TrustedMARC started the same way a lot of useful software does — with a problem that needed solving and nothing off the shelf that quite did the job.
The brief was straightforward enough: understand where our emails were coming from. DMARC aggregate reports were arriving in the inbox every day, and someone needed to make sense of them. What services were sending as our domain? Were they authenticated properly? Was anything unexpected turning up?
The existing tools all had the same answer: point your DMARC reports at our servers, pay a monthly fee per domain, and we'll show you a dashboard. That meant changing DNS records, sending your report data to a third party permanently, and committing to an ongoing subscription for something that should really be a straightforward analysis job.
What was actually needed was something simpler. Drop in the report files, get a clear picture, know what to fix. Something that could run on demand when needed — not a service running continuously in the background. Something that produced a report that could be handed to senior leadership without needing to explain what a DMARC record is. Something that kept the data where it belongs — on your own machine.
So we built it. TrustedMARC processes everything locally, identifies sending services by name, flags anything suspicious, and produces a clean HTML report with prioritised recommendations. It takes minutes to run and gives you a complete picture of your email authentication posture — including whether tightening your DMARC policy would disrupt anything legitimate.
It turned out to be useful enough that other people might find it useful too. So here it is.