How to Using forensic reports to identify unknown sources
While DMARC aggregate reports are great for an overview of your sending, they do not provide detailed information you can use to help locate unfamiliar sources that show up in your aggregate reports as failing DMARC. DMARC aggregate reports provide a great high-level overview of your DMARCprotected domains, but they don't show you information such as the actual IP addresses that are associated with each sending. Based on publicly available data from DNS IP intelligence and Reverse DNS lookup, we can create a report that identifies all unique sources within your aggregate reports. These unknown sources may be related to spam bots that don't send valid DKIM signatures. We have found that in some cases these are internal corporate IPs which are not regularly used for mail delivery yet may be used by the marketing department to send a few test emails. Forensic reports are one method that you can use to help identify unfamiliar sources appearing in your aggregate reports. They allow you to examine individual messages and get a breakdown of each element within a message. Using forensic reports and DMARC, you can greatly increase your ability to identify unfamiliar senders and protect your brand's inbox placement and