You can set up Domain-based Message Authentication, Reporting, and Conformance (DMARC) to receive regular reports from email servers that get email from your domain.
We recommend that you regularly monitor the daily DMARC reports that you get by email. Reviewing the information in the reports helps you understand what messages sent from your domain are passing Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) authentication, and DMARC authentication.
DMARC reports tell you:
- What servers or third-party senders are sending mail for your domain
- What percent of messages from your domain pass DMARC
- Which servers or services are sending messages that fail DMARC
- What DMARC actions the receiving server takes on unauthenticated messages from your domain: none, quarantine, or reject.
When the reports show that most messages pass DMARC, update your DMARC policy with stricter enforcement. Stricter enforcement better protects your domain from spoofing.
As you understand your organization’s mail flow and authentication, update your DMARC record enforcement options to be more strict.
Who should use DMARC reports
Important: We recommend that you always use reports when you turn on DMARC for your domain.
Reports tell you which messages sent from your domain are authenticated by SPF and DKIM. Reports also let you regularly review who is sending mail on for your domain, and can alert you to potential spammers.
Review information in the DMARC reports to verify that messages from your domain are sent by authorized servers, and pass authentication checks. As you understand how receiving servers authenticate messages from your domain, consider changing your policy from none to quarantine or reject.
Create a dedicated group or mailbox for your reports
The number of DMARC reports you receive by email can vary, and depends on how much email your domain sends. Every mail server you send email to will send you a daily report. You can receive many reports every day. Large organizations might get up to hundreds or even thousands of reports daily
We recommend creating a dedicated group or mailbox for your DMARC reports. If you get many daily reports, or if you need help reading and understanding reports, consider using a third-party service. Third-party DMARC services can receive, manage, and analyze your reports.
Get help from a 3rd-party service (recommended)
Reports can be difficult to read and interpret in raw format. We recommend using a third-party service that specializes in DMARC to receive, store, and analyze your reports:
- Depending on your mail volume, it’s possible to get many reports each day, up to hundreds. Several factors determine the number of reports you get, including: how many servers you send to, how much mail you send, and the reporting options specified in your DMARC policy record.
- Without a third-party service, you might need to create a dedicated Group or mailbox to receive and store the reports.
- Third-party services can combine individual reports.
- Third-party services can analyze aggregated reports, and provide feedback to you about how effective your DMARC record is.
Reading your DMARC reports
DMARC reports are usually sent once a day by email. They're sent to the email addresses you specify when you define your DMARC record. If reports are turned on with the rua DMARC record tag in your DMARC record, every server that receives mail from your domain sends a report.
Raw reports are in XML format, and include report metadata and one or more records. The important information in the reports is whether messages from your domain pass DMARC.
Each record summarizes:
- The number of messages sent from a single IP address for the report time period
- The SPF, DKIM, and DMARC authentication results for the messages
- Any actions taken by the receiving server, for example accepting unauthenticated messages because they passed ARC authentication
Example DMARC report in raw XML format
Here's an example of a report with one record that shows the results for 2 email messages. To read XML records, convert the report to a readable format, for example:
- Convert the records to a tabular format by adding them to a relational database
- Convert the XML to HTML by applying an XSL style sheet
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>solarmora.com</org_name>
<email>noreply-dmarc-support@solarmora.com</email>
<extra_contact_info>http://solarmora.com/dmarc/support</extra_contact_info>
<report_id>9391651994964116463</report_id>
<date_range>
<begin>1335571200</begin>
<end>1335657599</end>
</date_range>
</report_metadata>
<policy_published>
<domain>bix-business.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>203.0.113.209</source_ip>
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>bix-business.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>bix-business.com</domain>
<result>fail</result>
<human_result></human_result>
</dkim>
<spf>
<domain>bix-business.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
Example DMARC report in tabular format
Here's an example of a report with two records in tabular format. This report's been converted from XML format to a tabular format.
