Mailhardener is a service that allows you to monitor email for your domain(s) from the receiver's perspective. It allows you to see which computers are sending email using your domain(s) in the sender or return addresses. It also shows you which service received these emails, and how these emails were processed by the receiver (accepted, rejected or marked as spam).
These are not only the emails that are sent from your own email server, but also external parties such as marketing services, accounting, billing, etc. Then there are also the unauthorized senders, these are spammers, scammers, botnets and other fraudulent actors. Mailhardener will show you where emails originate from and if the receiver accepted these emails.
1. Mailhardener guides you in setting up the DMARC (Domain-based Message Authentication, Reporting and Conformance) standard to aggregate reports and instruct systems that receive email on how to process emails from your domain.
Setting up DMARC consists of adding a text record to your domain's DNS settings. At first, you'll start with a monitoring only setting, to start monitoring without risk of accidentally blocking your email.
2. With the monitoring in place, we'll help so setting up the various email sources (like your own email inbox, but also external services which you might use) in such a way that these sources become trusted by the receivers. To do that, we leverage the SPF and DKIM standards.
3. Once all sources are set up correctly, you can start adjusting the DMARC settings to instruct receivers to quarantine or even reject emails that are not from a trusted source. This way you block unauthorized senders.
Any person or organization that owns a domain name. Regardless if you run your own email server, or use a cloud email provider. Even if no email is sent from a domain it's useful to set up monitoring, as unauthorized senders might still try to use the domain name for their fraudulent activities.
For privacy reasons, the DMARC reports that Mailhardener processes for your domain contain very little information by design.
The reports do not contain email addresses, subjects, email contents or any other information that would allow a receiver of the report to extract any information that would be considered sensitive or private.
The reports contain the following information: