DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol defined in RFC 7489 that builds upon SPF and DKIM to provide protection against email spoofing and phishing attacks.

What are RUA and RUF reports?

RUA (Aggregate Reports) provide daily summaries of email authentication results, while RUF (Forensic Reports) provide real-time failure reports with message samples when DMARC authentication fails.

How does DMARC prevent phishing?

DMARC prevents phishing by authenticating email messages using SPF and DKIM, then applying policy actions (none, quarantine, or reject) to messages that fail authentication, preventing spoofed emails from reaching recipients.

Back to home

DMARC Shield

Security & Privacy

Enterprise-grade security protecting your most sensitive data

Our Commitment to Security

Zero Trust Architecture

Every request is authenticated, authorized, and encrypted regardless of location or user.

Defense in Depth

Multiple layers of security controls protect against various attack vectors and threats.

Continuous Monitoring

24/7 security monitoring with real-time threat detection and automated response.

Security Measures

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

TLS 1.3 for all client-server communications

AES-256 encryption for data at rest

Perfect Forward Secrecy (PFS) implementation

Encrypted database connections

Access Controls

Multi-layered access controls with role-based permissions and multi-factor authentication.

Role-based access control (RBAC)

Multi-factor authentication (MFA) required

Single Sign-On (SSO) integration

Regular access reviews and audits

Security Monitoring

24/7 security monitoring with automated threat detection and incident response.

Real-time security event monitoring

Automated threat detection and response

Security incident escalation procedures

Comprehensive audit logging

Data Protection

Enterprise-grade data protection with regular backups and disaster recovery procedures.

Automated encrypted backups

Point-in-time recovery capabilities

Geographic backup distribution

Disaster recovery testing

Infrastructure Security

Cloud Infrastructure

AWS SOC 2 and ISO 27001 certified infrastructure

Dedicated Virtual Private Cloud (VPC) isolation

Web Application Firewall (WAF) protection

DDoS protection and traffic filtering

Network segmentation and microsegmentation

Application Security

Regular penetration testing and vulnerability assessments

Secure coding practices and code reviews

Static and dynamic application security testing

Dependency scanning and vulnerability management

Container security and image scanning

Certifications & Compliance

SOC 2 Type II

Certified

Annual security, availability, processing integrity, confidentiality, and privacy audits

ISO 27001

In Progress

International standard for information security management systems

GDPR Compliant

Certified

Full compliance with European General Data Protection Regulation

CCPA Compliant

Certified

California Consumer Privacy Act compliance for data privacy rights

Audit Reports: Current SOC 2 Type II reports are available to enterprise customers upon request. Contact our security team for detailed compliance documentation.

Privacy Principles

Data Minimization

We collect only the data necessary to provide our services and protect your domains.

Purpose Limitation

Your data is used solely for DMARC monitoring and threat detection purposes.

Transparency

Clear documentation of what data we collect, how it's used, and how long it's retained.

User Control

You maintain full control over your data with export, correction, and deletion rights.

Data Handling & Retention

DMARC Reports

Retained for 2 years for analysis

Anonymized after 6 months

Account Data

Retained while account is active

Deleted within 90 days of closure

Audit Logs

Retained for 1 year

Required for security monitoring

Incident Response

We maintain a comprehensive incident response plan to quickly identify, contain, and resolve security incidents.

Detection

Automated monitoring and alerting systems

Containment

Immediate isolation and threat containment

Investigation

Root cause analysis and impact assessment

Recovery

System restoration and preventive measures

Security Team Contact

Security Vulnerabilities

If you discover a security vulnerability, please report it responsibly to our security team.

security@dmarcshield.io

Security Questions

For general security questions or compliance documentation requests.

compliance@dmarcshield.io

Trust & Transparency

Security is not just a feature—it's the foundation of everything we do. We're committed to maintaining the highest security standards and being transparent about our practices. Your trust is our most valuable asset.