Cloudflare's DMARC Management is a newer addition to their vast array of web application security and performance services. It integrates into their existing ecosystem, leveraging their global network infrastructure. The focus here is on providing DMARC capabilities as part of a broader security posture for domains already using Cloudflare for DNS, WAF, or CDN.
From our hands-on experience, the DMARC features are functional, offering basic reporting and monitoring to help achieve DMARC compliance. It feels more like a logical extension to their existing offerings rather than a deeply specialized DMARC solution built from the ground up, which aligns with their comprehensive web platform strategy.
DMARC360, under the CTM360 umbrella, approaches DMARC with a strong emphasis on digital risk protection and brand security. Their platform is designed to identify and remediate external threats, including phishing, spoofing, and brand impersonation. DMARC plays a central role in this strategy, providing the necessary visibility into email authentication.
We found DMARC360 to offer robust DMARC reporting and analytical tools, clearly tailored for organizations serious about protecting their email channels and brand integrity. The platform's capabilities extend beyond mere reporting, aiming to give you actionable insights to combat malicious actors effectively.
How easy is each product to use
User experience
Using Cloudflare's DMARC Management feels familiar if you are already a Cloudflare user. The interface is consistent with their broader dashboard, making navigation relatively straightforward for basic tasks. However, as with many all-encompassing platforms, diving into advanced configurations or troubleshooting can sometimes require a steeper learning curve.
We observed that the initial setup for DMARC within Cloudflare is quite intuitive, especially if your DNS is also managed there. The challenge often arises when integrating with complex email ecosystems or trying to extract highly granular DMARC-specific insights that might not be immediately obvious within their generalized security analytics.
DMARC360 offers a user-friendly interface that prioritizes clear presentation of DMARC data. We found the dashboards to be well-organized, allowing for quick identification of email authentication issues and potential threats. The design aims to make complex DMARC reports digestible, which is a significant plus.
While the platform is generally easy to navigate, some users might initially find the breadth of modules and filtering options a bit overwhelming. However, once familiarized, the ability to drill down into specific data points becomes a powerful asset for email security professionals, allowing for efficient threat hunting and policy adjustments.
Which product has the best support
Support
Cloudflare's support experience can vary significantly depending on your plan tier. For free or lower-tier users, support is primarily community-driven and through extensive documentation, which can be fantastic if your issue is common. However, for unique or urgent DMARC-related problems, getting timely, direct technical assistance can be a slow process.
Based on our interactions and user feedback, enterprise-level clients generally receive much more responsive and dedicated support. If DMARC is a critical component of your email security and you anticipate needing hands-on help, considering a higher-tier Cloudflare plan or supplementing with internal expertise would be wise.
DMARC360 consistently receives high praise for its responsive and knowledgeable support team. We found their team to be very proactive and helpful, guiding us through complex DMARC configurations and interpreting tricky reports. This level of personalized assistance is invaluable, especially for intricate email authentication issues.
The strong support is a major differentiator, suggesting that DMARC360 understands the nuances of email security and is committed to ensuring customer success. For organizations that prefer a more guided approach or have limited in-house DMARC expertise, their support can be a significant advantage.
Who should use each product
Suitability
Cloudflare's DMARC Management is well-suited for existing Cloudflare users who want to consolidate their web and email security under one roof. It's a good fit for SMBs and mid-market companies seeking a unified security platform with DMARC as an integrated feature. For enterprises, it offers a scalable solution, particularly if they already leverage Cloudflare extensively.
For MSPs, Cloudflare can be an attractive option for clients who are already within the Cloudflare ecosystem, offering a streamlined approach to DMARC alongside other managed services. However, MSPs solely focused on deep DMARC specialization might find it less tailored than dedicated DMARC platforms, needing to manage it alongside Cloudflare's broader offerings.
DMARC360 is ideal for organizations where email security and brand protection are paramount. This includes enterprises and mid-market companies with a high risk of spoofing or phishing, such as financial services or e-commerce. Its specialized focus makes it a strong choice for those who need in-depth DMARC analysis and active threat remediation.
MSPs serving clients with significant brand value or a history of email-based attacks will find DMARC360's comprehensive features and excellent support beneficial for ensuring client trust and security. SMBs can also benefit from their free Community Edition to start, scaling up for more advanced protection as needed.
How does Cloudflare compare with DMARC360?
DMARC report analysis
Analyzes DMARC aggregate and forensic reports.
Source detection
Identifies legitimate and malicious email sending sources.
Forward detection
Helps distinguish legitimate email forwarding from spoofing.
Spoof detection
Detects unauthorized use of your domain in email.
Notifications and alerts
Provides alerts for DMARC policy violations and anomalies.
Reporting
Offers various reports and visualizations of DMARC data.
API
Provides an API for programmatic access to data and features.
Available for broader Cloudflare platform.
Likely, as a modern platform, but not explicitly highlighted.
Multi-tenancy
Allows management of multiple domains/clients from one account.
SPF flattening
Helps overcome the 10-DNS-lookup limit for SPF records.
Not explicitly a DMARC feature, can be managed with other services.
Common for DMARC specialists to offer this.
Hosted DMARC
Manages your DMARC DNS records for you.
BIMI
Supports Brand Indicators for Message Identification.
Not explicitly listed as a DMARC feature.
Aligns with brand protection focus.
MTA-STS/TLS-RPT
Supports secure email transport protocols.
As a network provider, Cloudflare facilitates secure transport.
Essential for robust email security specialists.
Blocklists and reputation
Monitors sender reputation and potential blacklistings.
As part of broader security offerings.
Key to external threat monitoring.
AI copilot
Leverages AI for intelligent insights and automation.
Cloudflare integrates AI across its platform.
Not highlighted as a feature.
DNS monitoring
Monitors DNS records for unauthorized changes.
Core Cloudflare service.
Part of external attack surface management.
Self hostable
Option to host the software on your own infrastructure.
SaaS only.
SaaS only.
Free trial/free tier
Offers a free trial period or a permanently free tier.
DMARC management in free beta, general free plans.
Community Edition is free.
Drawbacks and what to watch out for
Both Cloudflare and DMARC360 are robust in their respective domains, but we've noted some common themes in user feedback. Cloudflare users often point to challenges with customer support for non-enterprise plans and the complexity of advanced settings. DMARC360 users, while praising its effectiveness, occasionally mention the interface could be more streamlined or that certain reporting features lack deeper customization.
We have pulled the average ratings from G2 for each product, and also included the most recent negative reviews for each product in full. Positive reviews tend to have less detail and have a higher chance of being fraudulent, so negative reviews are a better signal for your decision.
4.5 / 5(561)
4.7 / 5(360)
Horrible Support and Billing - They run with your money and don't care to get billing correct
0.0 / 5
What do you like best about Cloudflare Application Security and Performance?
Ease of deployment, dashboard and configurations for the WAF, Cache, and other features are top tier with ease, settings, and logging. Just don't have an issue with them or you're on your own. Also, don't keep a credit card on file or they'll bill you for their mistakes.
What do you dislike about Cloudflare Application Security and Performance?
Customer support and billing. Their support does not read what you have to say but rather comes in with their own interpretation of what has happened and forces their views on your issue rather than trying to understand exactly what is happening. On two occassions in the last few months I have had this happen when I encountered an issue with the core product and their billing.
The billing should be detailed further as it is sketchy business practices. Back in April they changed their billing software and charged me incorrectly for a month as it included the previous month as well (which I already paid). I brought this to their attention and the billing support assured me that it was not a problem. Come last week, they limited my account as I "had unpaid biling" so I contacted them again and brought attention to this wrong invoice that they never corrected. Come yesterday, they just charged my credit card on file without my authorization or explanination of what is going on. I've replied to the open ticket and created a new ticket and no one is answering.
I don't want to be a drama case but this is ridiculous to have been charged something from months ago and not be given an explanation.
What problems is Cloudflare Application Security and Performance solving and how is that benefiting you?
Improve the security and performance of our websites/applications. Their configurable/customizable WAF, CDN/Caching, bot mitigation, and DDoS protection accomplish this for our websites/applications.
Jim M.
Owner Small-Business (50 or fewer emp.)
delivers a seamless, proactive brand protection experience
3.5 / 5
What do you like best about CTM360?
CTM360 consolidates external attack surface management, brand protection, anti‑phishing, and takedowns into a single, unified platform. It cuts through the noise with pre‑populated threat data specific to our brand—no extra setup required—and consistently delivers highly actionable alerts
What do you dislike about CTM360?
While takedowns are fast and effective, expanding reach across more platforms and registrars would enhance the impact
What problems is CTM360 solving and how is that benefiting you?
Data leakage, Breaches, Brand imposters or VIP
Verified User in Airlines/Aviation
Mid-Market (51-1000 emp.)
Support very unresponsive. Not understanding P1 urgency. Delayed project 3 whole days.
0.0 / 5
What do you like best about Cloudflare Application Security and Performance?
The website is intuitive, implementation steps are straightforward. It has numerous features, and they are indeed needed by a web app.
What do you dislike about Cloudflare Application Security and Performance?
If your implementation goes well, it's fine. However, if you are in trouble, the support doc is useless. You pay for the pro plan to try to get some technician support. No one cares about your business or service, even if you identify it as a P1 urgency. My project was down and could not get anyone to help me when I identified it as a high-impact ticket.
What problems is Cloudflare Application Security and Performance solving and how is that benefiting you?
The ticket support system is horrible. No technicians provide you with timely manner answers and support. Not worth the price.
Andrew Z.
Small-Business (50 or fewer emp.)
It's Good
4.0 / 5
What do you like best about CTM360?
The detection works. Really good information given on breached credentials and fake apps that a takedown was so easy.
What do you dislike about CTM360?
The interface is not user friendly. Sometimes it takes more than a couple of clicks to get the information needed.
What problems is CTM360 solving and how is that benefiting you?
It allows us to view breached credentials and also fake website & apps.
Zulfa J.
CTO Small-Business (50 or fewer emp.)
WAF is good, but so many half baked side features
2.5 / 5
What do you like best about Cloudflare Application Security and Performance?
The WAF is pretty industry standard. Its not too slow, gets regular updates, easy to deploy and cheap
What do you dislike about Cloudflare Application Security and Performance?
The side features are just trash. Its clear they have been shipped and dropped.
Cloudflare Bot Detection should not exist. Its not even funny how easy it is to bypass.
Page Shield is a joke, their API security is a joke.
What problems is Cloudflare Application Security and Performance solving and how is that benefiting you?
OWASP top 10
Verified User in Computer Software
Small-Business (50 or fewer emp.)
CTM360 give whole experience as a user. The detection for cases is okay overall
4.0 / 5
What do you like best about CTM360?
The support of the CTM360 team is totally responsive and helpful. The platform also user friendly and easy to use
What do you dislike about CTM360?
Sometimes we got confuse with the filtering features. However, the support team has guide us accordingly
What problems is CTM360 solving and how is that benefiting you?
Detection for EASM cases - features of deep scanning
brand monitoring. By connecting with the CIRT team globally. CTM360 Sometimes able to take down cases faster than other platform
Verified User in Financial Services
Enterprise (> 1000 emp.)
Love the product- support could use some work
2.5 / 5
What do you like best about Cloudflare Application Security and Performance?
Super easy to use. Very developer friendly. Tons of value for price. Undoubtedly #1 in WAF.
What do you dislike about Cloudflare Application Security and Performance?
Could use some better support. No direct channels for tech questions.
What problems is Cloudflare Application Security and Performance solving and how is that benefiting you?
It's providing great security for our web app.
Verified User in Computer Software
Mid-Market (51-1000 emp.)
Recommmended
4.0 / 5
What do you like best about CTM360?
quick Threat intelligence and insights about the related issues and leaks
What do you dislike about CTM360?
Sometime shows repeated or resolved issues and vulnerabilities
What problems is CTM360 solving and how is that benefiting you?
TI feeds, Data leaks etc
Hafiz T.
Unit Head Cyber Security Operations Enterprise (> 1000 emp.)
Don't Pay for Support
2.5 / 5
What do you like best about Cloudflare Application Security and Performance?
In general, cloudflare is really easy to navigate, especially for simple DNS and domain management. Unless you have a complicated setup, I find it easy enough to move a domain or simply manage DNS for most sites.
What do you dislike about Cloudflare Application Security and Performance?
Their support is terrible. Had an issue with a client's DNS and the person I was talking to clearly didn't have a clue what they were talking about. They took so long between answers, it seemed like they were just asking someone else. Ultimately, they were of no help and we were out the money we paid to have live support.
What problems is Cloudflare Application Security and Performance solving and how is that benefiting you?
Makes DNS and Security easy for most websites and domains.
Verified User in Marketing and Advertising
Small-Business (50 or fewer emp.)
Review CTM360 after using for 1 Year period.
4.0 / 5
What do you like best about CTM360?
Most helpful from CTM360 is take down phishing domain very fast for my customer and could finding and detect Brand Impersonation focus on Social media app with fake content.
What do you dislike about CTM360?
Least helpful is data exposure on repository with another platform such as Gitlab , Bitbucket in case some customer using above tool will could not detect.
What problems is CTM360 solving and how is that benefiting you?
In the past take down period is big issue for my customer because take around 5-7days and customer have complain on this issue , However when changing to use "Brand Protection" of CTM360 service , CTM360 team could help my team action quickly on take down phishing URL or fake content URL related with my customer domain name. average complete action take down around 2-3 days.
Watthanachai K.
Consulting IT Specialist Small-Business (50 or fewer emp.)
Pricing
Cloudflare offers its DMARC Management in beta for free, while DMARC360 provides a free Community Edition, with specific pricing requiring direct contact for both beyond their basic offerings.
4.5 / 5(561)
