DMARC Analyzer 2.0 - PGP Encryption for Forensic Reports

This article contains information on encrypting and decrypting DMARC Forensic reports using PGP keys, including steps to generate a PGP key, add it to DMARC Analyzer, and decrypt reports for secure analysis of email authentication failures.

By default, DMARC Analyzer does not save the body of forensic reports. These emails may contain sensitive data. Analysis will be more difficult because you do not know which email caused DMARC to fail.

To address this issue, there is a way to view the forensic reports. To view forensic reports, you must first add a PGP key to your account, which will encrypt the information and cause your account to begin encrypting the forensic reports. In your Forensic overview, you can download the encrypted report and decrypt it using your private key and password.

How to create a PGP key?

A PGP key consists of a private and public key combination.
The following software can be used to generate PGP keys: GnuPG / Gpg4win

• Your name: Your full name
• Your email address: Your email address
• Comments: This can be left empty
• Algorithm: RSA
• Key size: 4096
• Expires: Never
• Passphrase: A strong passphrase

Adding PGP key to DMARC Analyzer

To view the Forensic Report, firstly add your PGP key following these easy steps below:

1.  Log into Mimecast Administration Console

2. Navigate to More Services | DMARC Analyzer 2.0 | Forensic Reports

3. Click Add Public PGP Key to upload your PGP key.

4. Navigate to the Public PGP Key page.
5. Paste your PGP key into the provided field and click Save.
6. Once saved, Forensic Reports will be encrypted before being stored or displayed.

How to decrypt Forensic reports?

Encrypted mail messages can be found in your Forensic overview. Click on the “View” button at the mail headers. When an encrypted message is available, the entire message can be copied from the text area. To decrypt your message, use your generated private key and passphrase.