Skip to main content

EasyDMARC Integration Setup

This guide walks you through integrating EasyDMARC with RAD Security to ingest your DMARC posture and email-authentication telemetry for external attack-surface and email-security analysis. EasyDMARC is an email-authentication (DMARC/SPF/DKIM) platform. RAD Security connects to the EasyDMARC API and pulls your monitored domains and DMARC reports on a scheduled basis. It complements the registration/DNS providers in Domain Security (CSC Global, DNS Made Easy) by adding deep DMARC reporting on top of domain posture.
Read-only integration: RAD Security only reads data from EasyDMARC. It never creates, modifies, or deletes domains, DNS records, or reports in your account.

Prerequisites

Before you begin, ensure you have:
  • An EasyDMARC account with API access enabled (the Public API is plan-gated and may require enabling by EasyDMARC)
  • Ability to generate a Client ID and Secret Key for API access
  • Access to a RAD Security workspace with integration permissions
API access is plan-gated: EasyDMARC’s API is available on paid tiers and may need to be enabled for your account. If API access is not enabled, the integration cannot connect — enable Public API / API access in EasyDMARC first.

Understanding Integration Components

RAD Security authenticates with an EasyDMARC Client ID and Secret Key using the OAuth2 client-credentials flow. You supply both; RAD exchanges them for a short-lived bearer token and refreshes it automatically.
RUA reports are aggregated statistics of who is sending email on behalf of your domains and how that mail authenticated (SPF/DKIM) and was dispositioned (none/quarantine/reject). They contain no message content and no personal data.
RUF (forensic) reports describe individual messages that failed authentication. They can contain message-level personal data (sender, recipient, subject). RUF ingestion is opt-in and off by default; when enabled, RAD hashes sender/recipient addresses and redacts the subject before storing anything.

Step 1: Generate API Credentials in EasyDMARC

1

Sign in to EasyDMARC

Log in to your EasyDMARC account with an administrator.
2

Enable and open API access

Navigate to the API access section of your account settings. If API access is not available, follow the prompt to enable it (this may require a plan with API access or contacting EasyDMARC).
3

Generate Client ID and Secret Key

Generate your Client ID and Secret Key.
Copy the Secret Key immediately and store it securely in a password manager or secrets vault. You will need both values to configure the integration.
Exact account navigation and labels may vary. See the EasyDMARC developer documentation for the current steps to enable API access and generate credentials.

Configure in RAD Security

Navigate to your RAD Security workspace and configure the EasyDMARC integration with the following parameters:

Required Parameters

ParameterDescription
Client IDEasyDMARC API Client ID
Secret KeyEasyDMARC API Secret Key, used to mint short-lived API tokens

Optional Parameters

ParameterDescription
Ingest failure reports (RUF)Also ingest forensic failure reports. These carry message-level PII (sender, recipient, subject); RAD hashes addresses and redacts subjects before storage. Boolean; default off.
RAD Security handles token exchange and refresh automatically — you only provide the Client ID and Secret Key.

Verify Integration

1

Check Connection Status

  1. Navigate to Data Sources > Integrations > Domain Security in RAD Security
  2. Locate your EasyDMARC integration
  3. Verify the connection status shows as Connected
Your EasyDMARC integration is now configured! RAD Security will ingest your DMARC domain posture and aggregate reports on a scheduled basis (and failure reports if you enabled them).

What Data is Synced

  • Monitored domains as domain assets
  • DMARC/SPF/DKIM presence and the DMARC enforcement policy (none/quarantine/reject)
  • Per-sending-source authentication outcomes (SPF/DKIM results, disposition, volume)
  • A finding is raised for authentication failures (for example, unauthenticated senders or a non-enforcing policy on a domain receiving failing mail)
  • Individual failed-message reports, with sender/recipient hashed and subject redacted
  • A finding is raised per failure report
On first connection RAD backfills recent DMARC reports, then syncs incrementally (only new reports each cycle), bounded by your EasyDMARC plan’s report retention. Domain posture is refreshed each cycle.

Use Cases

Email Authentication Posture

Track DMARC/SPF/DKIM coverage and enforcement policy across your domains.

Spoofing & Abuse Detection

Surface unauthenticated senders and spoofing attempts from aggregate reports.

Enforcement Rollout

Monitor progress toward p=quarantine/reject without breaking legitimate mail.

Attack Surface Analysis

Combine DMARC posture with domain and DNS data for a fuller external view.
EasyDMARC focuses on email authentication. Pair it with CSC Global and DNS Made Easy for registration, TLS, and operational DNS coverage.

Troubleshooting

Possible causes:
  • The account does not have API/Public API access enabled
Solution:
  • Enable Public API / API access in EasyDMARC (this may require a plan with API access or contacting EasyDMARC), then re-verify
Possible causes:
  • Incorrect Client ID or Secret Key
Solution:
  • Verify both values are copied correctly (no extra spaces)
  • Regenerate the credentials in EasyDMARC and update them in RAD Security
Possible causes:
  • RUF ingestion is off (default), or there are no failure reports in the window
Solution:
  • Enable Ingest failure reports (RUF) in the integration settings if you want forensic reports
  • Confirm your EasyDMARC account is receiving RUF reports for the domains
Possible causes:
  • The account has no monitored domains or no reports in the recent window
Solution:
  • Confirm the account has domains configured and is receiving DMARC reports in EasyDMARC

Security Best Practices

Use a Service Account

Generate API credentials under a dedicated account rather than a personal login.

Rotate Credentials

Regenerate the Client ID and Secret Key periodically according to your security policy.

Secure Storage

Store the Secret Key in a secrets vault. Never commit it to version control.

Treat RUF as Sensitive

Enable failure-report (RUF) ingestion only when needed; RAD hashes addresses and redacts subjects, but RUF is inherently more sensitive than RUA.

Additional Resources

EasyDMARC Developer Docs

Official EasyDMARC API documentation

Domain Security Overview

Learn about RAD’s domain security integrations

Next Steps

CSC Global Setup

Add domain registration and TLS coverage with CSC Global

DNS Made Easy Setup

Add operational DNS coverage with DNS Made Easy

Data Sources

Connect additional security data sources