We Saw the Problem Firsthand. So We Built the Fix.
Netallion started in the trenches — running security operations, reading DMARC XML nobody wanted to touch, and watching organisations struggle to answer a simple question: who is sending email as us?
Born from Ops, Not a Pitch Deck
Before Netallion was a product company, we were a security consultancy called CyberWatch, based in New Zealand. We ran penetration tests, stood up monitoring, and helped teams fix what was broken.
The same problems kept showing up. Domains with no DMARC. SPF records that had silently broken. DNS entries pointing at decommissioned infrastructure. Vulnerabilities sitting in backlogs because nobody had time to triage them. Security teams knew these risks existed but had no practical way to track, prioritise, or fix them without stitching together a dozen tools and spreadsheets.
We stopped patching the gap with services and started building the product we wished existed.
Start Where It Matters Most
SpoofSentry
SpoofSentry monitors your domains across nine security dimensions — DMARC, SPF, DKIM, DNSSEC, MTA-STS, BIMI, dangling DNS, subdomain takeover risk, and lookalike domains. It turns raw aggregate and forensic DMARC data into clear, actionable intelligence and guides you safely from p=none to p=reject.
Domain trust is the foundation of email security — and most organisations still get it wrong. We started here because everything else in security operations depends on it.
How We Are Different
Built by operators, not analysts
We ran the security ops ourselves before building the product. SpoofSentry reflects what actually matters in day-to-day domain security work.
Nine dimensions, not just DMARC
Most tools stop at aggregate reports. SpoofSentry scores domains across SPF, DKIM, DNSSEC, MTA-STS, BIMI, dangling DNS, subdomain takeover, and lookalike detection.
Enforcement, not just monitoring
Impact simulation lets you see what would break before you tighten policy. Move to p=reject with evidence, not guesswork.
Free tier that is actually useful
One domain, full monitoring, no time limit. Upgrade when you need more domains or enforcement tooling — not to unlock basic visibility.
Where We Are Headed
SpoofSentry is where we started. The same operator-first approach is expanding into vulnerability management, exposure assessment, AI security, AI assurance, and broader security operations — giving teams a single place to understand and reduce their attack surface.
We are based in New Zealand and our customers are worldwide. We are building Netallion for the long term — focused, profitable, and accountable to the teams that rely on us.
See What Your Domains Are Actually Doing
Most organisations discover their first misconfigured domain within minutes. Start with the free plan — no credit card, no sales call.