poscha.com

What It Is

Poscha is an email security and DMARC analytics platform whose main goal is to bring fragmented SPF, DMARC, TLS-RPT, and MTA-STS monitoring into a single dashboard. The materials clearly state that it is hosted in Australia and is aimed at MSPs and enterprise security teams. It is suitable for organizations that need better visibility into email authentication, want to reduce phishing and spoofing risks, and need to avoid email delivery failures.

Core Capabilities

In terms of protection scope, Poscha mainly focuses on email domain authentication governance rather than traditional email gateway filtering. Its SPF flattening can automatically expand include mechanisms and re-flatten them hourly, reducing the risk of delivery failures caused by hitting SPF’s 10-DNS-lookup limit. It can also alert users when upstream SPF records change. DMARC Analytics parses XML aggregate reports, showing sending sources, alignment status, pass/fail trends, and categorizing sources using PTR data, organization information, and known sending services. For TLS-RPT, it provides transport-layer failure monitoring, MTA-STS policy monitoring, and policy drift detection.

Management, Deployment, and Integrations

Deployment is relatively lightweight: users add a domain, configure an SPF include, and the platform generates a flattened TXT record chain; they then update the DMARC rua address so reports are imported into Poscha. The company says no implementation team is required and that data can start flowing within an hour. On the management side, its multi-tenant design is a highlight, supporting Distributor, MSP, and customer tiers, role-based access control, custom MSP plan tiers, and tenant-based billing. Integration details are relatively limited: the available materials only mention DNS, DMARC rua, TLS-RPT/MTA-STS, and vendor setup guides, with no disclosed support for APIs, SIEM, SSO, or similar capabilities.

Pricing and Support

Pricing is split into three tiers: Free costs $0/month and includes 1 domain, 30-day retention, SPF flattening, DMARC analytics, and community support; Pro requires contacting sales and includes 3 domains, 90-day retention, TLS-RPT, alert rules, and email support; Enterprise also requires contacting sales and includes unlimited domains, 365-day retention, multi-tenant hierarchy, priority support, and a dedicated account manager. The upside is that there is a free entry point and no setup fees; the downside is that paid-tier pricing is not transparent.

Pros, Cons, and Best Fit

The main advantages are its focused feature set, easy onboarding, and unified workflow for SPF, DMARC, and TLS-RPT. It can help discover shadow IT email sending sources and support gradual DMARC policy tightening. The drawbacks are that the product page mentions Early Access, so maturity still needs to be validated; its own compliance certifications are not disclosed, with only evidence generation for Essential Eight, APRA CPS 234, and NIST controls mentioned. Poscha is best suited to MSPs, growing enterprise IT teams, and security teams that need to manage multiple email domains.

Access from China

Information on access from China, payment methods, and localized support has not been disclosed, so these should be treated as “unknown.” Since the data is hosted in Australia, Chinese companies should pay attention to cross-border data considerations, access stability, and compliance requirements. Alternatives to compare include DMARCian, Valimail, EasyDMARC, PowerDMARC, and Red Sift OnDMARC, or the email authentication management capabilities of domestic enterprise email and local security service providers.