Most DMARC tools tell you what broke.
We tell you who's attacking you.
Mailstinger is email-authentication compliance for operators — the people answering the 2 a.m. phone call when Proofpoint starts quarantining payroll. DMARC, SPF, DKIM, MTA-STS, TLS-RPT. Live reports, BEC-grade lookalike detection, and the exact DNS string to paste.
Free. No account. Honest read-out in about 4 seconds.
The email-auth category is full of XML parsers wearing dashboards.
DMARC aggregate reports arrive as gzipped XML. That is an interesting problem exactly once — the first time you open one at 11 p.m. and realise every field is an opaque integer. After that, it's plumbing. It should be invisible.
So most tools stopped there: they parse the XML, draw charts, and charge $50 per domain per month.
That's not the hard part. The hard part is what happens next: is the failing sender a phish, or a forgotten Mailchimp account? Is p=none safe to move, or will it quarantine the Wednesday newsletter? Which TXT record — exactly — do I paste, and where, and will it blow up a subdomain I forgot about?
Mailstinger answers those questions. It's opinionated, because you didn't call the vendor for another dashboard.
Four things every other DMARC product either doesn't ship, or charges as an add-on.
Verdicts, not verdictless dashboards
Every row on our reports page carries a verdict — aligned, ESP-misaligned (benign), or likely spoof. The classifier is ESP-aware; it knows the difference between Mailchimp forgot-to-sign and a VPS in Bucharest.
Lookalike domains + WHOIS freshness
We generate typosquat permutations of every tenant domain daily, resolve MX + IP, and flag registered-this-week copycats as high-risk even before they send mail. Export to M365 PowerShell or Gmail Address-list CSV in one click.
Paste-ready DNS, not 'recommendations'
Every finding comes with the literal TXT record string to paste, the hostname to paste it at, and a plain-English explanation of what it changes. If you manage DNS through Cloudflare, we can apply it for you.
Tone-aware alerts that don't get trained to junk
Transactional alerts ship as alerts — no List-Unsubscribe, no Precedence: bulk. Weekly digests ship as bulk. Proofpoint stops filing your "your domain is being spoofed" email under newsletters.
Four jobs Mailstinger does on day one.
Stop writing the same DMARC-intro email 40 times.
Multi-tenant from the schema up. White-labelled monthly reports per client, automated CNAME delegation so clients don't manage their own rua= pointers, a platform-admin console for your fleet. The report PDF is the salesman.
One domain, zero patience for an enterprise POC.
$29/mo, one domain, all the same machinery. Clone a Fortune-500 email-auth posture without a procurement meeting or a 90-day onboarding.
You shipped a campaign. Something is quarantining it.
Find the exact IP that failed alignment, the exact ESP misconfiguration, and the exact DNS edit that fixes it — before the CMO pings you for the third time this week.
Wire-fraud attempts don't announce themselves.
Daily sweeps of the typo-permutation space against your protected domains. Just-registered lookalikes escalate automatically; we push blocklists into M365 and Google Workspace as a PowerShell snippet or a one-column CSV.
Four free tools we built because we were tired of using the bad ones.
No email wall. No upsell modals. Shareable URLs. Good enough that it's the kind of tool you'd lose a minute pasting a domain into while on a Zoom call, which is what tools should be for.
Priced like infrastructure, not SaaS.
Your domain is already being looked at by a bad actor today.
The question is whether you'll see the evidence this week, or after someone reroutes a wire transfer. Run a scan. It takes longer to read this paragraph.