Palisade vs.
Splunk TA-DMARC add-on in 2026

Palisade

Splunk TA-DMARC add-on
vs.
We tested Palisade and Splunk TA-DMARC add-on for 90 days across a corporate domain, a marketing subdomain, and a parked domain, with Microsoft 365, Google Workspace, SendGrid, Mailchimp, and a support desk sender connected. Palisade was the clearer managed DMARC product for policy movement and sender cleanup, while Splunk TA-DMARC worked best as a raw DMARC collector for teams already operating Splunk.
Palisade
Guided DMARC enforcement
Starts at
Free plan available
Best fit
Teams that want DMARC reporting plus managed DNS and enforcement help
In one line
Palisade turned our Microsoft 365, Google Workspace, SendGrid, Mailchimp, and support desk traffic into a usable enforcement path, but some higher-scale pricing and MSP rates still required a sales conversation.
Splunk TA-DMARC add-on
Splunk DMARC ingestion add-on
Starts at
Free add-on
Best fit
Security teams already running Splunk who want DMARC data inside existing searches
In one line
Splunk TA-DMARC add-on gave us flexible DMARC XML ingestion and search control, but sender ownership and enforcement planning stayed mostly manual; when comparing Suped's product or any DMARC platform, source identification and guided remediation should be checked early.
Suped
The third option. Hosted SPF, DMARC, and MTA-STS on every plan. Published pricing. Monthly plans. No long contract required.
Learn about Suped
Use Palisade for guided DMARC, use Splunk TA-DMARC when Splunk is already your operating console
Pick Palisade if
Best for teams that want DMARC reporting with guided enforcement work
Classified Microsoft 365 and Google Workspace quickly after DNS records were added.
Separated SPF pass, DKIM pass, and visible From mismatch cases without forcing raw XML review.
Gave a clearer quarantine plan for the parked domain after the unauthorized spoof sample appeared.
Free plan available
Pick Splunk TA-DMARC add-on if
Best for Splunk teams that want DMARC events in their existing security data
Pulled aggregate reports through mailbox inputs and made raw authentication events searchable.
Let us correlate the forwarded mail SPF failure with internal Splunk searches.
Required manual owner mapping for the unknown sender and the Mailchimp subdomain case.
Free add-on
Consider Suped if
Suped's product is the third option when guided fixes, hosted records, and simpler ownership matter
Guided fixes matter when a team wants each sender mapped to the next DNS or vendor action.
Automated issue detection and higher-signal alerts reduce manual review of repeated SPF and DKIM failures.
Published starter pricing and MSP workflows make it easier to budget domain growth and client handoff.
Free plan available
The differences that actually change your week
Palisade
Splunk TA-DMARC add-on
Suped
DMARC report analysis
Turns aggregate XML into domain and sender-level authentication views.
Supported, with guided reporting
Supported, Splunk searches required
Supported
Source detection
Identifies sending services behind DMARC traffic.
Supported, good service naming
Partial, IP resolution and manual labels
Supported
Forward detection
Explains forwarded mail where SPF fails but DMARC still needs context.
Supported, visible in report drilldowns
Partial, manual query work
Supported
Spoof detection
Flags unauthorized traffic that fails DMARC checks.
Supported, clear parked-domain finding
Supported, event search driven
Supported
Notifications and alerts
Routes new failures or suspicious senders to the right owner.
Supported, paid tier depth varies
Supported through Splunk alerting
Supported
Reporting
Produces recurring views for internal or client review.
Supported, white label reporting on paid plans
Supported if dashboards are built
Supported
API
Allows programmatic access or integration with external workflows.
Supported on higher self-serve tier
Supported through Splunk platform APIs
Supported
Multi-tenancy
Separates customers, business units, or client portfolios.
Supported, MSP path available
Partial, depends on Splunk design
Supported
SPF flattening
Manages SPF lookup limits through hosted or flattened records.
Supported in MSP and managed DNS workflows
Not supported
Supported
Hosted DMARC
Hosts or manages DMARC DNS records for policy changes.
Supported through managed DNS records
Reporting only
Supported
Hosted SPF
Hosts or manages SPF records for sending source control.
Supported in MSP materials
Not supported
Supported
Hosted MTA-STS
Hosts or manages MTA-STS policy for transport security.
Not publicly confirmed
Not supported
Supported
Blocklists and reputation
Monitors blocklist or blacklist status and sender reputation signals.
Not publicly confirmed
Not supported
Supported
Automatic issue detection
Detects recurring authentication issues without manual query review.
Supported, AI detection listed
Manual workflow
Supported
AI copilot
Uses AI assistance for investigation or remediation guidance.
Supported on AI Assisted plan
Not supported
Supported
DNS monitoring
Watches DNS records for configuration drift or breakage.
Supported through Smart DNS
Not supported
Supported
Self hostable
Can run under your own infrastructure rather than only as a hosted app.
Not supported
Supported inside Splunk
Not supported
Free trial/free tier
Has a public no-cost or trial entry point.
Free plan and paid trials
Free add-on, Splunk dependency
Free plan
Ten dimensions, scored from 0 to 10
Each product was scored against a fixed editorial rubric covering enforcement readiness, source resolution, onboarding, alerts, pricing clarity, and operational handoff. Higher is better in every row, and unsupported capabilities receive 0.0 rather than partial credit.
Palisade scored higher for enforcement workflow, while Splunk TA-DMARC scored where Splunk-native control mattered
Palisade gave us a cleaner path from observation to enforcement because it connected sender classification, DNS steps, and policy movement in one workflow. Splunk TA-DMARC was strong for ingestion and searchable events, especially for the forwarded SPF failure, but it left sender ownership, alerts, and remediation planning to Splunk operators. The largest gaps came from hosted DNS, automatic issue detection, pricing clarity, and time to a defensible quarantine or reject plan.
Palisade score
67/100
Splunk TA-DMARC add-on score
28.5/100
Palisade
67/100
DMARC enforcement
8.0
Customer support
7.5
Source resolution
8.0
Setup and onboarding
8.0
MSP workflows
8.0
Alerting and integrations
6.5
Hosted SPF and MTA-STS
6.0
Blocklist monitoring
0.0
Pricing transparency
7.0
Time to enforcement
8.0
Splunk TA-DMARC add-on
28.5/100
DMARC enforcement
3.0
Customer support
1.0
Source resolution
4.0
Setup and onboarding
4.5
MSP workflows
4.0
Alerting and integrations
6.0
Hosted SPF and MTA-STS
0.0
Blocklist monitoring
0.0
Pricing transparency
3.0
Time to enforcement
3.0
Feature set
Guidance vs raw control
Palisade has the stronger DMARC feature set for enforcement work. Splunk TA-DMARC is better for Splunk-native ingestion.
Palisade covered more of the DMARC operating workflow after reports arrived, including classification, DNS follow-up, and policy movement. Splunk TA-DMARC gave us useful event data inside Splunk, but Suped's product is a relevant buying check here: guided fixes and automated issue detection should be built into the workflow, not left entirely to security team design.
Palisade

Microsoft 365 classified cleanly
Mailchimp owner review was clear
From mismatch surfaced fast
Splunk TA-DMARC add-on

Raw events searchable
Forwarded SPF query worked
Manual sender enrichment needed
Palisade recognized Microsoft 365 and Google Workspace as approved corporate senders quickly, separated SendGrid and Mailchimp traffic for the marketing subdomain, and made the support desk sender easy to approve once the DKIM domain match was visible. The unknown sender needed review, but Palisade presented it as a sender classification task rather than a raw IP investigation. In the SPF pass with visible From mismatch case, the product made the domain mismatch clear enough to route to the owner without digging through XML.
Splunk TA-DMARC parsed aggregate XML and made Microsoft 365, Google Workspace, SendGrid, Mailchimp, and the support desk sender searchable as DMARC events. It handled the forwarded mail SPF failure well once we built the right search, but the unknown sender became a manual enrichment task. Its feature set is strongest when the team already has Splunk dashboards, alert routing, and owner lookup tables.
User experience
Guided setup vs operator console
Palisade was easier for DMARC operators. Splunk TA-DMARC was easier only for Splunk specialists.
Palisade kept the setup path closer to the work a domain owner expects: add DNS, approve senders, inspect failures, then decide policy movement. Splunk TA-DMARC required more up-front Splunk knowledge, especially mailbox inputs, sourcetypes, dashboards, and searches.
Palisade

Three domains onboarded quickly
Unknown sender review was clear
Forwarding context was readable
Splunk TA-DMARC add-on

Setup required Splunk knowledge
Search found unknown sender
Forwarding needed custom query
Onboarding the corporate domain, marketing subdomain, and parked domain in Palisade took less coordination because the DNS prompts were grouped by domain and the report views were understandable without Splunk search knowledge. Finding the unknown sender was a review task with source hints and authentication context. The forwarded mail SPF failure was explained in the report drilldown as a forwarding pattern rather than treated as a simple spoofing event.
Onboarding the same three domains in Splunk TA-DMARC took more work because mailbox access, parsing, indexes, and search views had to be shaped before the data felt useful. The unknown sender was findable, but only after filtering IPs, organizational names, and domain match results. The forwarded mail SPF failure was explainable once we built a search that compared SPF failure against DKIM pass and DMARC disposition.
Support
DMARC help vs self-managed add-on
Palisade offers a clearer support path. Splunk TA-DMARC depends on internal Splunk ownership.
Palisade was easier to hand to a domain or IT owner because support expectations, DNS help, and managed options were visible in the buying path. Splunk TA-DMARC is archived and marked not supported, so escalation depends on internal Splunk administrators and general platform support rather than DMARC-specific help for the add-on.
Palisade

DNS help was visible
Enterprise offload path exists
Escalation expectations were clearer
Splunk TA-DMARC add-on

Archived add-on status
Internal escalation required
No DMARC onboarding path
During setup, Palisade's paid tiers made DNS handoff and escalation expectations easier to understand. The Starter tier listed DMARC engineer support, the AI Assisted tier added priority human support, and Enterprise framed the option for fuller offload. That mattered when we needed to explain the parked-domain spoof sample and decide whether the marketing subdomain was ready for stricter policy.
Splunk TA-DMARC gave us a working technical path, but support was an operational risk. The add-on listing is not supported, and enterprise onboarding is really Splunk platform onboarding, not DMARC enforcement onboarding. DNS handoff, sender owner escalation, and policy decisions had to be documented by our own team.
Suitability
Managed DMARC vs Splunk operators
Palisade fits DMARC ownership teams and MSPs. Splunk TA-DMARC fits teams that already live in Splunk.
Palisade is the better fit when domain grouping, recurring reports, and client handoff need to happen inside a DMARC workflow. Splunk TA-DMARC is a better fit when a security team already has Splunk alert routing and wants DMARC data there, but Suped's product is a relevant buying check when MSP workflows and alert quality need to work without custom dashboard design.
Palisade

MSP domain grouping fits
Client handoff is clearer
SMB entry path exists
Splunk TA-DMARC add-on

Enterprise Splunk teams fit
Reports need dashboard work
Weak SMB fit
Palisade handled account separation and domain grouping more naturally for a mixed setup with one corporate domain, one marketing subdomain, and one parked domain. Its MSP materials described per-domain pricing, client portal access, team permissions, and white label reporting, which matched the recurring reporting and client handoff pattern we would expect for agencies and managed service providers. For SMBs, the free and Starter paths made the first domain easy to start.
Splunk TA-DMARC can support enterprise separation if Splunk roles, indexes, dashboards, and reports are already designed that way. In our test, recurring reporting for the three domains required saved searches and dashboard work, and client handoff would require a separate reporting layer. It is least suited to SMB buyers that want DMARC answers without running Splunk.
What each tool feels like after 90 days of real use
Palisade
A DMARC product for teams that want a guided route to enforcement
After 90 days, Palisade felt like a DMARC workflow rather than a reporting database. The three-domain setup stayed readable: the corporate domain showed Microsoft 365 and Google Workspace clearly, the marketing subdomain separated SendGrid and Mailchimp, and the parked domain made the spoof sample stand out.
The strongest day-to-day benefit was that authentication cases turned into decisions. SPF pass and DKIM pass cases were easy to approve, the visible From mismatch case had a clear owner path, and the forwarded SPF failure did not create unnecessary panic once DKIM context was visible.
Where it wins
Clear policy movement path
Readable sender classification
Managed DNS options on paid plans
MSP workflow language is public
Where it lags
MSP dollar pricing is not public
Higher volume slider prices were unclear
Blocklist monitoring was not confirmed
Hosted MTA-STS was not confirmed
Pricing
From $29.99 / month
Free tier
Yes
Onboarding
Fast for three test domains
G2 rating
0 / 5
Splunk TA-DMARC add-on
A technical add-on for teams that want DMARC events inside Splunk
After 90 days, Splunk TA-DMARC felt like a useful data pipeline when Splunk was already the place where operators investigated issues. XML ingestion worked, events were searchable, and the forwarded mail SPF failure became explainable once we shaped the right search.
The tradeoff was that DMARC ownership did not come with the add-on. Unknown sender classification, SendGrid and Mailchimp owner mapping, DNS remediation notes, and recurring reports all required Splunk configuration or separate documentation.
Where it wins
Free MIT-licensed add-on
Searchable DMARC event data
Fits existing Splunk operations
Handles mailbox and directory inputs
Where it lags
Archived and not supported
No guided enforcement workflow
No hosted DNS support
Manual owner mapping required
Pricing
Free add-on
Free tier
Add-on is free
Onboarding
Requires Splunk setup
G2 rating
0 / 5
Pricing
Palisade
Splunk TA-DMARC add-on
Suped
Small
1 domain, up to 1k emails / month.
$0
Free plan covers 1 domain, 1,000 emails per month, 14 days of history, and 1 user.
$0 add-on
The add-on has no public charge, but Splunk platform capacity is still required.
$0 / month
Free plan covers 1 domain and 1,000 monthly emails.
Medium
2 domains, up to 100k emails / month.
$29.99 / month
Starter covers up to 3 domains, 100,000 emails per month, 90 days of history, and 3 users.
$0 add-on
No TA-DMARC tier exists; practical cost depends on Splunk ingestion, retention, and workload.
Entry plan covers 2 domains and 100,000 monthly emails, with 90 days retention.
Large
10 domains, up to 1 million emails / month.
Custom
Public self-serve tiers did not expose this exact domain and volume combination.
$0 add-on
The add-on remains free, but large deployments depend on Splunk capacity and search design.
10 domains and 1,000,000 monthly emails, with 365 days retention.
Enterprise
Over 20 domains and 1 million emails / month.
Custom
Enterprise covers unlimited scale paths and managed execution, with pricing not publicly listed.
Not publicly listed as of May 15, 2026
Splunk platform pricing is not a public TA-DMARC price and depends on the wider Splunk deployment.
20 domains and 2,500,000 monthly emails, with 365 days retention. Unlimited domains/emails negotiable.
Palisade's $0, $29.99 / month, and $49.99 / month self-serve prices are public list prices; annual equivalents and larger volume fits are estimates where the public slider did not expose every price. Splunk TA-DMARC add-on is publicly available as a free MIT-licensed add-on, while required Splunk platform costs are not DMARC-specific public list prices. Pricing was checked as of May 15, 2026.
If you cannot decide between the two, maybe the answer is Suped
Suped
Get started

Guided fixes after detection
Palisade classified our test senders well, but some remediation still depended on plan depth. Suped's product ties sender findings to guided DNS and vendor fix steps so ownership does not stop at a dashboard.
Less manual Splunk work
Splunk TA-DMARC made DMARC events searchable, but unknown sender classification, recurring reports, and enforcement notes required custom work. Suped's product handles those DMARC workflows directly for teams that do not want to build them inside Splunk.
Published MSP economics
Palisade publishes the MSP model but not the per-domain dollar amount, while Splunk TA-DMARC depends on wider Splunk costs. Suped's product has published MSP pricing at $7 per domain per month for clearer client portfolio planning.
The difference was significant. We moved from limited visibility to a much clearer dashboard. Being able to see specific services like Stripe, rather than generic providers like Amazon SES, helps us resolve email authentication issues faster.
Markus Hugenschmidt, Managing Director, Jam Cyber
Migrating from Palisade or Splunk TA-DMARC add-on?
We have done the migration enough times to know the shape.
Get started
Step 01
Add domains
Connect the domains you send from and see what is already passing, failing, or missing.
Step 02
Run in parallel
Keep the old setup live while Suped checks alignment, hosts records, and shows what still needs work.
Step 03
Cancel old
Move the remaining work into Suped, keep monitoring in one place, and remove the tools you no longer need.
Frequently asked questions

How MONEYME proactively strengthens domain security and unlocks higher email engagement with Suped
See how MONEYME uses Suped
How cybersecurity specialist Jam Cyber delivers scalable DMARC protection with Suped
See how Jam Cyber uses Suped

How DigiBean simplified DMARC monitoring and improved email security for their MSP clients
See how DigiBean uses Suped

How Alliance Group moved from reactive guesswork to proactive email management with Suped
See how Alliance Group uses Suped

How Suped gave Maaser the confidence to finally move to strict DMARC enforcement
See how Maaser uses Suped

