MSP email security intelligence

Catch email drift
before it becomes
a breach

SenderFortify monitors SPF, DMARC, DKIM, MTA-STS and TLS posture across every client domain — with real-time alerts when anything weakens.

Request early access
Docs and self-serve signup coming soon
23
Email security checks per scan
10m
Critical domain scan interval
100%
Serverless · zero infra ops
Domains on Enterprise plan
Core capabilities

Everything an MSP needs to
own email security posture

Purpose-built for managed service providers managing email security across tens or hundreds of client domains.

Deep DNS Policy Checks

Validates SPF (qualifier, lookup count, vendor sprawl), DMARC (policy, pct, rua, syntax), DKIM selector probing, MTA-STS mode, TLS-RPT, and BIMI — on root domains and every subdomain.

SPF · DMARC · DKIM · MTA-STS · TLS-RPT · BIMI

Live SMTP Probing

Opens a real TCP connection to primary and secondary MX hosts, negotiates EHLO, and verifies STARTTLS is both advertised and successfully upgraded. Catches stripping attacks before your clients do.

STARTTLS · MX reachability · TLS version · Cipher strength

Drift Detection

Every scan compares findings against a snapshot. When a record weakens — DMARC policy rolling back to none, SPF lookup count creeping up — a drift event is recorded and an alert is routed immediately.

WEAKENED · STRENGTHENED · CHANGED

Layered Alerting

CRITICAL and HIGH violations trigger immediate alerts. Unresolved violations resurface as 7-day reminders. Severity increases send escalation alerts. MODERATE findings roll up into a daily digest per MSP account.

Slack · Email · Open · Reminder · Escalation · Digest

Posture Scoring

Every domain gets a 0–100 security score computed from penalty weights per finding. Score history is tracked across every scan run so you can show clients improvement over time.

Weighted penalties · Score history · Per-scan trends

Alert Routing Rules

Configure multiple destinations per MSP — Slack webhooks, email addresses via your own Postmark token — and route by severity, alert type, and check category. Each rule is independently toggled.

Per-MSP destinations · Severity filter · Category filter
How it works

From domain to alert in minutes

1

Add domains

Register client domains against your MSP account via API or dashboard. Set subdomain scan cadence independently.

2

Automatic scanning

The engine runs every 10 minutes for critical posture. DNS checks, SMTP probes, and TLS validation run in parallel.

3

Findings → violations

Findings are compared against snapshots. New weaknesses open violations; resolved issues auto-close with timestamps.

4

Routed alerts

Your routing rules control which severities reach which destinations — per MSP, per domain category, per alert type.

Coverage

Every check, documented

Critical & High

DMARC:dmarc_missingCritical
SPF:spf_plus_allCritical
SMTP:starttls_failCritical
MX:mx_missingCritical
TLS:cert_expiredCritical
DMARC:dmarc_policy_noneHigh
SPF:spf_missingHigh
DKIM:dkim_missingHigh
MTA_STS:mta_sts_missingHigh
SPF:spf_lookup_overflowHigh

Moderate & Informational

TLS_RPT:tls_rpt_missingHigh
DMARC:dmarc_pct_lt_100High
DMARC:dmarc_rua_missingHigh
SPF:spf_vendor_sprawl_rootHigh
TLS:tls_lt_12High
SPF:spf_near_limitModerate
SPF:spf_nested_complexModerate
TLS:weak_cipher_presentModerate
DNS:ttl_instabilityModerate
BIMI:bimi_missingModerate
Request the full check reference →
Pricing

Simple, domain-based pricing

Pay for what you monitor. Scale as your client base grows.

Starter
$99
per month
5 domains · unlimited subdomains · 1 user
  • SPF, DMARC, DKIM, MTA-STS, TLS-RPT & BIMI checks
  • Live SMTP & STARTTLS probing
  • Drift detection & violation lifecycle
  • Immediate alerts (CRITICAL/HIGH)
  • 7-day reminders & escalation alerts
  • Daily MODERATE digest
  • Slack + email destinations
  • Alert routing rules
  • 0–100 posture scoring & score history
  • REST API
Get early access
Professional
$249
per month
25 domains · unlimited subdomains · team users
  • SPF, DMARC, DKIM, MTA-STS, TLS-RPT & BIMI checks
  • Live SMTP & STARTTLS probing
  • Drift detection & violation lifecycle
  • Immediate alerts (CRITICAL/HIGH)
  • 7-day reminders & escalation alerts
  • Daily MODERATE digest
  • Slack + email destinations
  • Alert routing rules
  • 0–100 posture scoring & score history
  • REST API
Get early access
Enterprise
$499
per month
Unlimited domains · unlimited subdomains · SSO & multi-account
  • SPF, DMARC, DKIM, MTA-STS, TLS-RPT & BIMI checks
  • Live SMTP & STARTTLS probing
  • Drift detection & violation lifecycle
  • Immediate alerts (CRITICAL/HIGH)
  • 7-day reminders & escalation alerts
  • Daily MODERATE digest
  • Slack + email destinations
  • Alert routing rules
  • 0–100 posture scoring & score history
  • REST API
Contact sales

Start monitoring in minutes

Reach out to get early access — we'll get you set up and scanning your first domain together.

Get early access →