authex

The autonomous agent for identity and trust infrastructure.

Stop impersonation. Maximize deliverability. Your Agent handles both.

100+ domains protected
Verified on TrustMRR

We do not watch. We act.

Most tools stop at observability. Authex takes your infrastructure to enforcement and keeps it there. Built for organisations that can't afford to be impersonated.

Monitoring tools

You watch.

  • Dashboards and weekly digests.
  • Alerts you have to read and act on.
  • DNS changes by hand.
  • Years stuck at p=none.

Authex

We act.

  • Records configured automatically.
  • Drift reverted before it reaches you.
  • DNS managed by the Agent.
  • Domains at p=reject in days.

26 rules · 12 action types · 6 phases · deterministic

One autonomous Agent.

The Agent configures and maintains every protocol your domain uses to prove who it is. Pick one to see how.

Record

_dmarc TXT

Policy + reporting URIs

Agent

Authex

Walks p=none → quarantine → reject.

Verifier

Receiving MTA

Enforces alignment

How DMARC works in Authex

Authex publishes the DMARC record at p=none, parses your aggregate reports nightly, identifies every legitimate sender, then walks policy through p=quarantine to p=reject without breaking mail. Six-month median to enforcement.

Example record published by Authex

v=DMARC1; p=reject; rua=mailto:rua@yourcompany.com; pct=100; aspf=s; adkim=s

Visibility at Internet scale.

Authex tracks every public-facing trust protocol across 189 countries. Most of what we see is still unprotected.

The other 84.4% publish no policy, or publish one and never enforce it. That is the gap the Agent closes.

0.0%

Domains at full enforcement

0M+

Domains tracked

0

Countries

0/100

Avg score

Enforcement is no longer optional.

Three rules now require email authentication at enforcement. Your domain meets all of them or it does not.

Consumer mailbox rules

Bulk senders without DMARC don't deliver.

Send more than 5,000 emails a day to Gmail or Yahoo? Without SPF, DKIM, and DMARC, your mail is rejected at the gateway. The grace period ended in November 2025. Marketing, transactional, and password-reset traffic all hit the same wall. It is not a deliverability issue. It is a policy block.

Scope: 85% of consumer inboxes

Payment standard

PCI DSS 4.0 made anti-phishing controls mandatory.

If you are a Level 1 or 2 merchant, Requirement 5.4.1 has been in full force since 31 March 2025: automated anti-phishing controls are required. DMARC, SPF, and DKIM are the controls assessors look for — and an enforcing policy is what makes them count.

Scope: all Level 1 and 2 merchants

EU financial regulation

DORA puts p=none under regulator scrutiny.

If you are an EU financial entity or you serve one, DORA has applied to you since 17 January 2025. Article 9 requires you to protect the authenticity and integrity of data in transit — and email authentication is a recognized control for it. p=none gives you visibility, not protection. Supervisors expect more.

Scope: 22,000 EU financial firms

Put a trained agent on every domain you own.

From monitoring to enforcement, automatically. Deterministic. No model in the loop.

Free · No signup