How to Read DMARC Report | GoDMARC

How to Read DMARC Email Reports

Prior to understanding DMARC email reports, it is important to understand what is the significance of DMARC. DMARC stands for “Domain-based Message Authentication, Reporting & Conformance”, and is an email validation and authentication protocol. DMARC enables safe email communication and advertising possible by protecting your email domain from spamming emails, domain impersonation, and email phishing attacks. Furthermore, DMARC adds a reporting feature, known as DMARC Report, that allows senders and receivers to gain visibility and analyze authentication results for emails sent on behalf of their domain. These reports allow domain owners to maintain a tracker of deliverability problems, improve protocol implementation, and act against potential sources sending emails on behalf of their domain.

Importance of a DMARC Report

When you publish a DMARC record in your DNS, it gives you a feature on how your domain should act if and when an email is received that fails DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) authentication. With a properly configured DMARC record, email providers will send you reports directly to your email address, HTTP or HTTPS, allowing you to track the delivery of the emails sent on behalf of your domain. By enabling DMARC reports, you will be able to understand a lot of crucial information about ongoing email traffic. This information can be further used for authenticating your genuine email sources and blocking illegitimate ones.

DMARC email reports contain data around the authentication status of emails sent from your domain. With these reports, you can see which messages are authenticating against DKIM and SPF. DMARC reports do not contain any information about the email content. DMARC reports contain information about the source that sent the email, the domain used to send these emails, the IP address of the sender, a number of emails sent on a specific date and the DKIM/SPF sending domain, authentication result, and the DMARC result. All this information is crucial for an organization to understand who is sending emails on behalf of its domain, if an email sender is allowed to send on its behalf and if the emails are authenticated correctly. More importantly, email reports come in handy to see who is sending malicious/spamming emails on your behalf. Eventually, you can make sure that the spamming emails do not reach the inbox of your receivers and this is enabled by enforcing a DMARC policy reject.

Types of DMARC Report

Mainly, there are two types of DMARC Reports: Aggregate and Failure reports. Each serves a different purpose for the domain owner for authentication email sources and blocking illegitimate ones.



Aggregate Reports (RUA) – DMARC aggregated reports are the most important, they provide information regarding the authentication status of DMARC, DKIM, and SPF. These reports are sent to the RUA email address and do not contain confidential information about the email itself. These DMARC email reports contain Reporting ESP info, Header-from domain, DMARC policy and alignment settings, IP address of the sender, Email authentication status, and the number of emails sent. The default frequency to receive email reports is once a day, however, you can change it at your convenience on the DMARC report under the “ri” tab.



Failure Reports (RUF): DMARC failure reports are sent to the email address mentioned in the “ruf” tab. These failure reports provide edited copies of emails that fail authentication. These reports contain information about the origin of the valid email sources that require correction. In most cases, email receivers do not provide failure reports due to privacy concerns. If you are just starting with DMARC implementation, it is recommended to concentrate on tracking and acting on DMARC summary email reports.

How to Configure DMARC Reporting for your Domain

To configure the DMARC email report for your domain, you need to follow the given below steps:

Create a DMARC record for your email domain

In the “rua” criteria, enter the email address on which you want your DMARC Report to be sent

In the “ruf” section, enter the email address on which you want your DMARC failure reports to be sent

After this, click on “generate” button, it will create a txt record to be published on your DNS

Also Read this blog: Can I Set Up DMARC Without DKIM?

This section indicates Report ID number <report_id>8293631894893125362</report_id>  This section indicates beginning and ending date (in seconds) <date_range> <begin>1234573120</begin> <end>1234453590</end> </date_range>  This section indicates DMARC record specifications as published in your domain’s DNS <policy_published> <domain>yourdomain.com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>none</p> <sp>none</sp> <pct>100</pct> </policy_published>

This section indicates IP address of the sending source <source_ip>302.0.214.308</source_ip> 

This section indicates an overview of your authentication results <policy_evaluated> <disposition>none</disposition> <dkim>fail</dkim> <spf>pass</spf> </policy_evaluated> 

This section indicates From: domain <header_from>yourdomain.com</header_from> 

This section indicates DKIM authentication results <dkim> <domain>yourdomain.com</domain> <result>fail</result> <human_result></human_result>

</dkim> 

This section indicates SPF authentication results <spf> <domain>yourdomain.com</domain> <result>pass</result>

Conclusion

DMARC allows domain owners to monitor and validate the authentication of the emails sent on behalf of their domain. By implementing DMARC, you can assure email receivers regarding the legitimacy of the emails sent on behalf of their domain. Implementing DMARC and monitoring DMARC records is crucial to protect your email domain from cyber-attacks.

GoDMARC is your one-stop solution to protect your email domain from phishing activities. You can opt to secure your data from email spoofers and imposters, with help of our reasonable DMARC price plans.

Get in touch with your cybersecurity expert for more queries and GoDMARC plans!