3,932 Australian domains analysed. Most fail basic email authentication. [2026 Report]
Autopilot

Autopilot doesn’t tell you what to fix.
It fixes it.

Other DMARC platforms send you instructions and hope you follow them. Autopilot connects to your DNS, approves legitimate senders, progresses your policy to enforcement, and rolls back automatically if something looks wrong.

Start free Managing client domains? See MSP plans

Why we need DNS access

DMARC, SPF, and DKIM live in your DNS records. To fix them, something has to write to your DNS. There are only two ways to do that:

Tell you what to write. This is what every other DMARC platform does. They send you a report — sometimes a really nice one — and leave the actual DNS work to you, your IT provider, or “someone in the team who knows about that stuff.” Most of the time, that someone is busy. So the records don’t get added. So the policy stays at p=none. So spoofers keep using your domain.

Write it ourselves. This is what Autopilot does. We connect to your DNS provider once, and from then on we own the execution. Sender approvals, policy progression, DKIM rotation, MTA-STS publishing — all of it happens automatically, with rollback if anything breaks.

The “tell you what to write” model exists because building reliable DNS automation across providers is hard. We did it anyway. We’ve scanned 3,930 Australian business domains for our 2026 research report, and 62% of domains that publish DMARC never reach enforcement — they sit at p=none or p=quarantine indefinitely. The records don’t get added. The policy stays passive. Spoofers keep using the domain. We didn’t want to ship a product that depended on customers doing the hard part.

Three ways to enable Autopilot

Pick whichever fits. You can change it later. Autopilot works the same regardless of which path you choose.

API connector
Best for:
You already have a DNS provider with an API — Cloudflare, Route53, cPanel/WHM, GoDaddy
Setup time:
5 minutes (OAuth or scoped API token)
Ongoing:
None
Full delegation
Best for:
You want set-and-forget. We become DNS for the domain.
Setup time:
10 minutes (point nameservers at ours)
Ongoing:
None
Advisor Mode
Best for:
You’re not ready to grant access yet.
Setup time:
Immediate
Ongoing:
You apply each change manually when notified

API connector

OAuth into your DNS provider, or paste a scoped API token. Autopilot only touches the records it manages — TXT and CNAME records on the domains you authorise. Tokens are yours; you can revoke them at any time. We support Cloudflare, AWS Route53, cPanel/WHM, and GoDaddy directly today, with more providers added based on customer demand.

Full delegation

Point your domain’s nameservers at ours (ns1.dkim.dmarcbusta.pro / ns2.dkim.dmarcbusta.pro). We become your DNS provider for that domain. Same model as Cloudflare’s free DNS — you delegate, we run it. You keep ownership of the domain. Un-delegate any time and your records come with you.

Advisor Mode

Autopilot still does the analysis — sender classification, policy progression recommendations, DKIM health checks. But instead of applying changes itself, it generates a queue of DNS records for you to add manually. Use this if your security policy doesn’t allow third-party DNS access yet. Most customers start here and switch to API connector or delegation within a few months.

Your DNS, your keys, your audit log

Customer-owned credentials

When you connect via API, the tokens are scoped to TXT and CNAME records on the domains you authorise — not your whole zone. We can’t change your A records, MX records, or anything else. Revoke from your DNS provider any time.

Encryption at rest

Tokens are encrypted in our database with per-customer keys. Nobody at DMARC Busta can read them in plaintext, including support.

Full audit log

Every DNS change Autopilot makes is logged with timestamp, change type, before/after values, and the trigger that caused it. Exportable any time.

One-click rollback

If a change causes pass rates to drop or anomalies to fire, Autopilot reverts automatically. You can also manually roll back any change from the audit log.

We eat our own dogfood

dmarcbusta.com, dmarcbusta.pro, hcse.au, and websiterescuers.com.au are all at p=reject with MTA-STS and TLS-RPT — managed by Autopilot itself. If you’re scanning before you sign up, you’re scanning a platform that practises what it sells.

Beyond “approve senders”: what runs in the background

Sender classification

Reads incoming DMARC reports, classifies sources by volume, pass rate, and known fingerprint, and approves legitimate senders (Microsoft 365, Google Workspace, Mailchimp, Klaviyo, and so on) without prompting.

Policy progression

Moves your policy through p=none → p=quarantine → p=reject when pass rates and source coverage justify it. If they regress, it pauses.

DKIM rotation

Rotates DKIM keys on a schedule and updates DNS without breaking outbound mail.

MTA-STS publishing

Publishes and maintains MTA-STS policies and TLS-RPT reporting endpoints. Most DMARC platforms ignore MTA-STS entirely. We don’t.

Anomaly detection

Watches volume spikes, pass-rate drops, and unauthorised senders. Pauses progression and alerts you when something looks wrong.

Automatic rollback

If a change causes a measurable drop in pass rate within the observation window, Autopilot reverts it without waiting for you.

What other DMARC platforms do

Most DMARC platforms — including the well-funded ones — are monitoring tools. They aggregate DMARC reports, render them in charts, and produce a list of recommendations. The actual fixing is your job. This is the standard model, and there’s a reason for it: building reliable DNS automation across dozens of provider APIs is hard, supporting it is harder, and rolling back safely is harder still.

Autopilot is the part of DMARC Busta that does the hard thing. Everything else — scanning, reporting, alerting — most platforms have. The difference is whether anyone closes the loop.

Ready?

Self-serve, single domain or a few

Start free — connect a domain in 5 minutes

Managing client domains as an MSP

See how Autopilot works for MSPs