DMARC Analyzer provides several overviews to analyse DMARC Aggregate (RUA) reports\. One of these overviews is the Per result overview. This article explains how you analyse the Aggregate DMARC reports within the Per result overview.
Filter on the domain that you would like to analyse. After filtering, you might notice that the results are grouped like the images below:
- Green DMARC results
DMARC compliant – SPF aligned
These messages were sent by an IP address which was authorized through SPF. The messages did not have a valid (and aligned) DKIM signature.
DMARC compliant – DKIM aligned
These messages were DMARC compliant because they had a valid (and aligned) DKIM signature. SPF did not pass for these messages.
DMARC compliant – fully aligned
These messages were DMARC compliant and thus had a valid (and aligned) DKIM signature and they were sent by an IP address which was authorized through SPF.
- Purple DMARC results
DKIM validated, but not aligned, SPF failed
These messages have a valid DKIM signature, but this signature was not aligned with the domain.
(The signature was created using another domain than the domain in the “From:” header of the email)
SPF validated, but not aligned, DKIM failed
These messages were sent by an IP address which was authorized through SPF. The domain validated was not aligned with the domain in the From header of the email. The DKIM signature for this email was missing or failed.
- Red authentication results:
Both DKIM and SPF failed for these messages. This is the first group to have a look at while analyzing the DMARC data.
The messages were forwarded by another mail account. Some users set up an account to automatically forward the e-mail to another account. This can cause headers to be changed as the forwarder becomes the “new sender” of the message.
The messages were sent by a mailing list operator. This can be marketing newsletters or other e-mails from a mailinglist (possibly sent by a third-party).
The sender of the DMARC report has marked the IP address which forwarded a message as a “trusted forwarder”. The ISPs have their own rules for this.