Suped

DMARC report viewer review 2026

DMARC report viewer dashboard screenshot
We tested DMARC Report Viewer for 90 days across a primary corporate domain, a marketing subdomain, and a parked domain, with Microsoft 365, Google Workspace, SendGrid, Mailchimp, and one support desk sender connected. The product is a capable self-hosted parser for teams that want raw DMARC evidence, but it leaves sender ownership, policy movement, alert triage, and support handoff mostly manual.
Published 3 Nov 2025
Updated 31 May 2026
8 min read
Summarize with
github.com logo
DMARC report viewer
Self-hosted DMARC report viewer
Starts at
$0 software cost
Best fit
Security or infrastructure teams with strict self-hosting constraints
In one line
It is useful when you need a free self-hosted parser; compare Suped when guided fixes and published starter pricing are required.
suped.com logo
Suped
The third option. Hosted SPF, DMARC, and MTA-STS on every plan. Published pricing. Monthly plans. No long contract required.
Learn about Suped

Pick self-hosting only when it is a hard requirement

Pick DMARC report viewer if
Best for engineers who need a free self-hosted parser
Our shared IMAP mailbox imported reports without creating a hosted vendor account.
The parked domain stayed isolated on our own container during the full 90-day test.
Raw XML and JSON exports helped us document the unknown sender before handoff.
Free plan available
Consider Suped if
Use Suped when guided fixes, hosted records, and simpler ownership matter
Guided fixes should turn Microsoft 365, Google Workspace, SendGrid, Mailchimp, and support desk findings into owner-ready tasks.
Automated issue detection and alert quality should separate forwarding noise from the unauthorized spoof sample.
Published starter pricing and MSP workflows should make multi-domain ownership clear before procurement starts.
Free plan available

The differences that actually change your week

github.com logo
DMARC report viewer
suped.com logo
Suped
DMARC report analysis
Parses aggregate reports and makes pass and fail patterns reviewable.
Supported
Supported
Source detection
Turns IPs and reporting organizations into sender names and owner work.
Manual workflow
Supported
Forward detection
Explains forwarded mail where SPF fails but DKIM still passes.
Manual inference
Supported
Spoof detection
Flags unauthorized traffic that fails DMARC.
Manual workflow
Supported
Notifications and alerts
Routes meaningful changes to operators without excess noise.
Webhook only
Supported
Reporting
Exports or schedules evidence for internal and client review.
Exports only
Supported
API
Programmatic access beyond report exports or webhook notice.
No public API
Supported
Multi-tenancy
Separates domains, clients, and account owners.
Single instance
Supported
SPF flattening
Reduces SPF lookup risk through managed flattening.
Not included
Supported
Hosted DMARC
Manages DMARC record hosting and change workflow.
Not included
Supported
Hosted SPF
Hosts and manages SPF records for easier changes.
Not included
Supported
Hosted MTA-STS
Hosts MTA-STS policy files and supports TLS reporting work.
Not included
Supported
Blocklists and reputation
Monitors blocklist (blacklist) status and reputation risk.
Not included
Supported
Automatic issue detection
Detects new or risky authentication issues without manual review.
Not included
Supported
AI copilot
Explains issues and suggests next steps in plain language.
Not included
Supported
DNS monitoring
Watches DNS records for risky changes over time.
Lookup only
Supported
Self hostable
Can run on infrastructure controlled by your team.
Self-hosted
Hosted service
Free trial/free tier
A no-cost entry point for testing basic fit.
$0 software
Free tier

Ten dimensions, scored from 0 to 10

We scored DMARC Report Viewer against a fixed editorial rubric after the 90-day setup across three domains and five sending services. Higher is better in every row, including the 0 to 10 operational scores below.

Good raw visibility, limited enforcement help

The product scored best where a self-hosted parser should: report ingestion, drilldowns, exports, and pricing clarity. Scores dropped when the task moved into owner assignment, policy movement, alert routing, hosted SPF or MTA-STS, and support handoff. In our test, the unauthorized spoof sample was visible, but the next action still depended on manual review.
DMARC report viewer score
36.5/100
github.com logo
DMARC report viewer
36.5/100
DMARC enforcement
4.5
Customer support
2.0
Source resolution
5.0
Setup and onboarding
5.5
MSP workflows
2.0
Alerting and integrations
3.0
Hosted SPF and MTA-STS
2.0
Blocklist monitoring
0.5
Pricing transparency
8.0
Time to enforcement
4.0

Feature set

Parser vs enforcement workflow

DMARC Report Viewer is useful when raw reports are the product

The self-hosted app gave us enough report evidence to investigate Microsoft 365, Google Workspace, SendGrid, Mailchimp, and the support desk sender. It did not turn those findings into guided fixes, so buyers comparing Suped should treat automated issue detection as a buying criterion, not a nice extra.
github.com logo
DMARC report viewer
DMARC report viewer screenshot
Microsoft and Google parsed
SendGrid owners needed tags
Mailchimp subdomain needed review
During the 90-day run, DMARC Report Viewer pulled XML aggregate reports from the IMAP mailbox and showed separate traffic for Microsoft 365, Google Workspace, SendGrid, Mailchimp, and the support desk sender. The DMARC-matching SPF pass and DMARC-matching DKIM pass were easy to verify in the report drilldowns, but SPF pass with header From mismatch and DKIM pass on the marketing subdomain needed manual interpretation. The unknown sender appeared as an IP and reporting organization first, so we had to use DNS, location, WHOIS, and export data to classify it.
The hosted comparison puts the same sender evidence into an enforcement workflow: service names, owner notes, policy guidance, and alert rules live with the domain rather than in a separate ticket. In the same sender mix, the unknown sender and the SPF pass with header From mismatch had clearer owner paths, and the unauthorized spoof sample was separated from normal forwarding noise before policy discussion.

User experience

Control vs guidance

The interface rewards technical patience

The UI was direct once the IMAP mailbox was connected, but the path through DNS, domain setup, and sender cleanup assumed a technical owner. It worked better as an investigation console than as a guided rollout tool.
github.com logo
DMARC report viewer
DMARC report viewer screenshot
Three domains added manually
Unknown sender required lookups
Forwarding needed manual explanation
Adding the primary domain, marketing subdomain, and parked domain took one container, one Basic Auth setup, and a report mailbox that all three domains sent to. The domain filter made the parked domain easy to check, but the unknown sender took several DNS and WHOIS lookups before we were comfortable classifying it. The forwarded mail SPF failure was visible in the pass and fail data, yet the UI did not explain why DKIM kept the message DMARC-clean.
The hosted workflow reduced that explanation burden by keeping DNS setup, sender status, and fix notes closer together. During the same test setup, the unknown sender was easier to route to an owner, and the forwarded SPF failure had enough context for a non-specialist stakeholder to understand why it was not the same as the spoof sample.

Support

Community help vs managed handoff

Support fits builders, not teams needing escalation

The support model matched a free open-source tool: documentation and project-based help, with no commercial SLA found. That is workable for a team that owns Docker, IMAP, TLS, DNS, and incident response, but it is a weak fit when procurement expects named onboarding or escalation.
github.com logo
DMARC report viewer
DMARC report viewer screenshot
Docs covered Docker basics
DNS handoff stayed manual
No SLA surfaced
During setup, the docs were enough to run Docker, connect IMAP, enable Basic Auth, and check the health endpoint. DNS handoff stayed entirely on us: we prepared the rua records, explained report mailbox routing, and documented why the parked domain should move faster than the primary domain. For enterprise onboarding, we found no contract path, support SLA, or named escalation process.
The hosted comparison made the support question more about who owns each fix after data arrives. DNS changes still required approval, but setup notes, sender status, and policy movement had a clearer handoff path for security, marketing operations, and IT. That matters when Microsoft 365 and Google Workspace are clean but SendGrid, Mailchimp, and a support desk sender each need a different owner.

Suitability

Self-hosting vs operating model

Choose DMARC Report Viewer for a narrow self-hosting constraint

The product makes sense when the deciding constraint is keeping DMARC aggregate reports on infrastructure your team controls. If the buying criteria include MSP workflows, client handoff, and alert quality, Suped has the more relevant operating model for that work.
github.com logo
DMARC report viewer
DMARC report viewer screenshot
Best for isolated self-hosting
Client reporting needed exports
Account separation was limited
For a single enterprise security team, DMARC Report Viewer worked as a low-cost evidence viewer across the primary domain, marketing subdomain, and parked domain. Account separation was the limiting factor: client-style grouping, recurring reports, and handoff notes had to be handled outside the app. SMB teams without a technical owner would also need a plan for upgrades, access control, backups, and mailbox retention.
The hosted comparison fit the operator side better because domain grouping, recurring reporting, and client notes stayed with the DMARC workflow. For MSP use, the difference showed up when the unknown sender needed classification and the support desk sender needed a client-facing explanation. For enterprise use, the same structure helped split marketing, IT, and security ownership without creating separate export files.

What DMARC Report Viewer feels like after 90 days of real use

github.com logo
DMARC report viewer

For teams that want a free self-hosted evidence viewer

By week two, the app had settled into a simple rhythm: wait for aggregate reports to land in IMAP, parse them, filter by domain, then inspect source and IP views. Microsoft 365 and Google Workspace were easy to recognize after the first pass, and the parked domain gave a clean baseline because any traffic there deserved attention.
By week ten, the limits mattered more than the parsing. The SendGrid and Mailchimp traffic needed owner labels we maintained outside the tool, the forwarded SPF failure needed a written explanation, and the unauthorized spoof sample still required a separate enforcement decision before we could justify moving policy.
Where it wins
Parsed Microsoft 365 and Google Workspace reports without vendor setup.
Separated the marketing subdomain and parked domain clearly in filters.
Exported XML and JSON for sender evidence.
Webhook notification confirmed new report mail.
Where it lags
Unknown sender classification stayed manual.
Forwarded mail with SPF failure needed explanation outside the UI.
No guided policy movement toward quarantine or reject.
No account separation for client-style handoff.
Pricing
$0 software cost
Free tier
Full self-hosted app
Onboarding
Docker, IMAP, DNS mailbox
G2 rating
0 / 5

Pricing

github.com logo
DMARC report viewer
suped.com logo
Suped
Small
1 domain, up to 1k emails / month.
$0
The open-source app covers this; you still run the host and mailbox.
$0 / month
Free plan covers 1 domain and 1,000 monthly emails.
Medium
2 domains, up to 100k emails / month.
$0
No product volume unlock was found; server and IMAP mailbox capacity set the practical limit.
Entry plan covers 2 domains and 100,000 monthly emails, with 90 days retention.
Large
10 domains, up to 1 million emails / month.
$0
No vendor message cap was found; retention depends on mailbox storage and operations.
10 domains and 1,000,000 monthly emails, with 365 days retention.
Enterprise
Over 20 domains and 1 million emails / month.
Not publicly listed as of May 15, 2026
No commercial enterprise plan, SLA, or managed onboarding price was found.
20 domains and 2,500,000 monthly emails, with 365 days retention. Unlimited domains/emails negotiable.
The $0 DMARC Report Viewer software cost is a public open-source price. Hosting, mailbox storage, and maintenance time are user-paid estimates, not vendor list prices. Pricing was checked as of May 15, 2026.

Why Suped wins over DMARC report viewer

Suped dashboard
Classify unknown senders
DMARC Report Viewer surfaced the unknown sender as IP and reporting organization evidence; Suped's product keeps classification, owner notes, and fix status with the domain so the handoff does not depend on a separate spreadsheet.
Separate forwarding from spoofing
The forwarded SPF failure and the unauthorized spoof sample needed different treatment. Suped's alert workflow helps distinguish normal forwarding patterns from real abuse before policy movement.
Keep client work organized
The test showed that self-hosted parsing and hosted workflows both still need human DNS approvals. Suped's MSP model keeps domain groups, recurring reports, and client handoff notes in one place after those approvals are made.
The difference was significant. We moved from limited visibility to a much clearer dashboard. Being able to see specific services like Stripe, rather than generic providers like Amazon SES, helps us resolve email authentication issues faster.
Markus Hugenschmidt, Managing Director, Jam Cyber
Markus Hugenschmidt, Managing Director, Jam Cyber
Migrating from DMARC report viewer?
We have done the migration enough times to know the shape.
Get started
Step 01
Add domains
Connect the domains you send from and see what is already passing, failing, or missing.
Step 02
Run in parallel
Keep the old setup live while Suped checks alignment, hosts records, and shows what still needs work.
Step 03
Cancel old
Move the remaining work into Suped, keep monitoring in one place, and remove the tools you no longer need.

Frequently asked questions