Why Modern DMARC Monitoring Costs a Fraction of Legacy Tools
Most DMARC platforms were built five to ten years ago, layered on top of open-source parsers and wrapped in dashboards that haven't fundamentally changed since. We started from zero in 2026. No legacy code. No inherited architecture decisions. Just the question: what does a DMARC monitoring platform look like when you build it with today's tools and today's constraints?
The legacy tax
The DMARC monitoring market was largely established between 2015 and 2019. Most platforms in the space share a similar lineage: a Python-based report parser, a relational database that wasn't designed for time-series aggregation, and an infrastructure footprint that grew organically as features were bolted on.
That lineage has consequences. Every abstraction layer adds latency. Every compatibility shim costs memory. Every microservice boundary adds network hops. Over time, the infrastructure required to serve a single customer grows, and that cost gets passed through in pricing. It is not unusual to see DMARC platforms charging hundreds of pounds per month for the same core functionality: ingest XML, enrich with metadata, display a dashboard.
What starting from zero looks like
ShieldMarc was built in 2026. Not adapted, not forked, not wrapped around an open-source parser from 2017. Every component was written to solve the specific problem in front of us, using the tools available today.
That meant making deliberate choices that legacy platforms cannot:
- A single, purpose-built ingest pipeline instead of chaining three or four open-source tools together. Our report parser handles decompression, XML parsing, metadata enrichment, and storage in a single pass. No intermediate queues, no serialisation boundaries, no wasted memory copying data between processes.
- A compiled, statically-linked binary for the performance-critical path. Our ingest service compiles to a single binary under 50 MB. For context, the most widely-used open-source DMARC parsers ship as 500+ MB images. That is not a rounding error; it is a fundamentally different cost structure.
- Edge-first request handling where computation runs at the network edge, as close to the user as possible. Free tools like our DMARC checker and DNS lookup execute on edge infrastructure across 300+ locations. The origin server only handles what genuinely requires persistent state.
- Concurrency by default rather than sequential processing. DNS enrichment, SPF tree resolution, and reverse lookups all run in parallel, batched and deduplicated. A report with 100 source IPs does not make 100 serial DNS queries; it deduplicates, resolves the unique set concurrently, and maps the results back. The difference is measurable in seconds, not milliseconds.
The numbers
We benchmark continuously. Here is what our current pipeline achieves:
| Metric | Typical legacy | ShieldMarc |
|---|---|---|
| Report parse time (1,000 records) | 75ms | Under 10ms |
| Report parse time (10,000 records) | 750ms+ | Under 100ms |
| DNS enrichment (50 unique IPs) | 1,100ms (serial) | Under 150ms (parallel, deduped) |
| Dashboard load (warm) | 1-3 seconds | Under 120ms |
| Ingest service footprint | 500+ MB | Under 50 MB |
| Ingest memory at idle | 200-400 MB | Under 5 MB |
These are real benchmarks from our production environment, not synthetic marketing figures. The “typical legacy” column reflects measurements of widely-used open-source DMARC parsers running the same workloads.
Why this matters for pricing
Infrastructure cost is the single largest variable expense for any SaaS platform. When your ingest pipeline requires 100x less memory and runs 8x faster, you can serve more customers on less hardware. When your service footprint is under 50 MB instead of 500+ MB, cold starts are instant and scaling is trivial.
This is not about cutting corners. It is about building efficiently. The engineering choices compound: less infrastructure means lower costs, lower costs mean lower prices, and lower prices mean DMARC monitoring becomes accessible to organisations that were priced out by legacy platforms.
That is why ShieldMarc's Professional plan is £69/month for 25 domains (£49/month billed annually), and our MSP plan is £129/month for 100 domains (£99/month billed annually). No per-domain pricing games. No hidden overage fees. These are sustainable prices because the underlying platform was built to be efficient.
Good engineering first. Then AI where it matters.
DMARC aggregate reports are structured XML with well-defined fields. The foundation has to be operational excellence: ingesting reports reliably at scale, enriching them with useful context, and presenting the data clearly enough that you can act on it.
The real engineering work is in the unglamorous details: streaming XML parsing that does not buffer the entire document in memory. DNS lookup deduplication that avoids hammering resolvers. Deterministic document IDs that make every write idempotent. Edge caching that reduces origin load by orders of magnitude for public tools. These are not features you see on a marketing page. They are the reason the platform is fast, reliable, and affordable.
On top of that foundation, we use AI threat analysis to automatically classify sending sources as legitimate, misconfigured, or malicious. This is not a gimmick bolted on for a feature list. It runs against every DMARC report row, cross-referencing IP reputation, reverse DNS, SPF/DKIM alignment patterns, and threat intelligence signals to surface threats that would take hours to identify manually. The AI layer works because the engineering underneath it is sound.
The same discipline applies to the AI-powered plain-English explanations on our free tools. Not every task needs the most capable model. SSL and DNSSEC results have short, predictable structures — a lighter model handles them reliably at a fraction of the cost. DMARC interpretation is more complex, with branching rules around subdomain policy, alignment modes, and monitoring state, so that task gets a more capable model. The result is the right model for each job rather than a single expensive default across the board. At scale, that choice is not trivial:
| Approach | Input cost | Output cost | Total / 1M explanations |
|---|---|---|---|
| Heavyweight model for everything | £139.00 | £360.00 | ~£499 |
| Lightweight model for everything | £24.50 | £54.00 | ~£79 |
| Per-task routing (what we do) | ~£64 | ~£120 | ~£184 |
Based on 1M explanation requests at approximately 800 tokens per request, split 25% DMARC and 75% other tools. Model pricing as of March 2026.
More than DMARC
Because our infrastructure costs are low, we can include monitors that other platforms charge extra for or do not offer at all:
- DMARC aggregate report ingestion and analysis
- AI-powered threat classification for every report row
- DMARC health monitoring with alignment tracking
- SSL certificate expiry monitoring
- DNS change detection with before/after diffs
- DNSSEC validation status
- MTA-STS and TLS-RPT monitoring
- CAA record monitoring
- Domain registration and expiry tracking
- Website uptime monitoring
- Lookalike domain detection
All included in every paid plan. No module add-ons. No per-monitor fees.
Try it yourself
Every paid plan includes a free trial. No credit card required. Run your first DMARC check now, or see pricing to find the right plan for your organisation.