DMARCbis-ready · The 2026 standard

Product tour

DMARC monitoring,
front to back.

The dashboard, the digest, the one-click fixes, and the integrations. Real screens rebuilt in miniature, honest about what each one does.

The dashboard

Every domain, one screen.

The fleet view shows each domain's policy, alignment, and DNS provider at a glance, with a compliance scorecard against the Google, Yahoo, and Microsoft sender mandates. Every sending IP is matched against a corpus of 145 vendors, so you see SendGrid and Mailchimp, not raw ASNs.

Under each domain sit nine tabs of detail across DMARC, SPF, DKIM, and MTA-STS: per-sender alignment, subdomain traffic, and a change history for the day you need to dig in.

Your domainsExample
DomainPolicyAligned
acme.comp=reject99%
acme-mail.cop=quarantine97%
acme.iop=none84%
The digest

Sixty seconds a morning, not another console.

Each morning a plain-English summary lands in your inbox: what was blocked, what changed, and the one thing worth your attention, with a fix attached when there is one.

DMARC reports from Gmail, Microsoft, and Yahoo arrive on a daily cycle. The digest reads them so you do not have to. When nothing needs you, it says so and gets out of the way.

TrustYourInbox <digest@trustyourinbox.com>acme.com today: spoofing blocked, nothing needs you
Your mail is protected.
312fakes blocked
99%passed, steady
New sender: looks like Postmark

Confirm it is yours and we will watch its alignment.

Review
One-click fixes

DNS changes with a safety net.

When a fix is one click, we stage the exact record and hold it for five minutes before writing it to your DNS. Today that works on Cloudflare and AWS Route 53. You get an email record of every change and a 24-hour undo after it applies.

On other providers you get the computed record plus a step-by-step guided fix with a deep link into your DNS console. Never a blind write.

Staged change · acme.ioExample
_dmarc.acme.io  TXT
v=DMARC1; p=quarantine; rua=mailto:acme-7f3k@rua.trustyourinbox.com
  1. Held for 5 minutes. Cancel with one click before anything goes live.

  2. Applied and emailed. The exact record written, on the record, in your inbox.

  3. Undo for 24 hours. One click rolls the change back, verified by a DNS read-back.

Subdomain discovery

Find out what sends as you.

The Subdomains tab reads your real traffic and groups every subdomain seen sending as your domain: the ones you know, the ones worth a look, and the ones that do not exist in your DNS at all.

A sender that is not in DNS might be a forgery or a forgotten tool, so we show you the evidence instead of guessing, and tell you when a policy change would actually cover it.

Subdomains sending as acme.comExample
  • mail.acme.com
    12,408 msgs · Google Workspace
    Known
  • news.acme.com
    1,872 msgs · unidentified sender
    Worth a look
  • invoice.acme.com
    64 msgs · no records published
    Not in DNS
Slack

Approve fixes from the channel.

Connect Slack and the alerts that matter land where your team already is. When an issue is one-click-fixable, the message carries a Fix this button.

Only a linked teammate with edit access can approve it, and the change goes through the same five-minute hold, cancel, and 24-hour undo as a fix from the app. Every approval is written to your history with the Slack handle that made it.

TrustYourInboxApp9:41 AM

acme.com is not protecting your domain

No DMARC policy is published, so anyone can send mail as your domain. Publishing a record starts the clock on reports and protection.

Fix thisView domain
AI assistants

Ask your DMARC data anything.

Connect Claude, Cursor, or any MCP client to your workspace and ask in plain English. The server answers from the same workspace queries the dashboard uses, so the numbers always match.

Tokens are read-only by default. Write actions are opt-in, re-check your live permissions on every call, and stage DNS changes through the same safety net as everything else.

Your AI assistantExample

Is acme.com being spoofed? Was I protected last week?

Yes, and receivers report they blocked all of it. Here's last week for acme.com:

Spoofed messages blocked1,240
Delivered anyway0
Top sourceRussia

You're fully protected, receivers rejected every spoofed message before delivery.

The API

Wire it into your own tooling.

A versioned REST API with 18 endpoints covers your domains, issues, spoof activity, reports, and staged DNS changes. Keys are scoped read or write, revoke instantly, and writes support idempotency keys.

Every endpoint answers through the same workspace queries as the dashboard and the MCP server, one set of numbers everywhere. API keys are available on Pro and up.

$ curl https://api.trustyourinbox.com/v1/domains \
    -H "Authorization: Bearer tyi_api_..."

{ "data": [ { "domain": "acme.com",
             "policy": "reject",
             "openIssues": 0 } ] }

Start with one domain.
See it with your own data.

Free for one domain, no credit card. Add one DNS record and the first reports arrive within a day.