Product tour
DMARC monitoring,
front to back.
The dashboard, the digest, the one-click fixes, and the integrations. Real screens rebuilt in miniature, honest about what each one does.
Every domain, one screen.
The fleet view shows each domain's policy, alignment, and DNS provider at a glance, with a compliance scorecard against the Google, Yahoo, and Microsoft sender mandates. Every sending IP is matched against a corpus of 145 vendors, so you see SendGrid and Mailchimp, not raw ASNs.
Under each domain sit nine tabs of detail across DMARC, SPF, DKIM, and MTA-STS: per-sender alignment, subdomain traffic, and a change history for the day you need to dig in.
| Domain | Policy | Aligned | |
|---|---|---|---|
| acme.com | p=reject | 99% | Cloudflare· one-click |
| acme-mail.co | p=quarantine | 97% | Route 53· one-click |
| acme.io | p=none | 84% | Namecheap· guided |
Sixty seconds a morning, not another console.
Each morning a plain-English summary lands in your inbox: what was blocked, what changed, and the one thing worth your attention, with a fix attached when there is one.
DMARC reports from Gmail, Microsoft, and Yahoo arrive on a daily cycle. The digest reads them so you do not have to. When nothing needs you, it says so and gets out of the way.
Confirm it is yours and we will watch its alignment.
DNS changes with a safety net.
When a fix is one click, we stage the exact record and hold it for five minutes before writing it to your DNS. Today that works on Cloudflare and AWS Route 53. You get an email record of every change and a 24-hour undo after it applies.
On other providers you get the computed record plus a step-by-step guided fix with a deep link into your DNS console. Never a blind write.
v=DMARC1; p=quarantine; rua=mailto:acme-7f3k@rua.trustyourinbox.com
Held for 5 minutes. Cancel with one click before anything goes live.
Applied and emailed. The exact record written, on the record, in your inbox.
Undo for 24 hours. One click rolls the change back, verified by a DNS read-back.
Find out what sends as you.
The Subdomains tab reads your real traffic and groups every subdomain seen sending as your domain: the ones you know, the ones worth a look, and the ones that do not exist in your DNS at all.
A sender that is not in DNS might be a forgery or a forgotten tool, so we show you the evidence instead of guessing, and tell you when a policy change would actually cover it.
- Knownmail.acme.com12,408 msgs · Google Workspace
- Worth a looknews.acme.com1,872 msgs · unidentified sender
- Not in DNSinvoice.acme.com64 msgs · no records published
Approve fixes from the channel.
Connect Slack and the alerts that matter land where your team already is. When an issue is one-click-fixable, the message carries a Fix this button.
Only a linked teammate with edit access can approve it, and the change goes through the same five-minute hold, cancel, and 24-hour undo as a fix from the app. Every approval is written to your history with the Slack handle that made it.
acme.com is not protecting your domain
No DMARC policy is published, so anyone can send mail as your domain. Publishing a record starts the clock on reports and protection.
Ask your DMARC data anything.
Connect Claude, Cursor, or any MCP client to your workspace and ask in plain English. The server answers from the same workspace queries the dashboard uses, so the numbers always match.
Tokens are read-only by default. Write actions are opt-in, re-check your live permissions on every call, and stage DNS changes through the same safety net as everything else.
Is acme.com being spoofed? Was I protected last week?
Yes, and receivers report they blocked all of it. Here's last week for acme.com:
| Spoofed messages blocked | 1,240 |
| Delivered anyway | 0 |
| Top source | Russia |
You're fully protected, receivers rejected every spoofed message before delivery.
Wire it into your own tooling.
A versioned REST API with 18 endpoints covers your domains, issues, spoof activity, reports, and staged DNS changes. Keys are scoped read or write, revoke instantly, and writes support idempotency keys.
Every endpoint answers through the same workspace queries as the dashboard and the MCP server, one set of numbers everywhere. API keys are available on Pro and up.
$ curl https://api.trustyourinbox.com/v1/domains \
-H "Authorization: Bearer tyi_api_..."
{ "data": [ { "domain": "acme.com",
"policy": "reject",
"openIssues": 0 } ] }Start with one domain.
See it with your own data.
Free for one domain, no credit card. Add one DNS record and the first reports arrive within a day.