DMARC report explained

DMARC report: this article explains the DMARC report in a practical way. This article covers the definition, the various reports used, and practical examples in practice. After reading it, you will understand the basics of this powerful marketing tool.
What is a DMARC report?
A DMARC report is an email authentication protocol that helps protect an organization’s root domain against so-called spoofing and phishing attacks. Concepts related to email security are explained in more detail in this article.
Definition and acronym
DMARC stands for Domain-based Message Authentication, Reporting and Conformance. An effective DMARC policy protects an organization from the major threats to a company’s email infrastructure and provides valuable insights into how it works. This helps to monitor what is happening behind the scenes.
DMARC reports
DMARC reports are automatically generated reports that contain vital information about the authenticity status of emails sent from a particular domain. These documents are also referred to as the authenticity results. When a DMARC record is commanded and a publication is made in the Domain Name System (DNS), the user receives all data about all sending resources within a domain.
A report also contains a lot of other information about the domain, policy and enforcement level (security). Learning to read these reports is crucial for effective DMARC policy and therefore email security.
In general, two types of reports are used:
- Forensic Reports
- Aggregated Reports
Email Threats
As mentioned, this method protects a company against email threats from spoofing or phishing. The most important of these is the Business Email Compromise (BEC).
Phishing is a practice where an email is sent by a criminal. This email is “disguised” as an email from a trusted source, but in reality it is intended to trick the reader into revealing sensitive or confidential information. Links or information fields that have to be filled out are often used.
Spoofing involves a criminal impersonating a person or organization. The goal is nearly always to collect personal or business information.
Forensic DMARC report
A forensic report is a report that contains information about the authentication status of SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail). These reports also contain additional information such as the subject line, header information, included URLs, and attachments.
Aggregated DMARC report
Aggregated DMARC reports contain information about the authentication status of messages sent on behalf of a particular domain. These reports allow organizations to see which emails authenticate and which do not. The report does not contain information about the email itself, unlike forensic reports.
Example of the contents of a DMARC report
An aggregated DMARC report contains information coming from the email provider. This information is stored in a way that is unfamiliar to many people. The information is enclosed in sub-tags. For example, ISP (Internet Service Provider) information includes:
- Report ID. Tag: report_id
- Organization name. Tag: org_name
- Organization email. Tag: email
- Data range. Tags: start + end + date_range
Other information in an aggregated DMARC report includes information about:
- Primary domain. Tag: domain
- DKIM and SPF alignment. Tag: adkim + aspf
- Domain Policy. Tag: p
- Subdomain Policy. Tag sp
- DMARC policy percentage. Tag: pct
In addition, the report provides a summary of authentication results, such as:
- IP address of email. Tag: source_ip
- Total # IP addresses. Tag: count
Now It’s Your Turn
What do you think? Do you recognize the explanation about the DMARC report? Do you use these reports in your work environment? Or are your colleagues working on it? Do you think email security plays an important role in a company’s security?
Share your experience and knowledge in the comments box below.
- Nanaware, T., Mohite, P., & Patil, R. (2019). Dmarcbox–corporate email security and analytics using dmarc. In 2019 IEEE 5th International Conference for Convergence in Technology (I2CT) (pp. 1-5). IEEE.
- Nightingale, S. J. (2017). Email Authentication Mechanisms: DMARC, SPF and DKIM. US Department of Commerce, National Institute of Standards and Technology.
- Kucherawy, M., & Zwicky, E. (2015). Domain-based message authentication, reporting, and conformance (DMARC). (No. rfc7489).
How to cite this article:
Janse, B. (2022). DMARC report. Retrieved [insert date] from Toolshero: https://www.toolshero.com/information-technology/dmarc-report/
Original publication date: 12/10/2022 | Last update: 05/23/2023
Add a link to this page on your website:
<a href=”https://www.toolshero.com/information-technology/dmarc-report/”> Toolshero: DMARC report</a>