DMARC Monitoring and
Lookalike Domain Protection
Brand Protection + Email Security. Both halves. One platform.
Lock down email authentication so attackers can't send mail as you. Monitor the open web so they can't register lookalike domains either. Two products, sold separately, both starting at $0.
A locked front door does not help if attackers open a fake store next to yours.
DMARC stops attackers from sending mail as you. Lookalike monitoring stops them from registering domains that look like you. Most security tools do one or the other. Real coverage requires both.
Direct domain spoofing
The threat: attackers send email using your exact address (ceo@yourbrand.com) because your domain has no DMARC enforcement.
The defense: DMARC, SPF, and DKIM alignment. PhishFence ingests your DMARC reports, flags unauthorized senders, and walks you safely from p=none to p=reject.
Lookalike typosquatting
The threat: attackers register yourbrand-login.com or yourbrand.io, set up their own DMARC on that domain, and email your customers. Your DMARC cannot touch this. They own a different domain.
The defense: Certificate Transparency monitoring plus registrar sweeps. PhishFence checks hundreds of variants per domain on every scan, scores each by active infrastructure (DNS, SSL, MX, HTTP), captures screenshots to detect content cloning and brand impersonation, and generates registrar takedown reports.
Brand ProtectionPhishFence is two products under one brand
Buy either one on its own, or stack them. Each ships its own free tier so you can try before paying.
Brand Protection
Lookalike and typosquat domain monitoring. Daily or hourly scans across hundreds of variants per domain. Multi-signal risk scoring (DNS, SSL, HTTP, MX). Takedown workflows and screenshots.
Email Security
DMARC monitoring with aggregate (RUA) + forensic (RUF) report ingest. SPF, DKIM, MTA-STS monitoring with daily policy verification, and TLS-RPT failure reports. Enforcement Wizard walks you safely from p=none to p=reject.
Brand Protection and Email Security are sold separately. Subscribe to either or both.
New to DMARC? Read our DMARC primer.
spoofed senders and lookalike
domains, on one platform
to set up, not days.
Scanning + DMARC ingest start immediately
continuous lookalike scanning
plus daily DMARC report ingestion
From detection to takedown, in one workflow.
Find lookalike domains the moment they appear, see what makes each one dangerous, and submit takedowns without leaving the app.
Every variation, automatically
PhishFence checks every way an attacker could twist your domain name: typos, homoglyphs, hyphen insertions, TLD swaps. Thousands of variants on every scan. The squat that other tools miss is usually the one that hits your customers.
Early Warning via CT logsStarter+
PhishFence taps Certificate Transparency feeds so you see new lookalike registrations within minutes of an attacker requesting a TLS certificate, often before the phishing campaign even goes live.
Signal-based risk scoring
Every lookalike is scored by active signals: DNS resolution, SSL certificates, live web content, MX records (mail capability). You see exactly what each domain is doing and which ones to triage first.
Visual proof of cloningPro
Screenshots of every lookalike are captured automatically and tracked over time so you can spot when a dormant domain turns into an active phishing site, plus see what your customers would see if they landed on it.
Takedown reports in minutes
Stop hunting registrar abuse contacts by hand. PhishFence does the RDAP lookup, pre-fills the report, and links directly to the registrar's abuse form. What used to take days takes minutes.
Report to blocklists
One-click submission to Netcraft, plus deep links and pre-filled reports for Google Safe Browsing, Microsoft SmartScreen, PhishTank, and Cloudflare. Track which services you have reported to per alert so nothing gets double-filed or forgotten.
From visibility to enforcement, in one workflow.
Ingest DMARC reports daily, see exactly who is sending mail as you, find out why anything is failing, then move from p=none to p=reject without breaking legitimate email.
Daily DMARC ingestion
Point your DMARC aggregate (rua) reports at PhishFence and we parse, dedupe, and store every record. Gmail, Microsoft, Yahoo, ProtonMail. All major receivers send reports our way every day, and you get a single pane of glass.
Know who is sending
Every sending IP is enriched with PTR, ASN, and ESP attribution. So instead of 209.85.220.41, you see "Google Workspace" or "SendGrid (acme-corp instance)". Unknowns become obvious immediately.
Posture score per domain
A single posture score across DMARC, SPF, DKIM, MTA-STS, and TLS-RPT. See at a glance which records are weak, which are missing, and which ones attackers love to exploit. Tells you what to fix first.
Per-message forensics
For deep dives on individual failures, PhishFence ingests forensic (ruf) reports too. Full message envelopes, header chains, and ARC results per-incident. The data you need to write a real incident report.
DNS record builders
Skip the DNS record guesswork. Answer a few questions and PhishFence generates the exact DMARC, SPF, and MTA-STS records you need, with safe-rollout guidance so you can move to enforcement without breaking legitimate email.
Enforcement WizardStarter+
PhishFence checks whether every real sender is currently aligning, then walks you from p=none through quarantine to reject at the pace your real traffic supports. No more guessing whether tomorrow's marketing email gets blocked.
Fits into how you already work
Get notified where your team already works. Connect to your existing tools. Follow clear guides for every step.
Alerts That Reach YouStarter+
Get notified by email, Slack, or webhook the moment a new threat appears, a risk level changes, or a suspicious site updates its content. Never miss a critical alert because it went to the wrong channel.
API AccessStarter+
Pull threat data into your existing security tools and workflows. Automate your response process and keep your team's systems in sync with a simple, well-documented API.
Actionable Playbooks
Step-by-step guides for protecting your email, filing abuse reports, getting phishing sites blocked, and registering defensive domains. Written by security practitioners for security practitioners.
Up and running in under a minute
Add Your Domain
Enter any domain you want to protect. PhishFence immediately starts scanning for every possible lookalike variation an attacker could use.
We Watch, You Sleep
PhishFence monitors around the clock on a recurring schedule. When a new threat appears, you are the first to know, not your customers.
Shut It Down
When a threat surfaces, you get a clear risk assessment, visual proof, and one-click tools to report it and get it taken down fast.
Start monitoring for free
No credit card required. No trial that expires. See real threats targeting your brand before you pay anything.
Domain
Alerts
Scans
Notifications
Your data is safe with us
Google Cloud Platform
Encrypted in transit and at rest
CSRF protection
Rate-limited authentication
Bcrypt password hashing
Token-authenticated API
Lock down both halves of domain security
Stop spoofed senders and the lookalike domains targeting your customers. Both products ship a Free tier. Upgrade either when you're ready.
Brand Protection + Email Security, both free on 1 domain. No credit card.