DMARC Analyzer - Analyzing your DMARC Report

This article contains information on analyzing DMARC aggregate reports per result, including categories like DMARC compliance, authentication statuses, and invalid flows, with filters to refine and interpret email authentication data.
 

To access the Per result overview: 

1. Log in to your DMARC Analyzer dashboard 
2. Navigate to DMARC aggregate reports 

To return results:

1. Use the Search "From" domain(s) and Search hostname / IP addresses filters to return results for the domain that you would like to analyze.
2. The results are grouped into the following categories and sub-categories:

•  DMARC correct - DKIM or SPF aligned
  • • DMARC compliant – SPF aligned: These messages were sent by an IP address that was authorized through SPF. The messages did not have a valid (and aligned) DKIM signature.
    • DMARC compliant – DKIM aligned: These messages were DMARC compliant because they had a valid (and aligned) DKIM signature. SPF did not pass for these messages.
    • DMARC compliant – fully aligned: These messages were DMARC compliant and thus had a valid (and aligned) DKIM signature and they were sent by an IP address that was authorized through SPF.

• Authenticated - DKIM or SPF valid
• • • DKIM validated, but not aligned, SPF failed: These messages have a valid DKIM signature, but this signature was not aligned with the domain (the signature was created using another domain than the domain in the “From:” header of the email).
    • SPF validated, but not aligned, DKIM failed: These messages were sent by an IP address that was authorized through SPF. The domain validated was not aligned with the domain in the From header of the email. The DKIM signature for this email was missing or failed.

• Invalid flows- DKIM and SPF invalid
  • • DKIM/SPF failed: Both DKIM and SPF failed for these messages. This is the first group to have a look at while analyzing the DMARC data.

3. Subcategories may display the following postfixes: 

• • • Forwarded: The messages were forwarded by another mail account. Some users set up an account to automatically forward the e-mail to another account. This can cause headers to be changed as the forwarder becomes the “new sender” of the message.
    • Mailinglist operator: The messages were sent by a mailing list operator. This can be marketing newsletters or other e-mails from a mailing list (possibly sent by a third party).
    • Trusted forwarder: The sender of the DMARC report has marked the IP address which forwarded a message as a “trusted forwarder”. The ISPs have their own rules for this.