Our DMARC Monitor tool is designed to help you effectively monitor and analyze DMARC(Domain-based Message Authentication, Reporting, and Conformance) data for your domains. This documentation will cover detailed information and guidance on how to set up and how to use this tool to improve email security and authentication.
v=DMARC1; p=none; sp=none;
ruf=mailto:firstname.lastname@example.org!5k; rf=afrf; pct=100; ri=86400; fo=1;
v=DMARC1: This part of the DMARC record indicates the version of the DMARC protocol being used. P: The “p” tag defines the policy for how failing DMARC checks should be handled. rua: Specifies the email address where aggregate DMARC reports ( RUA ) should be sent. These reports provide information about overall email authentication results for the domain. Sp: Stands for Subdomain Policy; Can be added to specify the policy for handling email sent from subdomains of the domain in question. Ruf: Specifies the URI(uniform resource identifier) where forensic DMARC reports (RUF) should be sent. RF: Report Format, we use afrf
3.a Dmarc Record Configuration
3.b Reporting and Monitoring:
3.c Aggregate Reporting:
3.d Forensic Reporting:
3.e Customization and Policies:
3.f Historical Data and Trend Analysis:
3.g User-Friendly Interface
Creating and customizing our DMARC Record for the Monitor/Analyzer tool is quite simple:
Note: The DMARC Monitor tool is live only after the Verifying DMARC record status is gone, any emails sent before or meanwhile it’s setting up will not be monitored by the tool. It does NOT monitor emails retrospectively, only from the time the tool is fully configured.
Note: 1 DMARC Monitor credit will be used only as long as the domain is being monitored/analyzed and is not deleted, after deletion the DMARC Monitor Domain credit will be freed up and can be reused with another domain.
In our DMARC Monitor dashboard we will find the following:
Domain = the domain monitored Emails Reported = The number of emails reported for this domain DMARC Compliance = The percentage of emails that successfully align with both SPF and DKIM SPF = The SPF Alignment DKIM = The DKIM Alignment DMARC Policy = The DMARC Policy applied for the domain
To find out more about the DMARC reports/emails reported we’ll have to click on our domain which will forward us to the next dashboard, as seen in the screenshot below:
We can select the start and end date for which we want the statistics, we’ll get a count of the total emails reported and a count of the Monitored, Quarantined or Rejected emails(depending on our dmarc policy) and also a percentage of the DMARC compliance.
Scrolling down a bit further we’ll find our “Sources”
Sources = Email servers/recipient servers that have sent us dmarc reports.
Clicking on a specific domain, as in our case google.com will open a dashboard containing information only received by that particular domain.
IP’s in the screenshots are redacted for security reasons, the actual dashboard will shot the full IP(s).
Requests by country = This is determined by geolocating the sender IP’s used to send the emails for which we received the report(s). The Source IP field specifies the exact IP’s used to send the emails while also providing a count for the Emails Reported, a DMARC Compliance percentage, and our SPF and DKIM success rate.
To get even more information we can click on any of the Source IP’s and we will find:
Reporter: The domain that generated and sent the DMARC report to our RUA Policy Overrides: A DMARC policy override occurs when an email recipient decides to override the policy that you have specified in your DMARC record. Additional information about Policy Overrides can be found here From Domain: The domain used by the sender of the email( sender domain ) Return-Path Domain: Specifies the domain of the return-path. The return-path is an email header that tells SMTP servers where they should send non-delivery notifications(a.k.a bounces). Policy applied: Monitored = a policy of none or no action was taken(emails that passed SPF and DKIM alignment)
Note: If the domain has a red-ish highlight as in the screenshot below, it means that the domain is NO longer set up for DMARC Monitoring. Possible causes: the DMARC record generated by the tool was modified and the record wasn’t updated in your DNS registrar.