Introducting to DMARC Reporting

DMARC provides reporting capability, in the form of DMARC reports, which lets receiving email servers provide back data to the sending domain about incoming emails, such as the volume of both legitimate and fraudulent messages. This helps domain owners respond to email deliverability issues and domain spoofing incidents at a faster pace.

DMARC reports are of two primary types: 

• DMARC RUA Aggregate Reports 
• DMARC RUF Forensic Reports

How Do DMARC Aggregate Reports Help You?

DMARC aggregate (RUA) reports help you keep track of the delivery status of all emails received from your domain. They’re sent in XML format daily and offer several points of information regarding the status of emails sent from your domain. DMARC aggregate reports are sent to your designated email address, providing a useful general analysis of emails sent from your domain. They come in handy when you want to see how well your emails are performing in terms of deliverability and which IP address(es) are failing DMARC authentication. From these Reports, you can easily view:

• All the sending sources, sending emails from your domain
• The IP addresses behind these sending sources
• The geolocations of these sources
• The reporting organization’s name, contact information, and email address
• The DMARC policy configured for your domain
• The SPF and DKIM verification results

DMARC aggregate reports help you track policy in effect, and avoid any inbox disruptions that could adversely affect your subscribers, pulling all of your email activity together with a snapshot of emails failing authentication on your receiver’s side. It helps you track DMARC breaks and understand where you need to improve. Aggregate report data can be used to find out who has been spoofing your domain. You will be able to see which sending source is spoofing and the IP address behind it is trying to impersonate your domain over and over again and you can take action against these entities.

How Do DMARC Forensic Reports Help You?

A DMARC forensic report of any incident is an in-depth look at the details that led up to a phishing or spoofing attack, including all email exchanges and headers. DMARC uses the term “pass” to describe an email that has been received as normal. If your company sends emails and they are not considered “passes” according to the DMARC policy, your server will generate a forensic report. Analysis of a DMARC failure report can provide forensic insights into the deliverability of a message and how it is perceived in an email server’s spam/junk folder.

Although in comparison to DMARC Aggregate Reports, forensic reports are not as widely implemented by mailbox providers, however, they can prove to be a useful way to get detailed information about how and why emails fail DMARC. They can also help with troubleshooting various senders’ email delivery issues providing domain owners with the most granular analysis, detailing precisely how many emails were stopped before they reached the inbox, and why.