Email security monitoring

See who sends email as your domains. In the EU, on your terms.

Mail receivers already generate daily reports about email sent using your domain name. norppa.io receives those DMARC and TLS-RPT reports at a unique EU address, turns them into clear analytics, and flags active spoofing as prioritised findings.

Included in every plan, for all your domains.

How it works

1

Add your domain

In the dashboard, add the domain you want to monitor. You get a unique reporting address.

2

Publish two DNS records

Add the address to your DMARC record (rua) and your TLS-RPT record. We give you both, ready to copy. Your IT team or DNS provider adds them in minutes; we never touch your DNS.

3

Reports become findings

Mail receivers send aggregate reports about once a day. They flow into pass-rate analytics and a sender inventory, and abusive sources become prioritised findings with alerts.

What you get

DMARC report analytics

Authentication pass rate over time and an inventory of every source that sends email as your domain: your own servers, your marketing tools, and everything else.

Spoofing-source detection

Failing sources no legitimate service explains are flagged, enriched with network ownership and abuse context, and raised as findings. Sources on known abuse feeds escalate to critical.

Email encryption monitoring (TLS-RPT)

See whether mail sent to your domain actually arrives over encrypted TLS, and get findings when certificates or policies break delivery security.

Blocklist & reputation monitoring

Daily checks of your and your suppliers' mail servers against spam blocklists and abuse-reputation sources, with a listed/delisted timeline.

Email setup analyzer

A live, read-only check of any domain: SPF lookup budget with the include tree, DMARC enforcement level, BIMI readiness, MTA-STS and TLS-RPT presence. Advisory only; we never host or change your records.

NIS2-mapped evidence

Every finding is mapped to the relevant NIS2 article and flows into alerts, the weekly digest and your audit-ready reports.

Built in the EU, stays in the EU

Your supply-chain risk map never leaves the EU

norppa.io is a European company. Your suppliers, findings and NIS2 evidence are stored and processed in the EU, under EU jurisdiction, with no third-country transfer of your supplier data.

  • EU company, Norteris Oy in Helsinki
  • EU data residency, Frankfurt region
  • EU jurisdiction, no extraterritorial access
  • EU support, based in Finland

A NIS2 risk register is sensitive in itself: it is a map of where your supply chain breaks. Before you choose a supply-chain platform, ask one question. Where does it send yours?

Aggregate data only. Never your email.

DMARC and TLS-RPT reports contain counts and sending-source metadata, never the subject, body or attachments of any message. We process aggregate reports only, hosted in the EU.

Email security is one layer of norppa.io: the same platform continuously monitors your suppliers' external security posture for NIS2 supply-chain compliance.

Frequently asked questions

What is DMARC monitoring?

DMARC (Domain-based Message Authentication, Reporting and Conformance) lets you control who can send email using your domain. Mail receivers report daily on every source that sent email as your domain; norppa.io receives and analyses those reports so you can separate legitimate senders from spoofing and brand impersonation.

Do you change or host my DNS records?

No. You publish two TXT records in your own DNS (we give you the exact values to copy), and everything else is read-only analysis. norppa.io never hosts, edits or serves your DNS.

What data do you store, and where?

Only the aggregate reports mail receivers generate: session counts, source IPs and authentication results. Never message content or attachments. Data is processed and stored in the EU.

Which plans include email security monitoring?

All of them. DMARC analytics, TLS-RPT, spoofing detection and blocklist monitoring are base features on every norppa.io plan, for all your domains.

Read the guide: vendor impersonation, CEO-fraud and DMARC under NIS2 →

7-day free trial · no credit card · cancel anytime