marketing sender.

Staged DNS fixes still go through the same safety net as the app, a five-minute delay, an email with a one-click cancel, and a 24-hour undo, and every change an assistant makes is recorded in your audit log with the token's name, so you can always tell an assistant's action from your own.

A few tips for nicer answers

• Name the time range ("over the last 7 days", "30 days"), since several questions default to a week or a month.
• End with "use a table" or "keep it to one screen" to control how dense the answer is.
• Your client also ships a few guided prompts (investigate spoofing, plan enforcement, weekly review, check any domain, explain headers) you can pick instead of typing.

Not connected yet? The setup guide walks through Claude, Cursor, and any other MCP client. It's free to try on a read-only token.