DKIM · SPF · DMARC · XML Analysis

Stop email
from falling
into the void.

MX Pilot monitors your DKIM, SPF, and DMARC records, parses aggregate XML reports from every mail server, and tells you exactly who's sending email on your behalf — and whether it's passing.

Start for free → See how it works

99.8% Delivery insight

< 5min Setup time

50+ Sending sources

mxpilot.io — domain analysis

$ mxpilot analyze yourdomain.com

▸ SPF RECORD

record v=spf1 include:_spf.google.com ~all

result ✓ PASS — 4 of 10 lookups used

▸ DKIM

selector google._domainkey

result ✓ PASS — RSA-2048, valid

selector s1._domainkey

result ⚠ SOFTFAIL — key mismatch

▸ DMARC

policy p=quarantine

rua mailto:dmarc@yourdomain.com

pct 100%

▸ AGGREGATE REPORT — last 7 days

messages 14,382 analyzed

pass

92%

fail

spoof

Process

From DNS to dashboard
in minutes.

MX Pilot does the heavy lifting — fetching, parsing, and correlating every DMARC aggregate report automatically.

🔍

Add your domain

Enter any domain you control. MX Pilot immediately scans your SPF, DKIM selectors, and DMARC policy in real time.

📬

Point your RUA

Update your DMARC record's rua= tag to your MX Pilot reporting address. Mail servers start sending XML reports automatically.

📊

Reports auto-parse

Aggregate XML files from Google, Microsoft, Yahoo, and others are ingested, decompressed, and decoded every hour.

🚨

Get alerted instantly

When a new sending source appears, a DKIM key expires, or SPF failures spike, you get notified before your deliverability tanks.

Authentication flow

How DMARC actually works.

DMARC builds on SPF and DKIM to give receiving mail servers a clear policy for handling messages that fail authentication. MX Pilot visualizes every step.

📧

SPF checks the sending IP

Receiving servers look up your SPF record to confirm the sending server is authorized to send mail for your domain.

🔑

DKIM signs the message

A cryptographic signature in the email header is verified against a public key published in your DNS — proving the message was not tampered with in transit.

🛡️

DMARC enforces your policy

If SPF or DKIM fails, your DMARC policy tells receiving servers whether to none, quarantine, or reject the message — and sends you an XML report.

📤

SENDER

Email sent from yourdomain.com

🌐

DNS LOOKUP

SPF + DKIM records fetched

PASS

⚙️

EVALUATION

DMARC alignment check

ALIGNED

📥

DELIVERED

Message reaches inbox

✓ OK

📊

REPORTING

XML aggregate report sent to MX Pilot

Features

Everything you need to
own your email reputation.

From first-time DMARC setup to enterprise enforcement — MX Pilot has the tools your team needs.

📊

Aggregate XML report parsing

MX Pilot automatically ingests DMARC RUA reports from Google, Microsoft, Yahoo, and hundreds of other mail providers — compressed ZIP or GZIP, no manual unpacking.

🔍

DKIM selector discovery

Automatically discovers all DKIM selectors sending on behalf of your domain, validates the keys, checks expiry, and flags any mismatches across your selectors.

✅

SPF record analysis

Validates your SPF record for syntax errors, lookup limit violations, and unauthorized senders. Suggests flattened alternatives when you approach the 10-lookup limit.

🚨

Real-time alerts

Get instant email or Slack alerts when failure rates spike, a new unknown sender appears in your reports, a DKIM key expires, or your DMARC policy is misconfigured.

🛡️

Spoofing & phishing detection

Identify unauthorized IP addresses impersonating your domain across aggregate reports. See exactly where unauthorized mail is originating and block it at the DMARC level.

📈

Trend dashboards

Historical pass/fail/quarantine charts over time, per-source breakdowns, IP geolocation maps, and email volume trends — all in one clean dashboard.

🏢

Multi-domain management

Manage all your domains from a single pane. See health scores at a glance, drill into any domain for detailed analysis, and export reports per-domain or in aggregate.

🔧

Policy upgrade assistant

Step-by-step guided wizard to move from p=none to p=reject safely, with real traffic analysis to ensure you won't block legitimate mail.

🔌

API access

Full REST API for integrating DMARC data into your own dashboards, SIEM, or CI/CD pipeline. Webhooks for real-time event streaming to any endpoint.

Report Intelligence

DMARC aggregate reports,
decoded instantly.

Raw XML from mail servers is transformed into actionable data. See exactly what's passing, failing, and why.

DMARC Aggregate Report — google.com → yourdomain.com

Period: 2025-05-16 to 2025-05-23 2,847 messages

Report Metadata

reporterGoogle LLC

org_namegoogle.com

emailnoreply-dmarc-support@google.com

report_id8314792648107...

messages2,847

Authentication Results

SPF ● PASS

DKIM ● PASS

DMARC ● PASS

disposition none

alignment ● relaxed

Source IPs (top 3)

209.85.220.41 1,924

209.85.167.33 841

209.85.128.44 72

unknown 10 ⚠

MX Pilot flag 2 new senders

Pricing

Simple, transparent pricing.

Start free, upgrade when you need more. No hidden fees, no per-seat surprises. Powered by Stripe.

Free

$ 0 /mo

Perfect for personal projects and getting started with DMARC.

Get started

✓1 domain
✓7-day report history
✓SPF & DMARC record check
✓DKIM selector validation
✓Basic aggregate report parsing
—Email alerts
—Spoofing detection
—API access
—Slack integration

Up to 500 messages/mo

Starter

$ 19 /mo

For small teams and growing businesses taking email security seriously.

Start trial →

✓3 domains
✓30-day report history
✓Full XML report parsing
✓Email alerts (daily digest)
✓Source IP analysis
✓DKIM expiry monitoring
✓Basic spoofing alerts
—API access
—Slack integration

Up to 25,000 messages/mo

Pro

$ 79 /mo

For growing companies that need real-time visibility and enforcement guidance.

Start trial →

✓10 domains
✓90-day report history
✓Real-time alerts (email + Slack)
✓Advanced spoofing & phishing detection
✓Policy upgrade wizard
✓IP geolocation & reputation
✓API access (10k calls/mo)
✓CSV/PDF report exports
✓Webhook event streaming

Up to 250,000 messages/mo

Enterprise

Custom

For large organizations, agencies, and MSPs managing email at scale.

Contact sales →

✓Unlimited domains
✓Custom data retention
✓Dedicated account manager
✓Custom reporting & white-label
✓SIEM & SOC integrations
✓SSO / SAML 2.0
✓SLA & uptime guarantee
✓Unlimited API calls
✓Priority support + onboarding

Unlimited messages

All paid plans include a 14-day free trial. No credit card required to start.

Stripe Payments secured by Stripe — PCI-DSS compliant

Testimonials

What our users say.

"We had no idea three unknown services were sending email as our domain. MX Pilot caught them within 24 hours of setup. Moved to p=reject with total confidence."

Sarah R.

Head of IT, Brightpath Inc.

"The policy wizard is incredible. It showed us exactly which mail streams were failing alignment before we tightened our policy — saved us from a serious outage."

Marcus K.

DevOps Lead, StackRow

"We manage email for 40+ clients. MX Pilot's multi-domain view and white-label reports make it the only DMARC tool we recommend. The API integration with our MSP stack is flawless."

James T.

CEO, NexusIO Managed Services

FAQ

Common questions.

What is a DMARC aggregate report? +

Mail servers that receive email from your domain send daily XML reports to the address in your rua= DMARC tag. These reports contain detailed breakdowns of every IP that sent email claiming to be your domain, along with SPF and DKIM pass/fail results. MX Pilot collects and parses these automatically.

How long does setup take? +

Most users are fully set up in under 5 minutes. Add your domain, update the rua= tag in your DMARC DNS record to point to your unique MX Pilot address, and we handle the rest. Reports start arriving within 24 hours as mail servers send their daily digests.

Do I need an existing DMARC record? +

No. MX Pilot will scan your domain and guide you through creating a DMARC record from scratch if you don't have one. We recommend starting with p=none to collect data first, then upgrading to enforcement once your legitimate sources are confirmed.

What mail servers send DMARC reports? +

All major mail providers send DMARC aggregate reports: Google (Gmail / Google Workspace), Microsoft (Outlook / Exchange Online), Yahoo, Apple iCloud, Proton Mail, Fastmail, and hundreds of others. MX Pilot supports all report formats including ZIP and GZIP compressed XML.

How does billing work? +

All plans are billed monthly or annually (annual billing saves 20%). Payments are processed securely through Stripe. You can upgrade, downgrade, or cancel any time from your account dashboard. Paid plans include a 14-day free trial — no credit card required to start.

Can I use MX Pilot for multiple domains? +

Yes. Starter allows 3 domains, Pro allows 10, and Enterprise is unlimited. All domains are managed from a single dashboard. For agencies and MSPs, the Enterprise plan includes white-label reporting so you can brand reports for your clients.

Is my data secure? +

Yes. DMARC aggregate reports contain only metadata about email authentication — no email content. All data is encrypted in transit (TLS) and at rest (AES-256). We do not share your data with third parties and comply with GDPR and CCPA.

What's the difference between RUA and RUF reports? +

RUA (Reporting URI for Aggregate) reports contain summarized authentication data sent daily by receiving servers — this is what MX Pilot primarily analyzes. RUF (Reporting URI for Forensic) reports contain individual failure records and may include sensitive message headers. MX Pilot focuses on RUA aggregate analysis to protect privacy.

Stop emailfrom fallinginto the void.

From DNS to dashboardin minutes.