Turn DNS records into compliance evidence
Email authentication shows up in more frameworks every year — sometimes by name. Trustliant tags every finding with the frameworks it touches, so posture work doubles as audit preparation and insurance-renewal ammunition.
Where email auth is actually required
PCI DSS 4.0 requirement 5.4.1 (mandatory since March 2025) names DMARC, SPF, and DKIM as anti-phishing controls. CIS Controls v8.1 safeguard 9.5 says 'Implement DMARC' verbatim. US federal agencies have been mandated to p=reject since BOD 18-01. We say 'required by' only where that's true — and 'supports' everywhere else (SOC 2, HIPAA, FTC Safeguards, GLBA), because overclaiming compliance is how MSPs lose trust.
Cyber insurance is the universal driver
Carriers increasingly ask about email authentication on applications — and verify by scanning DNS themselves before quoting. DMARC posture is one of the few controls where evidence can be generated externally, automatically, with zero client effort. Trustliant's reports are built to be attached to renewals.
Evidence engine (roadmap)
The full compliance module maps controls to requirements with status, owner, review date, and historical proof — turning 'are we compliant?' into a living answer per framework, per client. The data model ships now; the narrative layer lands next.
For your technicians
Framework tags on every finding (PCI-DSS-4.0-5.4.1, CIS-v8.1-9.5, sender requirements) with the honest required-vs-supports distinction preserved.
For your clients
“When your insurer or auditor asks about email security, the evidence is already written — with before-and-after proof of improvement.”