Built by DNS insiders — 20 years of email threat intelligence

Hunt down who's spoofing
your domain.

DMARC reports decoded. See every sender, catch every spoof, enforce with confidence.

Request Early Access See how it works

Protecting 500+ domains  ·  🇱🇺 EU-based  ·  GDPR-native

app.spoofhunter.io/dashboard

Pass Rate

97.3%

↑ 2.1% vs last week

Policy

quarantine

pct=100 · 4 domains

Senders

12

⚠ 1 unauthorized

Sending Sources

Google Workspace

209.85.220.x

8,432 msgs Authorized

Mailchimp

198.2.134.x

1,204 msgs Authorized

Unknown

185.220.101.x

47 msgs Suspicious

The Problem

Spoofing is happening right now. You just can't see it.

DMARC data exists — as unreadable XML. Most organizations are exposed without knowing it.

Your domain is being spoofed

Attackers use your domain to send phishing emails to your customers. Without DMARC enforcement, you're powerless to stop it. 80% of domains are still at p=none.

80% of domains — zero protection

DMARC reports are unreadable XML

Google and Microsoft send daily XML reports. Thousands of rows. No human reads them. You have zero visibility into who's sending from your domain.

Raw XML you can't act on isn't data

The enforcement path is unclear

Moving from p=none to p=reject is a multi-step process. Most IT teams stay at monitoring forever, afraid to break deliverability.

Without guidance, enforcement never happens

How It Works

From invisible threat to full enforcement.

No guesswork. A clear path to p=reject.

1

Add your domain

Enter your domain and set the rua= address in your DNS. Takes 5 minutes. We give you the exact record to copy-paste.

2

Reports flow in automatically

Google, Microsoft, and every email provider start sending DMARC reports to us. We parse, enrich, and make them human-readable.

3

Follow your enforcement path

We tell you exactly when you're ready to advance. From p=none to p=reject, step by step, zero guesswork.

Join the waitlist

Features

Hunt. Identify. Enforce.

Built for security practitioners, not compliance checkbox-ticklers.

Real-time analytics

Pass rate trends, volume by day, source breakdown. Know your email health at a glance — not buried in XML.

Sender intelligence

Every IP enriched with ASN, geo, PTR, abuse flags. Know instantly if it's Google Workspace, Mailchimp, or a phishing botnet.

Enforcement guide

Step-by-step path from p=none to p=reject. We tell you exactly when it's safe to advance and give you the DNS record to publish.

Smart alerts

New unauthorized sender? Fail rate spike? Policy change? Know immediately via email or webhook.

Full REST API

Integrate DMARC data into your SIEM, security stack, or custom dashboard. Full API + webhooks + token auth.

360° Domain Intelligence

Daily pass/fail histogram and world map of sending sources. See trends over time and spot rogue senders by geography before they cause damage.

360° Domain Intelligence

See everything. Miss nothing.

Time and geography together. Who sends email claiming to be you, from where, how often, and how much of it passes authentication.

Daily send volume

7d 30d 90d
Pass
Fail

Placeholder — real chart uses your DMARC data

Global sending sources

High pass
Mixed
Failing

Placeholder — pins use your actual sending IPs

Spot the day a phishing campaign started — fail spikes show up immediately in the histogram.

See unauthorized senders by country before you get a breach report.

Track your policy enforcement journey from p=none to p=reject over time.

Pricing

Pricing that doesn't punish MSPs.

Flat pricing for MSPs. Fair pricing for teams. Start free, no credit card.

Free

$0

Forever free

  • 1 domain
  • Basic analytics
  • 30-day retention
  • Guided setup
Request Early Access

Starter

$29

/month · small teams

  • 5 domains
  • 3 users
  • 90-day retention
  • Email alerts
Request Early Access
Most popular

Pro

$79

/month · growing teams

  • 20 domains
  • 10 users
  • 1-year retention
  • Full REST API
  • Webhooks
Request Early Access

Business

$199

/month · MSPs & enterprise

  • Unlimited domains
  • Unlimited users
  • DRP intelligence
  • White-label
Request Early Access

14-day free trial on all paid plans. No credit card required. Full comparison →

Frequently asked questions

Everything you need to know about SpoofHunter and email spoofing.

DMARC is an email authentication protocol that tells providers what to do when someone sends email pretending to be from your domain. Without enforcement, attackers can send phishing emails that appear to come from you. Google and Yahoo now require DMARC for bulk senders.

Add a DMARC TXT record to your DNS. We give you the exact record to copy-paste — including your unique rua= address that routes reports directly to SpoofHunter. Takes about 5 minutes. Reports start arriving within 24-48 hours.

SpoofHunter processes DMARC aggregate reports — sending IP addresses, pass/fail counts, and policy information. No email content. All data is stored on EU-based infrastructure. We are GDPR-compliant and can provide a DPA for enterprise customers.

Yes. Starter includes 5 domains, Pro includes 20, and Business includes unlimited. MSPs can manage all client domains under a single dashboard.

Yes, on the Business plan. MSPs can remove SpoofHunter branding, use a custom domain, and generate client-branded reports.

Start your first hunt today.

Free plan. No credit card. Your domain's first DMARC report is waiting.

Request Early Access

Free plan · No credit card · EU-based · GDPR-native