Getting Started with Sequack

Welcome to Sequack! This comprehensive guide will walk you through setting up complete DMARC protection for your domain, from initial setup to advanced monitoring and threat detection.

What is Sequack?

Sequack is a powerful DMARC management platform that helps you:

• Protect your domain from email spoofing and phishing attacks
• Monitor email authentication with real-time aggregate and forensic reports
• Analyze threats with built-in digital forensics and threat intelligence
• Achieve compliance through phase-based policy enforcement
• Collaborate with your team using role-based access control

Note: DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM to provide comprehensive email authentication and reporting.

In This Guide

✅ Creating your account and initial setup
✅ Adding and verifying domains
✅ Understanding the Dashboard
✅ Configuring DMARC policies
✅ Reading aggregate and forensic reports
✅ Using the Phases feature for policy enforcement
✅ Setting up alerts and monitoring
✅ Exploring security tools and features

---

Step 1: Create Your Account

Choose Your Region

Sequack operates in multiple regions. Select the appropriate URL based on your location:

• UAE/Middle East users: https://ae-outpost.sequack.com
• US/International users: https://outpost.sequack.com

Sign Up

1. Visit your region's Sequack URL (see above)
2. Click "Sign Up"
3. Fill in the registration form:
   • Business email address
   • Phone number
   • Strong password (minimum 8 characters with uppercase, lowercase, and numbers)
4. Accept the Terms of Service and Privacy Policy
5. Click "Signup"

Email Verification

After clicking "Signup", you'll be prompted to verify your email:

1. Check your inbox for a verification code
   • UAE users: Email from no-reply@ae-mail.outpost.sequack.com
   • US/International users: Email from no-reply@mail.outpost.sequack.com
2. Enter the verification code on the screen
3. Click "Verify" to complete registration
4. You'll be redirected to log in

Note: Check your spam folder if you don't receive the code within a few minutes. The code is typically valid for 10-15 minutes.

---

Step 2: Complete the Setup Wizard

After logging in for the first time, you'll be guided through a 3-step setup wizard to get your domain protected quickly.

Step 1: Create Organization

1. Enter your Organization Name (your company name)
2. Click "Continue"

Step 2: Create Domain

1. Enter your domain name (e.g., yourcompany.com)
   • Enter only the domain name without www or http://
   • Use example.com not www.example.com
2. Click "Continue"

Step 3: Verify Domain

After adding your domain, Sequack will generate a DMARC TXT record for verification.

Copy DNS Record

After adding your domain, Sequack will generate a TXT record for verification:

1. You'll see a TXT record displayed on screen
2. Click "Copy" to copy the record to clipboard

Example:

v=DMARC1; p=none; rua=mailto:uniqid.rua@dmarc.outpost.sequack.com; ruf=uniqid.ruf@dmarc.outpost.sequack.com; pct=100

Add to DNS Provider

1. Log into your DNS hosting provider (Cloudflare, GoDaddy, Route53, Namecheap, etc.)
2. Navigate to DNS settings for your domain
3. Create a new TXT record with these details:

Field	Value
Host/Name	_dmarc
Type	TXT
Value	Paste the copied DMARC record
TTL	3600 (or leave default)

4. Save the DNS record

Important: DNS propagation typically takes 5-30 minutes but can take up to 48 hours.

Verify Domain

After adding the DNS record, you have two options:

Option 1: Verify Now

1. Click "Verify Domain"
2. Wait for verification to complete (this may take a few moments)
3. If successful, you'll be redirected to the Dashboard

Option 2: Verify Later

1. Click "Verify Domain Later"
2. You'll be redirected to the Dashboard
3. You can verify your domain later from the Domains page

Note: If verification fails, it usually means DNS propagation is still in progress. Wait 10-15 minutes and try again from the Domains page.

🎉 Congratulations! You've completed the setup wizard and will be redirected to the Dashboard. Your domain is now being monitored for DMARC reports.

What happens next? You'll start receiving aggregate reports within 24 hours and forensic reports within a few hours..

---

Step 3: Explore Your Dashboard

Dashboard Overview

After completing setup, you'll land on the Dashboard - your central hub for monitoring email authentication across all domains.

The dashboard shows data from the Last 30 days by default.

Key Metrics Cards

At the top, you'll see four stat cards displaying:

1. Total Active Domains

   • Number of verified domains being monitored
   • Helps you track your domain portfolio

2. Domains without DMARC

   • Domains that don't have a DMARC policy configured
   • Important to address for complete protection

3. Emails Analyzed

   • Total number of emails processed across all domains

4. DMARC Compliance

   • Overall percentage of emails passing DMARC authentication
   • Your primary security health indicator

Total Emails Sent Chart

Below the metrics, you'll find a line chart showing:

• Email volume trends over the last 30 days
• Daily breakdown of emails sent
• Visual patterns to identify spikes or anomalies

This helps you understand your email traffic patterns at a glance.

Top Sending Domains

The Top Sending Domains list shows your most active domains:

For each domain, you'll see:

• Domain name and ranking (#1, #2, etc.)
• DMARC policy (p=none, p=quarantine, or p=reject)
• Total emails sent from this domain
• Compliance percentage - how many emails passed DMARC

Top Sending Sources

The Top Sending Sources list shows which email sources (IPs, services) send the most email:

For each source, you'll see:

• Source name (e.g., "Amazon Ses", "Google Workspace", "Mailchimp")
• Ranking (#1, #2, etc.)
• Total emails sent from this source
• Domain name it's sending for
• Compliance percentage - DMARC pass rate for this source

This is crucial for identifying which services need to be properly configured in your SPF/DKIM records.

Pro Tip: Sources with low compliance percentages (<90%) should be investigated first. They might need SPF/DKIM configuration or could indicate unauthorized senders.

---

Step 4: Understanding DMARC Reports

Aggregate Reports

Aggregate reports show high-level statistics about all emails sent from your domain, helping you identify sending sources and authentication patterns.

Access Aggregate Reports

1. Click "DMARC Reports" in the sidebar
2. Select "Aggregate Reports"

Or from the Domains page:

• Click "View Aggregate Reports" in the Actions dropdown for any domain

Filters

At the top of the page, you'll find two important filters:

1. Domain Selector - Choose which domain to view reports for
2. Date Range Picker - Select the time period (defaults to last 30 days)

Adjust these filters to focus on specific domains and timeframes.

Three Tabs for Different Views

The Aggregate Reports page has three tabs, each providing a different perspective on your email data:

1. Compliance Tab

This is the default view showing DMARC compliance trends and sender details.

DMARC Compliance Chart:

• Area chart with two lines:
  • Green line - Emails that passed DMARC
  • Red line - Emails that failed DMARC
• Shows daily trends over your selected date range
• Step-line visualization for clear day-to-day comparison

Senders Table:

Below the chart, you'll see a detailed table of all sending sources with these columns:

• ☑️ Checkbox - Select multiple sources for bulk actions
• Source Name - Organization name or "Others" if unknown (e.g., "Google", "Amazon SES", "Mailchimp")
• Type - Source classification (Known, Unknown, Threat, or Unmarked)
• Emails Sent - Total volume from this source
• Compliance - Percentage of emails passing DMARC
• DMARC Fails - Number of emails that failed DMARC
• SPF - SPF pass percentage
• DKIM - DKIM pass percentage
• Action - Button to view detailed source information

Click any source to view detailed information.

2. Receivers Tab

Shows which email providers (Gmail, Yahoo, Outlook, etc.) received emails from your domain.

What You'll See:

• Pie chart - Visual breakdown of receiver distribution
• Receivers table with:
  • Receiver Name - Email provider (e.g., "Google", "Yahoo", "Microsoft")
  • Total Volume - Number of emails delivered to this receiver

3. Locations Tab

Shows the geographic distribution of your email sending sources with a visual heat map.

What You'll See:

Left Side - Summary Card:

• Total Emails Sent - Overall count across all locations
• Country List - Shows each country with:
  • Country name
  • Email volume number

Right Side - Interactive World Map:

• Countries are color-coded using a red heat map scale:
  • Dark Red - Highest email volume (top sender location)
  • Medium Red - Moderate email volume (second/third highest)
  • Light Red - Lower email volume
  • Gray - No emails sent from this location
• Provides instant visual identification of your primary sending regions

Why It Matters:

• Spot anomalies - Unexpected locations could indicate spoofing or compromised accounts
• Verify infrastructure - Confirm your email services are sending from expected countries
• Geographic patterns - Understand where your email infrastructure is physically located
• Security monitoring - Dark red countries should match your known providers' locations

Security Tip: If you see dark red coloring in countries where you don't have email infrastructure, investigate immediately in the Compliance tab to identify the sources.

Mark Sources for Better Classification

Properly categorizing sources is essential for the Phases feature and helps identify legitimate vs. malicious senders.

To Mark Sources:

1. In the Senders Table, use the checkboxes to select one or more sources
2. After selecting, a bulk action menu will appear
3. Choose one of these actions:
   • Mark as Asset - Legitimate senders (your email providers, marketing tools, CRM systems)
   • Mark as Threat - Suspicious or malicious sources that should be blocked

These classifications affect your compliance calculations in the Phases feature

Best Practice: Start by selecting and marking all your obvious legitimate sources as Assets in bulk, then investigate unknowns weekly and mark them appropriately.

Forensic Reports

Forensic reports provide detailed information about individual email authentication failures.

Access Forensic Reports

1. Click "DMARC Reports" in the sidebar
2. Select "Forensic Reports"

Or from the Domains page:

• Click "View Forensic Reports" in the Actions dropdown for any domain

Filters

At the top, you'll find filters similar to Aggregate Reports:

1. Domain Selector - Choose which domain to view forensic reports for
2. Date Range Picker - Select the time period

Forensic Reports Table

The main table shows individual failed authentication attempts with these columns:

• From - Original sender email address (who sent the email)
• Domain - Your domain that the email claimed to be from
• Subject - Email subject line
• Date - When the email arrived/failed authentication
• Source IP - IP address of the sending server
• Country - Geographic location of the source IP
• Action - Button to view detailed report

Click any row to view the complete forensic report details.

Detailed Forensic Report

When you click on a report, you'll see two sections:

1. Indexed Forensic Details:

• From - Original sender address
• To - Original recipient address
• Subject - Email subject
• Arrival Date - When the email was received
• Country - Source country
• Message-ID - Unique email identifier

2. Authentication Results:

• AuthservID - Authentication service identifier
• DKIM (result) - DKIM authentication result (pass/fail/none)
• SPF (result) - SPF authentication result (pass/fail/none)
• Sender IP - Source IP address
• Source - Source organization name (e.g., "Google", "Others")
• Raw Authentication Results - Complete authentication header data

Note: Forensic reports arrive within a couple of hours of email failures, while aggregate reports take ~24 hours. However, not all email providers send forensic reports due to privacy concerns.

---

Step 5: Use Phases for Policy Progression

What are Phases?

The Phases feature guides you through safely implementing DMARC enforcement in 5 stages:

1. Preparation - Initial setup and monitoring
2. Reporting - Gathering data with p=none
3. Quarantine - Moving suspicious emails to spam with p=quarantine
4. Reject - Blocking unauthorized emails with p=reject
5. Maintenance - Ongoing monitoring and optimization

Access Phases

1. Click "Phases" in the sidebar
2. View your current phase for each domain

Understanding Phase Information

Each phase shows:

• Current Phase - Which stage you're in
• Compliance Rates - Broken down by:
  • Known Sources - Legitimate senders you've marked
  • Unknown/Unmarked Sources - Senders not yet categorized
  • Threat Sources - Identified malicious senders
• Next Phase Card - Shows:
  • Requirements to move to the next phase
  • Target compliance percentage needed
  • Policy changes required
  • Actions needed (e.g., "Mark unknown sources in Aggregate Reports")

Progressing Through Phases

To advance to the next phase:

1. Achieve the required compliance rate
2. Mark sources appropriately in Aggregate Reports
3. Update your DMARC policy if needed
4. Monitor for any issues

Best Practice: Spend at least 1-2 weeks in each phase to ensure all legitimate sources are identified. Note: Phases compliance checks are based on your DMARC data from the last 7 days (last week), so your current phase and recommendations reflect your recent sending and authentication behavior.

---

Step 6: Digital Forensics

Sequack includes powerful email forensics capabilities to analyze suspicious emails.

How to Use Digital Forensics

1. Forward suspicious emails to your dedicated Sequack forensics mailbox:

   • Address format: uniqid@forensic.outpost.sequack.com
     • Example: 12345@forensic.outpost.sequack.com or 67890@ae-forensic.outpost.sequack.com
   • You can find your unique forensic address on the Digital Forensics page in the app.

2. Or upload .eml or .msg files directly:

   • Use the upload button on the Digital Forensics page to submit email files for analysis.

3. Wait a few minutes for analysis to complete.

4. View the forensic report, which includes:

   • Header Analysis — Email routing hops and authentication results
   • Subject & Body — Email content analysis
   • AI Analysis — Machine learning-based threat assessment
   • Attachment Observables — All attachments are scanned and analyzed:
     • Antivirus Scan Result — Shows if any attachment is infected
     • AlienVault — AlienVault threat intelligence verdict for each attachment
     • VirusTotal — Virustotal verdict for each attachment
   • Link Observables — All links extracted from the email:
     • VirusTotal Result — Virustotal threat verdict for each link
     • AlienVault OTX Result — AlienVault threat verdict for each link

Tip: For the most comprehensive analysis, go to Settings → Security and input your API keys for AlienVault and VirusTotal. This enables advanced threat intelligence for both attachments and links in your forensic reports.

Understanding Results

The forensics report will show:

• 🟢 Safe — No threats detected
• 🟡 Suspicious — Potential indicators of phishing/spam
• 🔴 Malicious — Confirmed threats detected

Note: Configure your VirusTotal and AlienVault API keys in Settings → Security for enhanced analysis.

---

Step 7: Security Tools

Sequack provides a suite of built-in tools for in-depth email security analysis. Each tool is designed with a user-friendly interface and actionable results.

Tools Overview

Domain Analyzer

• Purpose: Instantly check your domain’s DMARC, SPF, DKIM, and BIMI records in one place.

• How it works:

  1. Enter your domain name (e.g., yourcompany.com).
  2. Click "Check".
  3. The tool fetches and displays:
     • DMARC Record: Full TXT record, policy, reporting URIs, alignment, percent, subdomain policy, and failure options. Errors and suggestions are shown if issues are detected.
     • SPF Record: Full TXT record, total lookups, void lookups, and warnings if limits are exceeded.
     • DKIM Record(s): All published selectors are shown in tabs, with key details (algorithm, length, public key, flags, notes, granularity).
     • BIMI Record: TXT record, SVG logo preview (light/dark), VMC certificate details, and DMARC compliance status.
  4. Each section highlights errors, warnings, and actionable suggestions.

  

SPF Checker

• Purpose: Deeply analyze your SPF record for a domain, visualize lookup chains, and catch misconfigurations.

• How it works:

  1. Enter your domain name.
  2. Click "Check".
  3. The tool displays:
     • SPF Overview: Record status (valid/invalid), failure mode, total lookups, void lookups, authorized subnets, and total IP addresses.
     • TXT Record: The exact SPF record found in DNS.
     • SPF Lookup Tree: Interactive tree visualization of all includes, mechanisms, and IPs resolved by your SPF record. Expand/collapse all nodes for clarity.
  4. If no SPF record is found, a clear message is shown.

  

Investigate

• Purpose: Investigate emails sent to your organization’s dedicated security inbox for authentication and compliance.

• How it works:

  1. Find your unique investigation address at the top of the Investigate page (e.g., uniqid@investigate.sequack.com).
  2. Send a test or suspicious email from any service to this address.
  3. The email will appear in the Investigates table below, showing:
     • Compliance: Whether DMARC passed (Compliant/Non Compliant)
     • From Address
     • Subject
     • Date
     • Action: View full details
  4. Use the Refresh button to update results. Click the action button to see detailed analysis for each email.

  

Exposed Passwords

• Purpose: Check if an email address or domain has been found in public data breaches and see what information was exposed.

• How it works:

  1. Enter an email address in the search box.
  2. Click "Search".
  3. If breaches are found, a table displays:
     • Database Name
     • Username
     • Name
     • Address
     • IP Address
     • Password (hashed or plain, if available)
     • Phone
  4. Use the Export CSV button to download all results for further review.
  5. If no results are found, a clear message is shown.

  

---

Step 8: Configure Alerts

Stay informed about important security events with automated alerts.

How Alerts Work

You create alert configurations in the Alerts page. These configs define what you want to be notified about (for example, DMARC record changes or validation failures). Sequack will then monitor your domains according to these configs.

To create an alert configuration:

1. Go to Settings → Alerts
2. Click "Create Alert"
3. Choose the alert type (DMARC, SPF, DKIM, BIMI), policy (Validation failed or Record changed), domains to monitor, and recipient emails (multiple allowed).
4. Click "Create Alert" to save.

How notifications are triggered: Whenever a validation fails or a record changes for a domain (according to your alert configs), Sequack will automatically generate an alert. These alerts will be shown in the Notifications page. If you added recipient emails, the alert will also be sent by email.

Step 9: Team Collaboration

Invite team members and manage access with role-based permissions.

Invite Users

1. Go to Settings → Users
2. Click "Invite User"
3. Enter their email address
4. Select a role:
   • Reader - View-only access to reports and dashboard
   • Admin - Full access except user management, key management, org edits, audit logs
   • Super Admin - Complete access to all features
5. Click "Send Invitation"

The user will receive an email invitation to join your organization.

Manage Existing Users

In the Users table, you can:

• View all current users
• See their roles and last login
• Edit user roles
• Remove users from your organization

Security Tip: Regularly review user access and remove users who no longer need access.

---

Step 10: Profile & Security Settings

Update Your Profile

1. Go to Settings → Profile
2. Update your:
   • Name
   • Phone Number
   • Organization (editable only if you are a Super Admin)
   • Email (read-only)
   • Role (read-only)
3. Click "Save Changes"

Delete Account

If you need to delete your account:

1. Scroll to the bottom of the Profile page
2. Click "Delete Account"
3. Confirm the deletion

Warning: Account deletion is permanent and cannot be undone. All data will be removed.

Security Settings

1. Go to Settings → Security

Change Password

1. Enter your current password
2. Enter your new password
3. Confirm your new password
4. Click "Update Password"

Enable Two-Factor Authentication (2FA)

1. Toggle "Enable 2FA"
2. Scan the QR code with your authenticator app (Google Authenticator, Authy, etc.)
3. Enter the 6-digit code to verify
4. Save your backup codes in a safe place

API Keys Configuration

Enhance your security analysis with third-party integrations:

VirusTotal API Key

1. Get your API key from VirusTotal
2. Paste it in the VirusTotal API Key field
3. Click "Save"

AlienVault OTX API Key

1. Get your API key from AlienVault OTX
2. Paste it in the AlienVault API Key field
3. Click "Save"

Note: These API keys enable advanced threat intelligence in Digital Forensics.

---

Step 11: Monitor Activity Logs

Track all actions performed in your organization for security and compliance.

Access Activity Logs

1. Go to Settings → Activity Logs
2. View the comprehensive audit trail

What's Logged

Activity logs track key actions for security and compliance:

• User logins and logouts
• All database actions (such as domain additions/deletions, alert creation/modification, user invitations/edits, settings updates, API key changes, etc.) are automatically logged at the database level whenever a create, update, or delete occurs.

Log Information

Each entry shows:

• Action - What was performed
• Performed By - User who performed the action
• Performed At - Date and timestamp
• IP Address - Origin of the action

---

Getting Help

Documentation

Browse our knowledge base for detailed guides.

Support

Need assistance? We're here to help:

• Email: support@sequack.com
• Response Time: Within 24 hours for all inquiries

Last updated: October 3, 2025

Need help? Contact support@sequack.com