Anyone can spoof most domains so we scanned 4 million to prove it.

Free. No signup. Your score in seconds.

Protect my domain →Fix my deliverability →

New reportThe state of email authentication 2026

We map email authentication across 189 countries.

Nightly scans of every public-facing protocol. Open data on Authex Atlas.

We do not watch. We act.

Most DMARC platforms stop at observability. Authex takes domains to enforcement and keeps them there. Built for organisations that can't afford to be spoofed.

Monitoring tools

You watch.

Dashboards and weekly digests.
Alerts you have to read and act on.
DNS changes by hand.
Years stuck at p=none.

Authex

We act.

Records configured automatically.
Drift reverted before it reaches you.
DNS managed by an autonomous agent.
Domains at p=reject in days.

26 rules · 12 actions · 6 phases · Deterministic

Six protocols. One autonomous Agent.

Authex configures every public-facing email-authentication protocol. Pick one to see how the Agent handles it.

Record

_dmarc TXT

Policy + reporting URIs

Agent

Authex

Walks p=none → quarantine → reject.

Verifier

Receiving MTA

Enforces alignment

How DMARC works in Authex

Authex publishes the DMARC record at p=none, parses your aggregate reports nightly, identifies every legitimate sender, then walks policy through p=quarantine to p=reject without breaking mail. Six-month median to enforcement.

Example record published by Authex

TXT _dmarc.yourdomain.com

v=DMARC1; p=reject; rua=mailto:rua@authexlabs.com; pct=100; aspf=s; adkim=s

Visibility at Internet scale.

Atlas tracks every public-facing email-auth protocol across the open Internet. Updated every night.

4M+

Domains tracked

189

Countries

14/100

Avg score

25%

DMARC adoption

Enforcement is no longer optional.

Three rules now require DMARC at enforcement. Your domain meets all of them or it does not.

Consumer mailbox rules

Bulk senders without DMARC land in spam.

Send more than 5,000 emails a day to Gmail or Yahoo? Without SPF, DKIM, and DMARC, your mail is rate-limited, sent to spam, or refused outright. Marketing, transactional, and password-reset traffic all hit the same wall. It is not a deliverability issue. It is a policy block.

Scope: 85% of consumer inboxes

Payment standard

Missing DMARC is a failed PCI DSS 4.0 control.

If you are a Level 1 or 2 merchant, Requirement 5.4.1 has been in full force since 31 March 2025. DMARC below enforcement is a deficiency on the Report on Compliance. That is not a warning. It is a finding.

Scope: All Level 1 and 2 merchants

EU financial regulation

DORA puts p=none under regulator scrutiny.

If you are an EU financial entity or you serve one, DORA has applied to you since 17 January 2025. Article 9 covers email authentication as an ICT risk control. p=none meets the technical floor. Supervisors expect more.

Scope: 22,000 EU financial firms

From p=none to p=reject. Without breaking mail.

The Agent walks every domain you own from monitoring to enforcement.

Scan your domain Start free trial

Free scan. No signup.