Who builds DMARCdrift

DMARCdrift started in late 2025 after watching email deliverability fail silently on the products we were shipping. SPF records that looked fine until they didn't. DMARC drift that nobody caught until transactional emails started landing in spam. By then the damage was done.

The problem isn't understanding DMARC. Most developers can read a record once you explain the tags. The problem is that without dedicated monitoring you have no idea when something drifts. Big companies have security teams for this. Indie developers have nothing, unless they build it themselves or pay enterprise prices for tooling designed for compliance teams.

What we know about email authentication

The DMARC Adoption Study grew out of this work. It scans 2,000+ domains. Key findings:

• •73.8% of tracked domains have DMARC configured; only 60.4% enforce it
• •76% of top 25 US banks enforce at p=reject
• •38% of cybersecurity companies don't enforce DMARC on their own domain
• •14 of 30 major news outlets remain spoofable

The DMARCdrift blog covers DMARC policy progression, SPF complexity pitfalls, BIMI setup, Microsoft 365 and Google Workspace configuration, and practical deliverability for indie SaaS. Every article draws on real monitoring data, not just spec-reading.

Why DMARCdrift is built for indie developers

Enterprise DMARC platforms (dmarcian, EasyDMARC, Valimail) are excellent at what they do. They're built for compliance teams, auditors, and multi-user workspaces. If you're an indie developer or small SaaS founder, they're overbuilt, and the pricing reflects it.

DMARCdrift is the opposite: a single dashboard, flat pricing, no per-domain fees, and a weekly digest that tells you what changed. If nothing changed, it's quiet. If something drifted, whether that's a spoofing signal, an alignment regression, or a DNS record change, you hear about it before your customers do.

Contact

Questions, feedback, or feature requests: hello@dmarcdrift.com