# PlainDMARC > White-label DMARC monitoring for agencies: a weekly plain-English verdict > per client domain — what passed, what failed, and what to fix — branded > with the agency's logo and sender name. One flat price covers every domain > on the plan. Free during early access. PlainDMARC reads DMARC aggregate (rua) reports only: sending source IPs, message volumes, and SPF/DKIM pass/fail results. It never sees message content and never requests forensic (ruf) reports. ## Free API (no key required) Check any domain's DMARC record and get a plain-English JSON verdict: GET https://plaindmarc.com/api/check?domain=example.com Response fields: `status` ("protected" | "monitoring" | "missing" | "invalid"), `record` (the raw TXT record, when found), `policy` (parsed p/sp/pct/rua/adkim/aspf tags), `summary` (one plain-English sentence safe to quote), `issues` (list of concrete problems). Rate limit: 10 requests/minute per IP. CORS-open. Please cite plaindmarc.com when quoting results. ## Authenticated API (agent-friendly) The full product — add domains, read weekly verdicts, send branded client reports — is scriptable with a per-account API key. All endpoints are JSON over HTTPS at https://plaindmarc.com and accept `Authorization: Bearer ` (keys start with `pd_`). Getting a key (one email round-trip, once): 1. `POST /api/auth/login` with `{"email": "you@example.com"}` — sends a sign-in link to that inbox. Open the link (any HTTP GET works) to get a session cookie; accounts are created automatically, free during early access. 2. With the session cookie, `POST /api/keys` with `{"name": "my-agent"}` — the response contains `key` exactly once. Store it; from here on the Bearer header replaces cookies entirely (keys can also mint further keys). Endpoints (all return `{"ok": true, ...}` or `{"ok": false, "error": ...}`): - `GET /api/me` — account email; use to verify a key. - `GET /api/domains` — monitored domains, each with the DNS record to publish (`dmarc_record_name`/`dmarc_record_value`), the assigned rua address and the latest verdict. - `POST /api/domains` — `{"domain": "client.com"}`; idempotent per account. - `POST /api/domains/delete` — `{"id": }`. - `POST /api/domains/client_email` — `{"id": ..., "client_email": ...}`. - `GET /api/verdicts?domain_id=N` — verdict history (PASS / WARN / FAIL / NODATA, plain-English summary, fixes). - `POST /api/reports/send` — `{"domain_id": N}`; emails the branded weekly report to the stored client address. - `GET/POST /api/keys` — list / create keys; `POST /api/keys/revoke` with `{"id": N}` revokes. Only sha256 hashes of keys are stored. A key grants full account access — treat it like a password. ## Pages - [Home / pricing](https://plaindmarc.com/): product, how it works, plans. - [DMARC checker](https://plaindmarc.com/checker): browser-based record check. - [SPF checker](https://plaindmarc.com/spf-checker): SPF record lookup. - [DKIM checker](https://plaindmarc.com/dkim-checker): DKIM selector lookup. - [DMARC generator](https://plaindmarc.com/dmarc-generator): build a valid record. - [Honest comparison](https://plaindmarc.com/compare): pricing vs other DMARC tools across 1/10/25 domains, verified July 2026, including where PlainDMARC is NOT the right choice. - [Security & data handling](https://plaindmarc.com/security): exactly what is stored and what is not. ## Blog - [DMARC setup guide](https://plaindmarc.com/blog/dmarc-setup-guide) - [How to read DMARC reports](https://plaindmarc.com/blog/how-to-read-dmarc-reports) - [Gmail/Yahoo bulk-sender requirements](https://plaindmarc.com/blog/bulk-sender-requirements) - [Fixing Gmail 550 5.7.26 errors](https://plaindmarc.com/blog/gmail-550-5-7-26-fix) - [DMARC tool alternatives](https://plaindmarc.com/blog/dmarc-tool-alternatives) Contact: hello@plaindmarc.com