DMARC reports

How to analyse DMARC reports – Per result overview

DMARC Analyzer provides several overviews to analyse DMARC Aggregate (RUA) reports\. One of these overviews is the Per result overview. This article explains how you analyse the Aggregate DMARC reports within the Per result overview.

Filter on the domain that you would like to analyse. After filtering, you might notice that the results are grouped like the images below:

  1. Green DMARC results

    DMARC report analyzing - DMARC Analyzer
    DMARC compliant – SPF aligned
    These messages were sent by an IP address which was authorized through SPF. The messages did not have a valid (and aligned) DKIM signature.

    DMARC compliant – DKIM aligned
    These messages were DMARC compliant because they had a valid (and aligned) DKIM signature. SPF did not pass for these messages.

    DMARC compliant – fully aligned
    These messages were DMARC compliant and thus had a valid (and aligned) DKIM signature and they were sent by an IP address which was authorized through SPF.

  2. Purple DMARC results

    DMARC report analyzing - DMARC Analyzer
    DKIM validated, but not aligned, SPF failed
    These messages have a valid DKIM signature, but this signature was not aligned with the domain.
    (The signature was created using another domain than the domain in the “From:” header of the email)

    SPF validated, but not aligned, DKIM failed
    These messages were sent by an IP address which was authorized through SPF. The domain validated was not aligned with the domain in the From header of the email. The DKIM signature for this email was missing or failed.

  3. Red authentication results:

    DMARC report analyzing - DMARC Analyzer
    DKIM/SPF failed
    Both DKIM and SPF failed for these messages. This is the first group to have a look at while analyzing the DMARC data.

  4. Postfixes


    Forwarded
    The messages were forwarded by another mail account. Some users set up an account to automatically forward the e-mail to another account. This can cause headers to be changed as the forwarder becomes the “new sender” of the message.

    Mailinglist operator
    The messages were sent by a mailing list operator. This can be marketing newsletters or other e-mails from a mailinglist (possibly sent by a third-party).

    Trusted forwarder
    The sender of the DMARC report has marked the IP address which forwarded a message as a “trusted forwarder”. The ISPs have their own rules for this.

DMARC report analyzing - DMARC Analyzer