Mail Sentry

Fully managed email authentication, domain fraud prevention, and structured DMARC enforcement for enterprise boundaries.

Mail Sentry — demonstration of spoof email delivery

Every day corporate email domains operate without DMARC enforcement policies, anyone on the internet can spoof their identity. Attackers can send email that genuinely appears to come from your executive team, partners, or internal systems. Bypassing standard spam filters and targeting your clients.

Mail Sentry is our fully managed email authentication service. We drive your enterprise domains from initial DMARC reporting through to p=reject enforcement on a safe, structured timeline. We handle the technical friction, parse the data, and protect your legitimate mail flows whilst shutting down domain fraud entirely.

  • Zero Infrastructure Changes: No software to install or appliances to configure. Mail Sentry operates entirely at the DNS and reporting layers.
  • Human-in-the-Loop Analysis: No complex dashboards or black-box portals to log into. Our system analyses the data and sends morning briefings straight to your inbox.
  • Continuous Edge Support: Security incidents do not wait for business hours. Prometheus systems engineers are available 24/7 to triage mail delivery issues or active spoofing attempts.

Request a technical briefing →


The Governance Case

For organizations operating under POPIA, GDPR, or strict banking regulations, unauthenticated email domains are an unacceptable liability. If a malicious third party sends an email impersonating your domain and steals client data, your organization faces massive reputational damage and regulatory scrutiny for failing to secure its public identity.

Furthermore, analyzing raw DMARC XML reports is a massive operational burden. Millions of lines of data from international receiving servers must be collated, validated, and scrubbed. Mail Sentry takes this operational overhead completely off your plate. Our engineers process the incoming data stream, identify legitimate third-party senders (like CRM, payroll, or marketing platforms), and safely transition your domain to a hardened security posture without disrupting business operations.


The 90-Day Transition Roadmap

Moving a production corporate domain to absolute enforcement without breaking legitimate business email requires strict operational discipline. Mail Sentry utilizes a battle-tested, 90-day phased transition plan designed to isolate attackers while protecting your valid outbound traffic.

  • Days 1–30: Passive Observation (p=none): We configure your global DNS to route all DMARC XML telemetries to our processing engines. During this phase, we map your entire email footprint worldwide, distinguishing between legitimate sending services and active spoofing campaigns.
  • Days 31–60: Active Stack Alignment (p=quarantine): We begin structural adjustments. Our engineers provision and rotate DKIM keys, align SPF records within the hard 10-lookup limit, and apply a partial quarantine policy to suspicious traffic. Legitimate but misconfigured servers are safely brought into compliance.
  • Days 61–90+: Full Rejection Enforcement (p=reject): The final hardening phase. The domain policy is moved to full enforcement (p=reject). Global receiving servers are now instructed to drop unauthenticated spoofed emails immediately at the boundary. Your domain is closed to impersonation.

Operations and Visibility

Mail Sentry is built around direct engineering accountability, not automated software shortcuts. We believe visibility belongs in your hands, but the operational burden belongs in ours.

  • Daily Morning Reports: You do not need another software dashboard or portal account. Every morning, our platform delivers a concise, plain-language summary of your domain's health directly to your inbox, calibrated to the SAST timezone.
  • 24/7/365 Emergency Engineering Access: If a critical marketing campaign stalls or an external partner blocks your mail, you do not log a ticket with a generic call center. You get direct, 24/7 access to systems engineers who can adjust configurations and resolve delivery issues in real time.
  • Quarterly DMARC Compliance Certificates: Every 90 days, we issue a formal DMARC Compliance Certificate for your domains. This document serves as verifiable proof for internal IT auditors, security committees, insurance underwriters, and regulatory bodies that your public identity is actively secured.

Fits Your Existing Ecosystem

Mail Sentry protects your identity regardless of how your underlying email infrastructure is architected:

  • Cloud Providers: Native support for Microsoft 365, Google Workspace, and specialized enterprise clouds.
  • On-Premises Relays: Hardened support for postfix, Sendmail, Exim, and edge secure email gateways (SEGs).
  • Third-Party Integrations: Safe alignment for transactional and marketing platforms including HubSpot, Salesforce, Mailchimp, and AWS SES.
  • BIMI Readiness: Complete coordination for Brand Indicators for Message Identification (BIMI) implementation, preparing your domains to display your corporate logo directly inside client inboxes upon achieving enforcement.


Service and Architecture Matrix

Operational Overhead

  • Mail Sentry (Managed Engineering): None. Prometheus engineers manage DNS, cryptographic keys, and alerts entirely.
  • Traditional Portal-Only Tools: High. Your team must log into a portal, analyze raw graphs, and make configuration decisions.

Transition Framework

  • Mail Sentry (Managed Engineering): Guaranteed 90-day roadmap managed step-by-step by our architects to prevent mail loss.
  • Traditional Portal-Only Tools: Self-service. You adjust the policies manually and absorb the risk of misconfiguration.

Incident Response

  • Mail Sentry (Managed Engineering): 24/7 direct access to senior systems engineers during critical mail flows or delivery emergencies.
  • Traditional Portal-Only Tools: Ticket-based support with slow SLA turnarounds, often handled by non-technical agents.

Reporting Model

  • Mail Sentry (Managed Engineering): Daily plain-language emails straight to your inbox + 90-day formal Compliance Certificates.
  • Traditional Portal-Only Tools: Raw web dashboards requiring constant login, manual checking, and interpretation.

SPF & DKIM Management

  • Mail Sentry (Managed Engineering): Active curation including flattening within the hard 10-lookup protocol limit.
  • Traditional Portal-Only Tools: Passive alerts. The platform flags a breakdown but leaves the structural fix to you.

Managed Domain Security for Enterprise Environments

Mail Sentry is the enterprise-grade email authentication platform engineered for South African enterprises, financial services, and organizations that refuse to leave their public identity exposed. Unlike automated portals that leave the complex technical work to your internal team, Mail Sentry pairs rigorous DNS discipline with active, round-the-clock engineering oversight. We eliminate the guesswork, handle the operational detail, and move your organization securely to full DMARC enforcement without interrupting production mail flows. Your reputation stays under your control, and your boundary remains resilient.

Ross WD Cameron
Founder and Solutions Architect
Prometheus Systems

Contact us to schedule a domain vulnerability assessment, request a structured service briefing, or discuss commercial onboarding.

Prometheus Systems |
Specialist IT infrastructure and security engineering.