How to Read DMARC Reports?

Domain-based Message Authentication Reporting and Conformance (DMARC) does not only protect your domain against BEC, domain impersonation, and email fraud attacks, it also provides you visibility into your email channels, so that you are always aware of what is going on in the background. DMARC provides a reporting mechanism, in the form of DMARC reports that allows domain owners to read authentication results for every email that is sent on behalf of their domain. This essentially helps you track deliverability issues, take action against malicious sending sources and resolve protocol implementation errors promptly.

Why Do You Need DMARC Reports?

Despite SPF and DKIM mechanisms, there is a certain probability that the original messages will be correctly processed, and the identity of the sender will go unnoticed. Also, frequently, recipient’s reports about failures do not reach the sender. In general, the services are continuously evolving and improving.

DMARC steps in as an email authentication program that ensures your email communication is authenticated by SPF or DKIM. It ensures that your emails can be trusted and helps remove chances of spoofing by allowing the receiver to check for valid headers before even opening the mail. In order to ensure  the security of your data, you need highly-reliable and robust email security. DMARC is one such standard that checks the integrity of your addresses and helps prevent phishing attacks all while improving your email deliverability rates.

When you publish a DMARC record in your DNS, it allows you to specify how your domain should react when an email is received that fails DKIM and SPF authentication. With a properly configured DMARC record, mailbox providers will send you reports directly to your email address, HTTP or HTTPS, letting you monitor the delivery of emails sent from your domain. By setting up DMARC reports you’ll be able to get a lot of valuable information about your outgoing mail traffic. This information can be used for the purpose of authenticating your genuine sources and blocking your illegitimate ones.

How to Read DMARC Reports: Reading DMARC XML Reports

Your DMARC reports, also called raw reports, provide essential data about email activity on your domain that are necessary to help protect you against future phishing attacks. They’re available in XML format and they’re usually sent by email with the subject “DMARC Report.” There are essentially two types of reports:

  1. DMARC Aggregate (RUA) Report
  2. DMARC Forensic (RUF) Report

You can visit PoweDMARC’s knowledge base to learn more about each of them and how to configure them for your domain easily.

DMARC RUA reports are sent in the form of XML files, reading which can be a bit of a hassle for a non-technical person, here is an example of a raw report:

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<feedback>

<report_metadata>

<org_name>google.com</org_name>

<email>[email protected]</email>

<extra_contact_info>http://google.com/dmarc/support</extra_contact_info>

<report_id>8293631894893125362</report_id>

<date_range>

<begin>1234573120</begin>

<end>1234453590</end>

</date_range>

</report_metadata>

<policy_published>

<domain>yourdomain.com</domain>

<adkim>r</adkim>

<aspf>r</aspf>

<p>none</p>

<sp>none</sp>

<pct>100</pct>

</policy_published>

<record>

<row>

<source_ip>302.0.214.308</source_ip>

<count>2</count>

<policy_evaluated>

<disposition>none</disposition>

<dkim>fail</dkim>

<spf>pass</spf>

</policy_evaluated>

</row>

<identifiers>

<header_from>yourdomain.com</header_from>

</identifiers>

<auth_results>

<dkim>

<domain>yourdomain.com</domain>

<result>fail</result>

<human_result></human_result>

</dkim>

<spf>

<domain>yourdomain.com</domain>

<result>pass</result>

</spf>

</auth_results>

</record>

</feedback>

Breaking Down a DMARC XML Report

Let’s take you through the various sections of the DMARC report to help you understand what they stand for and how to read it. In the XML file for your DMARC RUA reports, you can find information about:

  • Your ISP, the name of your email service provider

<?xml version=”1.0″ encoding=”UTF-8″ ?>

<feedback>

<report_metadata>

<org_name>google.com</org_name>

<email>[email protected]</email>

<extra_contact_info>http://google.com/dmarc/support</extra_contact_info>

  • The report ID number

<report_id>8293631894893125362</report_id>

  • The beginning and ending date range (in seconds)

<date_range>

<begin>1234573120</begin>

<end>1234453590</end>

</date_range>

  • Your DMARC record specifications as published in your domain’s DNS

<policy_published>

<domain>yourdomain.com</domain>

<adkim>r</adkim>

<aspf>r</aspf>

<p>none</p>

<sp>none</sp>

<pct>100</pct>

</policy_published>

  • IP address of the sending source

<source_ip>302.0.214.308</source_ip>

  • An overview of your authentication results (SPF and DKIM pass/fail result summary)

<policy_evaluated>

<disposition>none</disposition>

<dkim>fail</dkim>

<spf>pass</spf>

</policy_evaluated>

  • From: domain

<header_from>yourdomain.com</header_from>

  • DKIM authentication results

<dkim>

<domain>yourdomain.com</domain>

<result>fail</result>

<human_result></human_result>

</dkim>

  • SPF authentication results

<spf>

<domain>yourdomain.com</domain>

<result>pass</result>

</spf>

DMARC Report Analyzer: PowerDMARC’s Human-Readable DMARC Report Viewer

As you have probably already understood, while DMARC reports are extremely important to monitor your organization’s email flow and view authentication results, they are not very pleasing to the eyes. With DMARC reports flooding your inboxes everyday, you wouldn’t want the pain to go through them and analyze them line by line,        fishing for useful information.

This is why PowerDMARC’s DMARC report analyzer helps you view your DMARC Aggregate  RUA reports easily in an organized tabular format, parsing data and segregating information into categories with the option to filter data according to IP addresses, organizations, sending sources and specific stats.

Perks of configuring easy DMARC report analyzer:

  • On the dashboard, you can view DMARC RUA reports in 7 distinct viewing formats, to view results: per organization, per result, per sending source, per host, per country, according to geo locations, and segregate detailed stats.
  • Enter domain(s) of your choice to filter results for that particular domain only in the search bar
  • Select a specific date range to filter results for that timeline
  • Bright colour scheme and interactive dashboard that helps you understand your authentication results at a glance when in a hurry, as well as in great detail.

Sign up today to get your DMARC report analyzer!

Leave a Reply