Authentication report

This feature is only available with G Suite Enterprise and G Suite Enterprise for Education.

Email authentication systems like DMARC, DKIM, and SPF can protect your domain from certain types of email threats like phishing. The authentication report allows you to view the number of messages that meet, or don’t meet, these email authentication standards.

The security dashboard also includes a summary of authentication data. For details, see Security dashboard.

Note: The authentication report is only available for G Suite Enterprise accounts.

View the authentication report

  1. Sign in to your Google Admin console at admin.google.com.
    Be sure to sign in using your administrator account, and not your personal Gmail account.
  2. Click Security.
  3. Click Dashboard.
  4. In the bottom-right corner of the Authentication panel, click View Report. 

Authentication graph

This graph shows messages broken down by Authenticated and Unauthenticated.

  • Authenticated—Messages that meet email authentication standards
  • Unauthenticated—Messages that don't have any email authentication

Note: You can hide lines in the graph by clicking on the legend. For example, click Authenticated to hide data related to authenticated messages. This is especially useful if one line overlaps another.

Using the drop-down menus above the graph, you also customize the graph to provide details only about certain types of messages:

Filter Description

Traffic source

Inbound—Include only messages received by users within your domain. These messages may have been sent by users inside or outside of your domain.

  • External receiving—Include only messages sent by users outside of your domain.
  • Internal receiving—Include only messages sent by users inside of your domain.

Outbound—Include only messages sent by users in your domain. These messages may have been delivered to users inside or outside of your domain.

Authentication:
All, DKIM, DMARC, or SPF
DKIM—Include only messages that were authenticated using DKIM.

DMARC—Include only messages that were authenticated using DMARC.

SPF—Include only messages that were authenticated using SPF.
Outcome:
All, Spam, or Clean
Spam—Include only messages that were placed in the spam folder (this includes messages identified as spam, phishing, or malware by the Gmail spam filter).

Clean—Include only messages that were placed in users’ inboxes (this includes suspicious messages that were placed in users’ inboxes due to whitelisting).
Domain Choose the domain for your report.
Date range Customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days); or enter a Start date and End date. Click Apply after you set the date range.

Note: For this report, data is displayed only for the last 31 days. For example, if you set the parameters for up to 60 days, the data in the report is cut off at 31 days.

 

To generate a spreadsheet with the graph’s data, click Export Sheet. A spreadsheet corresponding to the data in the Authentication graph will be generated and saved to your My Drive folder.

Compare current and historical data

To compare the current data to historical data, in the top right, from the Statistical analysis menu, select Percentile. You’ll see an overlay on the chart to show the 10th, 50th, and 90th percentile of historical data (180 days for most data and 30 days for Gmail data). Then, to change the analysis, at the top right of the chart, use the menu to change the overlay line.

Authentication table

To view more details about authentication on specific dates, click any data point in the graph.

For example, by clicking the data point on August 21, a table is displayed with more details about authenticated messages on that date. The table lists the top domains that sent authenticated messages to your domain, with a message count for each domain. To view the top IPs that sent authenticated messages to your domain on that date, click IP address.

Was this article helpful?
How can we improve it?