Know Who's Sending
Email as You
Your domain sends more email than you think. Ray shows you every sender, validates your authentication records, and tells you when something changes or breaks.
Monitor Your Domains, Not Just Your Reports
Active DNS analysis and DMARC report processing across SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI.
Domain Intelligence
Comprehensive DNS analysis for any domain. Automatically detects which email services are authorized to send for you, from Google Workspace and Microsoft 365 to SendGrid and HubSpot, by reading your MX and SPF records.
SPF/DKIM/DMARC Monitoring
Continuous validation of your SPF, DKIM, DMARC, MTA-STS, and BIMI records. Track SPF lookup counts, check DKIM key strength, evaluate DMARC policy, and see your complete authentication posture in one view.
DMARC Report Analytics
Aggregate report processing that shows which IPs and services send email as your domain. Per-sender pass/fail breakdowns, geographic origin, and authentication trends over time.
Alerting
Get notified when domain configurations change or DMARC policy violations are detected. Built-in support for email, Slack, and webhooks at every tier.
Subdomain Discovery
Every domain includes all of its subdomains, even those with their own DMARC policies. Ray automatically detects subdomains sending email for your domain and tracks their authentication records.
MCP Server Q2 2026
Connect Ray to AI agents and agentic workflows with an open-source MCP server. Query domain health, pull DMARC data, and automate workflows. No vendor lock-in, no gated access.
What Ray Doesn't Do
Some features look good on a comparison chart but don't actually serve you well. We'd rather be honest about it.
Forensic Reports (RUF)
Most major mailbox providers, including Gmail, Microsoft, and Yahoo, no longer send forensic reports or heavily redact them due to privacy regulations like GDPR. They contain email headers and sometimes body content, creating liability for everyone involved.
The aggregate reports (RUA) that Ray does process contain the data you actually need: which IPs sent mail as you, whether they passed authentication, and what policy was applied. Building features around a data source that's disappearing doesn't serve you well.
SPF Flattening
SPF flattening works by resolving all your includes and lookups into hardcoded IP addresses to stay under the 10-lookup limit. The problem: when a provider changes their IPs (which happens regularly), your flattened record breaks silently. Email starts failing and you don't know why.
It also makes your SPF record harder to audit because it masks which services are actually authorized to send for you. The better approach is to consolidate your sending services and manage your includes intentionally, not to paper over the complexity.
DNS Management
Some DMARC vendors host your SPF, DKIM, and DMARC records for you. That means giving a third party write access to your email authentication. If that vendor has an outage, your email authentication goes with it. If you want to leave, your records leave too.
Ray will never ask for access to your DNS. We tell you exactly what to configure and why, and you make the changes where your DNS already lives. Your authentication infrastructure stays under your control.
Why Ray?
Your Data, Your API Q2 2026
Everything Ray knows will be available through the API. No vendor lock-in, no gated exports, no enterprise-only access.
Full Protocol Coverage
SPF, DKIM, DMARC, MTA-STS, TLS-RPT, and BIMI analysis in one place. No separate add-ons or upsells.
Multi-Org Access Control
Organizations with member, admin, and owner roles, backed by DNS-based domain verification. Available to everyone, not locked behind an enterprise tier.
No Black Boxes
Ray tells you exactly what it checks and how it evaluates your configuration. No opaque scores or unexplained recommendations.
Ready to see who's sending email as you?
Ray is currently invite-only. Request access to get started.
Request Access