DMARC monitoring that actually gets clients to p=reject
Half the internet publishes a DMARC record; most of it is stuck at p=none forever. Trustliant ingests aggregate reports, identifies every sender, and walks each client safely up the enforcement ladder — across your whole portfolio at once.
From reports to answers
DMARC aggregate reports are XML nobody reads. Trustliant parses them continuously and answers the questions that matter: who is sending as this domain, are they authorized, are they aligned, and is anything spoofing the brand right now. Vendor fingerprinting names names — Microsoft 365, Mailchimp, that CRM nobody remembered — instead of listing bare IP addresses.
Guided enforcement, not a cliff
Moving to p=reject too early breaks legitimate mail; never moving breaks trust. Trustliant tracks alignment rates per sender and tells you when a domain is ready for the next step — with the exact record to publish and the evidence behind the recommendation. DMARCbis-aware validation (RFC 9989) flags deprecated tags before they bite.
Why now
Google, Yahoo, and Microsoft all require DMARC for volume senders, PCI DSS 4.0 names DMARC as an anti-phishing control, CIS Controls 9.5 says 'Implement DMARC' verbatim, and cyber insurers scan for it at renewal. Your clients will do this eventually — the only question is whether it's you who delivers it.
For your technicians
Raw records, parsed tag-by-tag with errors and warnings. Aggregate report rows with source IPs, alignment results, and vendor attribution. Exact fix records ready to paste into any DNS provider.
For your clients
A plain-English trust score and a monthly report: 'Your domain now rejects impersonation attempts at every major mail provider.' No XML, no jargon, just proof the MSP is protecting them.