What does DMARC monitoring cost?

The short answer

DMARC itself costs nothing. It's a single TXT record in your DNS, and publishing it is free with every DNS provider on earth. What costs money is monitoring: turning the reports that DMARC generates into something a human can act on. Monitoring services run from $0 (real free tiers exist, including ours) to roughly $10-40 per month for small businesses, up to enterprise contracts in the hundreds or thousands per month.

Why DMARC itself is free

A DMARC record is one line of text at _dmarc.<your-domain>:

v=DMARC1; p=none; rua=mailto:reports@example.com

No license, no per-message fee, no vendor required. The protocol is an open standard (RFC 7489), and mailbox providers like Gmail, Microsoft, and Yahoo do the enforcement for free. If someone quotes you a price "for DMARC", what they're actually quoting is one of the services around it.

What you're actually paying for

The rua= address in your record receives aggregate reports: zipped XML files, one or more per day from every mailbox provider that saw mail claiming to be you. A single small domain typically gets a handful a day; add domains and volume and it's quickly dozens. Raw, they look like this: IP addresses, message counts, SPF and DKIM pass/fail flags, no explanations.

A monitoring service earns its fee by doing four things with that stream:

• Parsing and storing every report, so you see trends instead of attachments.
• Identifying senders - turning "209.85.220.41 passed SPF" into "Google Workspace, your real mail, fine" versus "unknown server in another country failing everything, likely spoofing".
• Telling you what to fix - which DNS records to change, for which sending service, in what order.
• Getting you to enforcement safely - the entire point. Monitoring forever at p=none protects nobody; the value is reaching p=reject without breaking real mail.

What drives the price

Across the market, pricing scales on a few consistent axes:

• Number of domains. The most common meter. Per-domain pricing adds up fast if you run brand-protection domains or an agency book.
• Mail volume. Some tools meter on messages covered by your reports, which is hard to predict before you've started monitoring.
• Data retention. Free and entry tiers often keep a week or two of history; the longer windows you want for forensics sit in higher tiers.
• Seats and roles. Inviting your team or your IT provider is commonly a paid-tier feature, sometimes a per-seat fee.
• Enterprise add-ons. SSO, API access, and managed onboarding are classic upcharges at the top end.

Rule of thumb for the categories: free tiers cover one or two domains with limited history and no team; SMB-priced tools land around $10-40/mo; enterprise platforms are sales-led, annual-contract, and priced accordingly. The capability gap between an SMB tool and an enterprise platform is much smaller than the price gap - what you're mostly buying up there is procurement compatibility, not better parsing.

Can you do it for $0 forever?

Honestly: yes, three ways, with real tradeoffs.

• Point rua= at your own inbox. Costs nothing, works immediately, and you'll stop reading the XML attachments within a week. Fine for proving reports flow; useless for actually progressing your policy.
• Parse them yourself. Open-source parsers exist. You'll spend engineering time on ingestion, storage, and sender identification - reasonable for a homelab, a hard sell for a business where the goal is just "stop spoofing".
• Use a real free tier. Most monitoring services, us included, have one. The limits (domains, history, seats) are the business model, but for a single domain a good free tier is genuinely enough to reach enforcement.

What we charge

For the avoidance of mystery: trustyourinbox is free for one domain, with no card and no time limit. Lite is $9/mo for up to 5 domains, Pro is $19/mo for up to 25 domains and 5 team members, and yearly billing takes both lower. Every plan includes the same parsing, sender identification, plain-English explanations, and one-click DNS fixes; the tiers meter domains and seats, not capability. The full breakdown is on the pricing page.

Whatever you pick - us, a competitor, or a weekend of scripting - publish the record at p=none today. The reports only start flowing once it exists, and every week without it is a week of spoofing you can't see.