Engagement Requirements

Domain Coverage

• Each engagement covers one root/primary domain (e.g., example.com)
• Subdomain DMARC policies (sp=) are advisory only — we'll provide guidance but subdomains are not included in the enforcement guarantee
• Multiple domains can run concurrently as separate engagements with volume discounts

DMARC Reporting

• 1-year DMARC Report subscription included — up to 5M messages/month (Done With You) or unlimited volume (Path to Reject)

Privacy & Compliance

• NDA available — we'll sign a mutual non-disclosure agreement upon request
• Data Processing Agreement (DPA) — available for organizations that require one
• GDPR compliant — our platform and processes comply with GDPR requirements

What's Included

DNS Access

You must have the ability to create and modify DNS records (TXT, CNAME) for your domain. If your DNS is managed by a third party (e.g., an MSP or hosting provider), you must be able to request changes within a reasonable timeframe. We cannot proceed if you don't control your DNS.

Timely Action Items

The 120-day timeline (Done With You) or 6-month timeline (Path to Reject) assumes you complete assigned action items within 5 business days. If you need more time, the timeline extends accordingly — there's no penalty. However, the Enforcement Guarantee requires active participation. If action items are not completed within 30 calendar days, the guarantee pauses until work resumes.

Designated Point of Contact

You must designate a point of contact with authority to make DNS changes and coordinate with internal teams (IT, marketing, operations) that manage sending services. This person attends the consultation calls and executes assigned action items.

Sending Service Access

You must be able to access the admin settings of your sending services (email marketing platforms, CRM, helpdesk, etc.) to configure SPF and DKIM records. We'll tell you exactly what to change — you make the changes.

Consultation Calls

Phone calls are available 10 AM–3 PM in any time zone. We'll work around your schedule, not the other way around. Calls are milestone-based (not recurring) — we meet when there's something to discuss, not just to fill a calendar slot.

24/7 Technical Support

Round-the-clock technical support with SLA-backed response times on every ticket. You get enterprise-grade treatment regardless of your company size — same support, same SLAs, same priority.

What's Guaranteed

• Done With You: Primary domain at p=quarantine, pct=100, with ≥95% DMARC pass rate
• Path to Reject: Primary domain at p=reject with ≥95% DMARC pass rate

Guarantee Conditions

• 1. Active participation required. The guarantee assumes you complete action items and attend scheduled calls. If action items are outstanding for more than 30 calendar days, the guarantee pauses until work resumes.
• 2. Primary domain only. The guarantee applies to the root domain specified in the engagement. Subdomains, parked domains, and additional domains are not covered unless purchased as separate engagements.
• 3. DMARC pass rate, not inbox placement. We guarantee DMARC authentication pass rates. Inbox placement depends on content, sender reputation, volume, and other factors outside the scope of email authentication.
• 4. Legitimate forwarding exceptions. DMARC failures caused by mailing list forwarding, auto-forwarding rules, and other legitimate forwarding scenarios are inherent to the DMARC protocol and do not count against the pass rate threshold.
• 5. Third-party cooperation. We provide configuration guidance for all sending services, but some third-party platforms may not support custom DKIM or have known limitations. We will identify these during the engagement and document workarounds where possible.
• 6. 12-month engagement window. The engagement — including any guarantee work — expires 12 months from the start date. This gives ample time for even the most complex domains to reach enforcement.
• 7. No pre-existing compromise. If the domain is actively compromised, sending malware, or on major blocklists, remediation of those issues is outside the scope of this engagement.