Documentation

Getting started with MailSentry

Everything you need to set up DMARC monitoring and protect your domain in under 15 minutes.

🚀

Quick start

Add your domain and start receiving DMARC reports.
⚙️

DMARC setup

Configure your DNS records for monitoring.
📊

Reading reports

Understand your DMARC report data.

Quick start

MailSentry monitors your domain's DMARC reports — the automated reports ISPs send when email authentication fails. Here's how to get started:

  1. 1

    Create an account

    Sign up at /login. No credit card required for the first domain.

  2. 2

    Add your domain

    From the dashboard, click Add domain and enter your sending domain (e.g. yourcompany.eu).

  3. 3

    Update your DMARC record

    Add or update your DNS _dmarc.TXT record to include the MailSentry reporting address. See DMARC setup below.

  4. 4

    Wait for reports

    ISPs send DMARC reports every 24 hours. You'll see your first data within 1–2 days of DNS propagation.

DMARC DNS setup

DMARC works via a DNS TXT record at _dmarc.yourdomain.com. If you don't have a DMARC record yet, start with a monitoring-only policy (p=none) so you don't affect mail delivery:

v=DMARC1; p=none; rua=mailto:dmarc@mailsentry.normwise.eu; ruf=mailto:dmarc@mailsentry.normwise.eu; fo=1;

If you already have a DMARC record, add the MailSentry address as an additional rua recipient (comma-separated):

v=DMARC1; p=none; rua=mailto:existing@example.com,mailto:dmarc@mailsentry.normwise.eu;

DMARC policy progression

Once you've been monitoring for a few weeks and understand your legitimate sending sources, you can tighten your policy:

Policy Effect When to use
p=none Monitor only, no action Start here. Always.
p=quarantine Failing email sent to spam When >95% of email passes
p=reject Failing email blocked When all senders are aligned

Reading your reports

The DMARCInsight dashboard summarises your aggregate reports. Here's what the key metrics mean:

  • Pass rate — percentage of emails that passed both SPF and DKIM alignment. Aim for >98%.
  • Source IPs — servers sending email claiming to be from your domain. Unexpected IPs may indicate spoofing or misconfigured third-party senders.
  • SPF alignment — whether the envelope-from domain matches your DMARC domain.
  • DKIM alignment — whether the d= tag in the DKIM signature matches your DMARC domain.
  • Disposition — what the receiving server did with the message (none / quarantine / reject).

NIS2 compliance

If you operate in the EU and fall under NIS2 Article 21, DMARC enforcement (p=reject or p=quarantine) is one of the technical controls required for email security. MailSentry helps you track your progress toward full enforcement and provides the audit trail needed for compliance reporting.

Need help?

If you're stuck, email support@normwise.eu and include your domain name and a description of the issue. We respond within one business day.