How to Read DMARC Reports?
How to enable DMARC reporting for your domains?
In order to configure the DMARC report for your domain you need to:
- Create a DMARC record for your domain
- While creating your record, in the “rua” criterion, you need to enter the email address to which you want your aggregate reports to be sent
- In the “ruf” criterion, you need to enter the email address to which you want your forensic reports to be sent
- After you have successfully filled up the other criteria and hit the “generate” button, the AI will create a TXT record for you to publish on your DNS
Note: DMARC forensic reports are not supported by all domains.
How to Read DMARC Reports: Reading DMARC Raw Reports
Your DMARC reports, also called raw reports, provide essential data about email activity on your domain that are necessary to help protect you against future phishing attacks. They’re available in XML format and they’re usually sent by email with the subject “DMARC Report.” There are essentially two types of reports:
- DMARC Aggregate (RUA) Report
- DMARC Forensic (RUF) Report
You can visit PoweDMARC’s knowledge base to learn more about each of them and how to configure them for your domain easily.
Reading DMARC RUA reports can be a bit of a hassle for a non-technical person, here is an example of a raw report:
<?xml version=”1.0″ encoding=”UTF-8″ ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support@google.com</email>
<extra_contact_info>http://google.com/dmarc/support</extra_contact_info>
<report_id>8293631894893125362</report_id>
<date_range>
<begin>1234573120</begin>
<end>1234453590</end>
</date_range>
</report_metadata>
<policy_published>
<domain>yourdomain.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>302.0.214.308</source_ip>
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>yourdomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>yourdomain.com</domain>
<result>fail</result>
<human_result></human_result>
</dkim>
<spf>
<domain>yourdomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
Breaking Down a DMARC Raw Report
Let’s take you through the various sections of the report to help you understand how to read DMARC reports, what they stand for and how to read it. In the raw file for your reports, you can find information about:
- Your ISP, the name of your email service provider
<?xml version=”1.0″ encoding=”UTF-8″ ?>
<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>noreply-dmarc-support@google.com</email>
<extra_contact_info>http://google.com/dmarc/support</extra_contact_info>
- The report ID number
<report_id>8293631894893125362</report_id>
- The beginning and ending date range (in seconds)
<date_range>
<begin>1234573120</begin>
<end>1234453590</end>
</date_range>
- Your DMARC record specifications as published in your domain’s DNS
<policy_published>
<domain>yourdomain.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
- IP address of the sending source
<source_ip>302.0.214.308</source_ip>
- An overview of your authentication results (SPF and DKIM pass/fail result summary)
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
- From: domain
<header_from>yourdomain.com</header_from>
- DKIM authentication results
<dkim>
<domain>yourdomain.com</domain>
<result>fail</result>
<human_result></human_result>
</dkim>
- SPF authentication results
<spf>
<domain>yourdomain.com</domain>
<result>pass</result>
</spf>
Standard Email Protocols: SMTP, POP3 & IMAP Free4 m- What is Email Security? Free4 m
- Email Security Practices Free4 m
- Building an Email Security Compliance Model Free5 m
- Corporate Email Security Checklist Free3 m 30 s
- What is the difference between Inbound email security and outbound email security? Free4 m
- What is Information Security? Free4 m
- Zero Trust Security Model Free3 m
- What is SPF Alignment? Free3 m
- How to Set Up Microsoft Office 365 SPF record? Free4 m
- How to Set Up Google Workspace SPF Record? Free2 m
- How to Set Up MailChimp SPF Record? Free3 m
- How to Set Up SendGrid SPF Record? Free2 m
- How to Set Up Salesforce SPF Record? Free3 m
- How to Setup Zoho Mail SPF Record? Free2 m
- What is DMARC Compliance? Free2 m
- The Benefits of DMARC Free2 m
- DMARC Configuring Free3 m
- Achieving DMARC Enforcement Free2 m
- DMARC Vs Antispam Solutions Free2 m
- DMARC Identifier Alignment Free2 m
- DMARC sp Tag Exceptions & Uses Free1 m
- Configuring DMARC without DKIM Free3 m
- Configuring DMARC without SPF Free2 m
- DMARC Aggregate Report Views Free3 m
Video - PowerDMARC Aggregate Reports Free2 m 13 s- DMARC Forensic Report Views Free2 m
- Video - PowerDMARC Forensic Reports Free
- DMARC Forensic PGP Encryption and Decryption Free2 m
- TLS Report Views Free3 m
- Video - PowerDMARC TLS Reports Free
- PDF/CSV Reports Free2 m
- Video - PowerDMARC PDF/CSV Reports Free1 m 1 s