DMARC enforcement that stays working as your business changes.
34% of organisations that achieve DMARC enforcement see authentication failures within 6 months because new services are added without updating records. IP Four monitors your authentication continuously and updates records proactively so enforcement never breaks.
Managed DMARC that never needs your attention.
DMARC is not a set-and-forget configuration. Businesses add new services, providers change IP ranges, and attackers look for gaps. We handle all of it so you do not have to.
Continuous DMARC Report Monitoring
DMARC aggregate reports monitored continuously for authentication failures, new sending sources, and policy violations. Anomalies investigated and resolved before they affect email deliverability or allow spoofing attacks to succeed.
SPF and DKIM Record Maintenance
SPF and DKIM records updated whenever new sending services are added, existing services change their infrastructure, or third-party providers update their IP ranges. Authentication failures caused by record drift prevented proactively.
Authentication Failure Alerting
Automated alerts triggered when authentication failure rates exceed defined thresholds. New unknown sending sources flagged immediately. Sudden changes in sending patterns that may indicate a spoofing campaign reported within hours.
Monthly Authentication Health Reports
Monthly report delivered covering authentication pass rates, sending source breakdown, policy compliance, and any notable events. Written in plain English with clear recommendations. Trend data shows improvement over time.
Policy Enforcement Maintenance
DMARC reject policy maintained and verified monthly. Policy downgrade attacks monitored for. DNS propagation verified after any record changes. Enforcement confirmed working correctly at major receiving mail providers.
Annual Authentication Review
Full annual review of all sending sources, authentication records, and policy configuration. New services added during the year verified as correctly authenticated. DKIM key rotation completed. Recommendations for any improvements identified.
From setup to continuous protection.
Monitoring Infrastructure Setup
DMARC reporting infrastructure configured to collect and process reports from all major mail providers. Alerting thresholds defined based on your organisation's sending patterns and risk tolerance.
Baseline Establishment
Authentication pass rates, sending source inventory, and policy compliance baseline established in the first month. All metrics documented to provide a reference point for ongoing monitoring.
Continuous Report Analysis
DMARC aggregate reports analysed continuously. New sending sources identified and investigated. Authentication failures categorised as legitimate source issues or spoofing attempts. Issues resolved proactively.
Record Change Management
SPF and DKIM records updated whenever your sending infrastructure changes. Change requests processed within agreed SLA. All changes tested and verified before deployment. Change log maintained for audit purposes.
Monthly Reporting
Monthly report delivered covering all key metrics, notable events, and recommendations. Report reviewed with your team on request. Trend data presented to demonstrate ongoing authentication health.
Annual Review and Optimisation
Full annual review of all authentication records, sending sources, and policy configuration. DKIM keys rotated. Any optimisation opportunities identified and implemented. Updated documentation provided.
How ongoing monitoring has protected UK businesses.
New CRM Causing Authentication Failures
A Nottingham professional services firm added a new CRM system 4 months after achieving DMARC enforcement. The CRM sent automated emails from their domain without being added to their SPF record, causing authentication failures.
Authentication failure alert triggered within 6 hours of the CRM sending its first email. SPF record updated and DKIM configured for the CRM within the same business day. Zero legitimate emails blocked. Client unaware of the issue.
Third-Party IP Range Change
A Cardiff marketing agency's email marketing platform changed their sending IP ranges without notifying clients. The agency's SPF record no longer covered the new IP ranges, causing marketing emails to fail authentication.
IP range change detected from DMARC aggregate reports within 24 hours. SPF record updated to include new IP ranges. Marketing email deliverability restored before the client's next campaign send. No campaign revenue lost.
Spoofing Campaign Detected and Blocked
A London law firm's DMARC monitoring detected a sudden spike in authentication failures from IP addresses in multiple countries. The pattern matched a targeted spoofing campaign attempting to defraud their clients.
Spoofing campaign detected from monitoring alerts within 2 hours of it starting. Firm notified immediately. DMARC reject policy confirmed working correctly. Clients alerted proactively. Campaign stopped before any successful fraud.
Keep your DMARC enforcement working indefinitely.
DMARC enforcement breaks when businesses add new services without updating their records. Our managed service prevents this from happening and keeps your domain protected continuously.