Supported editions for this feature: Enterprise; Education Standard and Education Plus. Compare your edition
Email authentication systems like DMARC, DKIM, and SPF can protect your domain from certain types of email threats like phishing. The authentication report allows you to view the number of messages that meet, or don’t meet, these email authentication standards.
The security dashboard also includes a summary of authentication data. For details, see Security dashboard.
View the authentication report
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
In the Admin console, go to Menu SecuritySecurity centerDashboard.
- In the bottom-right corner of the Authentication panel, click View Report.
This graph shows messages broken down by Authenticated and Unauthenticated.
- Authenticated—Messages that meet email authentication standards
- Unauthenticated—Messages that don't have any email authentication
Note: You can hide lines in the graph by clicking on the legend. For example, click Authenticated to hide data related to authenticated messages. This is especially useful if one line overlaps another.
Using the drop-down menus above the graph, you also customize the graph to provide details only about certain types of messages:
Inbound—Include only messages received by users within your domain. These messages may have been sent by users inside or outside of your domain.
All, DKIM, DMARC, or SPF
|DKIM—Include only messages that were authenticated using DKIM.
DMARC—Include only messages that were authenticated using DMARC.
SPF—Include only messages that were authenticated using SPF.
All, Spam, or Clean
|Spam—Include only messages that were placed in the spam folder (this includes messages identified as spam, phishing, or malware by the Gmail spam filter).
Clean—Include only messages that were placed in users’ inboxes (this includes suspicious messages that were placed in users’ inboxes due to whitelisting).
|Domain||Choose the domain for your report.|
|Date range||Customize the report to view data from Today, Yesterday, This week, Last week, This month, Last month, or Days ago (up to 180 days); or enter a Start date and End date. Click Apply after you set the date range.
Note: For this report, data is displayed only for the last 31 days. For example, if you set the parameters for up to 60 days, the data in the report is cut off at 31 days.
To generate a spreadsheet with the graph’s data, click Export Sheet. A spreadsheet corresponding to the data in the Authentication graph will be generated and saved to your My Drive folder.
Compare current and historical data
To compare the current data to historical data, in the top right, from the Statistical analysis menu, select Percentile (not available for all Security dashboard charts). You’ll see an overlay on the chart to show the 10th, 50th, and 90th percentile of historical data (180 days for most data and 30 days for Gmail data). Then, to change the analysis, at the top right of the chart, use the menu to change the overlay line.
To view more details about authentication on specific dates, click any data point in the graph.
For example, by clicking the data point on August 21, a table is displayed with more details about authenticated messages on that date. The table lists the top domains that sent authenticated messages to your domain, with a message count for each domain. To view the top IPs that sent authenticated messages to your domain on that date, click IP address.