Protecting your email domain from phishing and spoofing becomes increasingly important as email attacks become more common. In fact, $50 billion has been lost to business email compromise (BEC) worldwide in the last decade.
DMARC is a key email authentication protocol that can secure your domain and protect against attacks. However, implementing DMARC enforcement is just one piece of the puzzle. You also need the visibility and insight provided by DMARC email reports. Why are you receiving these DMARC email reports? They provide essential insights into your domain’s email authentication status and help you maintain a secure domain.
Learn all about the value these DMARC reports provide:
What is DMARC?
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that allows brands, organizations, and companies to protect their email domains against phishing and spoofing.
While reporting is an optional component of the DMARC specification, we strongly recommend implementing and utilizing DMARC reporting. DMARC emails, also known as DMARC report emails, provide extremely valuable data necessary to manage email authentication and domain protection against phishing and spoofing.
DMARC works hand in hand with email authentication protocols Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to help you monitor for full compliance with email authentication requirements.
What is a DMARC report?
Requesting DMARC reporting is something that a domain owner does when configuring their DMARC record. A DMARC record is a simple TXT record in DNS that begins by explaining what policy inbox providers should apply to unauthenticated email messages (none, quarantine or reject), but also allows for additional, optional settings, including settings related to DMARC reporting. In the DMARC record, the domain owner includes a tag called “RUA” along with an email address meant to receive any DMARC reports that are sent by mailbox providers.
Many inbox providers, when evaluating inbound email messages, will look for this “RUA” tag in a domain’s DMARC record and know that the domain owner wishes to receive aggregate DMARC reports by the presence of this tag.
The reporting helps you track both legitimate and illegitimate email sources for your domain. With this reporting, you can see what sources and services are sending (or attempting to send) emails using your domain name. You can map out who’s trying to spoof your domain, what country they’re from, how much mail they seem to be trying to send, and what mail is being delivered.
These DMARC reports are sent via email by different inbox providers (like Google and Microsoft) and are specially formatted in Extensible Markup Language (XML) for easy handling by automated software.
Why do I need to receive these DMARC email reports?
So do you need to receive DMARC report emails? The short answer is yes.
It’s important to receive and review the data provided by DMARC reports so that you don’t make decisions regarding email authentication and domain protection blindly. You don’t want to accidentally tell inbox providers to reject mail that you consider legitimate.
Reporting helps you identify legitimate email sources that might not have email authentication properly configured, as well as giving you insight into where the phishing and spoofing are originating from (and whether or not any phishing or spoofing of your email domain is taking place).
DMARC reports are only sent for a domain that has a DMARC record that indicates that feedback reporting is requested and specifies who should receive these DMARC email reports. The data includes information on emails seen by the receiver and where the From: address is the domain that contains the DMARC record, allowing you to review email activity for your domain.
What do these DMARC reports tell me?
The DMARC aggregate reports differ from DMARC failure reports (which we don’t recommend) and contain no personal data or PII. The data in these reports is General Data Protection Regulation (GDPR) compliant. DMARC report emails primarily provide seemingly simple bits of information:
- Your domain name
- Date range
- Number of messages attempted to send
- IP of servers sending emails
- DNS name of the sending server
- DKIM key information
- Whether or not messages passed or failed SPF and DKIM email authentication checks
DMARC report emails also contain additional information, highlighting the DMARC settings for your domain when the report was generated.
If you haven’t received these DMARC email reports yet and want to see the status of your domain, use our free domain checker.
Analyze DMARC reports with Valimail
While it’s not impossible to review individual DMARC report emails by hand, their greater utility comes from being able to take the data they provide, compile and aggregate that information over time, combine the multiple reports from multiple mailbox providers, generate reporting and dashboards to identify trends and trouble over time.
That’s where Valimail Enforce comes into play. Our world-class sender identification technology analyzes DMARC aggregate report data and presents it in an easy-to-understand way. Want to see how you can analyze the number of emails passing and failing DMARC, aligned SPF or DKIM, or known sending services using your domain on a given date as far back as six months?
Industry Research and Community Engagement Lead at Valimail
Al Iverson