DMARC Analyzer 2.0 - Timeline

Updated

This article contains information on the DNS Timeline feature in Mimecast DMARC Analyzer, which provides a chronological view of DNS record changes, helping users track, analyze, and ensure proper configuration of DMARC, SPF, and DKIM records.

Overview

The DNS Timeline in Mimecast DMARC Analyzer gives you a clear, chronological view of DNS record changes for your domains. It focuses on email authentication–related records such as DMARC, SPF, and DKIM, making it easier to:

  • See exactly what changed and when
  • Confirm that configuration updates were applied correctly
  • Troubleshoot authentication and delivery issues
  • Maintain an audit trail for compliance and security

By centralizing DNS change history in one place, the DNS Timeline helps you keep your domains correctly configured and protected against spoofing and phishing.

To access the Timeline, follow these simplified steps:

  1. Log in to Mimecast Administration Console
  2. On your left, navigate to More Services | DMARC Analyzer 2.0 | Domain Management
4de9a920-811f-432f-875a-38cd6503d605.png

DNS Timeline

The DNS Timeline displays each change as an entry in a list, with the most recent changes at the top. Every entry includes:

  1. Timestamp – The exact date and time of the change (for example, 18:00 UTC).
  2. Record type – The DNS record that was updated, such as DMARC, SPF, or DKIM.
  3. Domain – The domain the change applies to.
  4. Change details – A summary that highlights what was modified, including:
  • New record – The DNS record after the change.
  • Old record – The DNS record before the change.
  • Policy changes – For example, “Policy set from quarantine to reject.”
  • Subdomain policy updates
  • Enforcement adjustments – Such as “Percent set from 50 to 100.”
  • Reporting changes – For example, adding or removing reporting addresses like ruf=mailto:token@dmarc.mimecast.com.

You can expand individual entries to see a side‑by‑side comparison of the old and new records, which makes it straightforward to understand precisely what has changed.

Filtering and Finding the Changes

The Timeline includes flexible filters so you can quickly focus on the changes that are most relevant to you:

  1. Insert Domain - Search for a specific domain to view only its DNS change history.
  2. Select Group - Filter by domain groups (for example, business units or regions) to narrow down the list and make navigation easier.
  3. Date Range Selector - Choose a custom timeframe (such as the last 24 hours, last 7 days, or a specific date range) to investigate DNS changes during a particular period.
  4. Select DNS Event - Filter by event type, such as:
  • DMARC record updates
  • SPF record updates
  • DKIM record updates
  1. Reset and Filter buttons
  • Filter applies your current selections.
  • Reset clears all filters and returns you to the default view.

These options are especially useful when you are troubleshooting an issue or preparing for an audit and need to pinpoint specific changes.

How the DNS Timeline Helps Your Organization

The DNS Timeline supports a number of common operational and security workflows:

Track DNS Changes Over Time

Use the Timeline as a single source of truth for how your DNS configuration has evolved. This helps you:

  • Confirm that planned changes (such as tightening DMARC policy) have been completed.
  • Understand the history behind your current configuration.

Troubleshoot Email Authentication and Delivery Issues

When you see a spike in DMARC failures, SPF soft fails, or DKIM problems, the DNS Timeline helps you quickly answer questions like:

  • “Did anything change in our DMARC record just before this started?”
  • “Was a reporting address added or removed?”
  • “Did someone adjust the enforcement percentage or subdomain policy?”

By correlating DNS changes with authentication failures or delivery issues, you can identify root causes faster and restore normal operation.

Audit and Compliance

The DNS Timeline maintains a historical record of your DNS updates, which can be useful for:

  1. Internal security reviews
  2. Compliance reporting
  3. Demonstrating that email authentication controls are managed and monitored over time

With clear timestamps and before/after views, you can show exactly what was changed, when, and how.

Validate Policy Updates

When your organization moves toward stricter DMARC policies (for example, from p=none to p=quarantine or p=reject), the DNS Timeline lets you:

  • Verify that the change has been made in DNS
  • Check that only the intended fields (such as policy, percentage, or reporting URIs) were updated
  • Confirm that subdomain policies and reporting settings are aligned with your rollout plan

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.