Manage email authentication across your entire book — from one console.
UglyDMARC is multi-tenant from the ground up. One MSP account covers every customer you manage: pooled domain licensing, per-customer caps, role-based access, and bulk DMARC visibility across your whole portfolio. During launch, MSP capabilities are a free upgrade on Business and Enterprise plans.
Email auth at MSP scale is broken by default
Customer by customer, domain by domain, vendor by vendor — it multiplies fast. The same problems that affect a single IT team get worse by an order of magnitude across an MSP book.
Spreadsheet-scale SPF management
Each customer's SPF record is a time bomb. Add one vendor, blow the limit, and mail fails silently for that customer. You find out from a support ticket, not an alert.
No cross-customer visibility
Every customer's DMARC reports live in a different mailbox (if they're collected at all). There's no way to see which customers have unknown senders, failing SPF, or exposure to spoofing — without checking each one individually.
Stalled at p=none, forever
Moving a customer to p=reject without DMARC visibility is too risky. So they stay at p=none, which provides zero protection. The SPF limit makes it worse — broken SPF + no enforcement = your customer's domain is trivial to spoof.
Everything you need to deliver email auth as a managed service
One console, every customer
All your customer tenants are accessible from a single MSP account. Switch between customers, manage their domains, and review their DMARC data — without logging in and out of separate accounts.
- Unlimited customer tenants
- Single-pane management across all customers
- Per-customer isolation — tenants can't see each other
- Bulk actions across your entire portfolio
One pool, flexible allocation
Your MSP plan includes a total domain entitlement shared across all customer tenants. Allocate domains where you need them, without paying for separate per-customer subscriptions.
- Single pooled domain entitlement
- Per-customer caps to prevent over-allocation
- Adjust caps as customers grow or shrink
- Usage visible from your MSP dashboard
Delegate without giving away the keys
Grant your technicians access to specific customers with scoped permissions. Optionally give customer contacts read-only access to their own DMARC data — without MSP-level access to other tenants.
- MSP admin — full access across all tenants
- Technician — scoped to assigned customers
- Customer read-only — their data, nothing else
- Audit trail for all administrative actions
Bulk DMARC view across all customers
See every customer's DMARC status, pass rates, and open issues in one place. Identify which customers have unknown senders, which are close to p=reject readiness, and which need immediate attention.
- Portfolio-level DMARC health dashboard
- Cross-customer source IP search
- SPF / DKIM pass rate by customer
- Policy enforcement readiness view
Your brand, our infrastructure
White-label options let you present UglyDMARC under your own brand to customers. Upload your logo and configure display names — customers see your service, not ours.
- Custom logo on customer-facing views
- Branded notification emails
- Your service name in the UI
Integrate with your stack
Full REST API for provisioning, domain management, and reporting. Automate customer onboarding, connect to your PSA or RMM, and pull DMARC data into your own reporting workflows.
- Tenant provisioning via API
- Domain management (add, remove, rebuild DAG)
- DMARC report data export
- Webhook alerts to your platform
The MSP model, concretely
You're the IT-of-record for your customers. Here's exactly how domain licensing and tenant management works.
You have one MSP account
Your pooled domain entitlement equals your plan's domain count — 50 on Business, or a custom pool on Enterprise for larger books (the 200-domain example below). This is your budget to allocate across all customers.
You create a tenant per customer
Each customer gets their own isolated tenant. Set a per-customer domain cap (e.g. 10 domains for a small customer, 50 for a larger one) to control allocation.
Add domains & configure SPF
Add the customer's domains to their tenant, then update the domain's SPF record to publish the UglyDMARC macro include. SPF synthesis is active immediately.
Monitor from your MSP console
DMARC reports for all domains flow into the platform. Your MSP dashboard shows portfolio-wide health. Drill into any customer for detail. Route alerts to your ticketing system.
# MSP account overview (example) Pool: 200 domains total Used: 143 across 31 customers Free: 57 domains remaining Customer tenants: acme-corp 12 domains cap: 20 ✓ SPF ok DMARC p=quarantine northern-hvac 4 domains cap: 10 ✓ SPF ok DMARC p=none delta-logistics 8 domains cap: 15 ⚠ 1 domain SPF miss (rebuilding) meridian-law 2 domains cap: 5 ✓ SPF ok DMARC p=reject ... 27 more customers # Drill into a customer: $ uglydmarc tenant delta-logistics dmarc --last 7d delta-logistics.com pass: 94.2% warn: 1 unknown sender (203.0.113.5)
SPF synthesis scales with you
Managing SPF manually across dozens of customers is unsustainable. UglyDMARC removes the domain-by-domain SPF maintenance burden entirely.
Manual lookup counting
Every time a customer adds a new vendor — Mailchimp, HubSpot, Zendesk — someone has to manually count DNS lookups across the chain and decide what to remove. Until it breaks.
Zero lookup maintenance
Customers publish one include. UglyDMARC handles the tree. Add any vendor, any time — the synthesized answer is always correct, always within the limit. No tickets, no manual audits.
Auto-refreshed IP sets
When Google, Outlook, or SendGrid update their IP ranges, UglyDMARC detects the change before the TTL expires and rebuilds the CIDR set automatically. Nothing breaks silently.
Offer email authentication as a managed service.
Add UglyDMARC to your stack and move every customer toward p=reject — systematically, with data, without drama. MSP capabilities are a free upgrade on Business and Enterprise during launch — contact support to enable.