Email authentication results explained

The DMARC Analyzer Suite provides many email authentication results. The authentication results occur in multiple overviews within the DMARC Analyzer Suite, so it’s valuable to fully understand these results.

This article we will describe how DMARC Analyzer divides all collected authentication results into 8 different columns: Domain, Reason, Compliant?, Forwarded?, Volume, Applied Policy, DKIM Verification and SPF Verification. In addition , you might have noticed the ‘I’ information-icons, which give you a comprehensive guidance on how to improve the email authentication for that specific sending source.

email authentication results SPF DKIM DMARC

‘Source’

DKIM SPF verification

The ‘Source’ column shows all sources which sent email on behalf of a domain. It provides information regarding  the IP address(es) which are used to send the messages and the number of messages that are sent.

From Domain

DMARC from domain
The ‘From Domain’ column shows the domain name which has been used to send the email.

Compliant

DMARC compliant
The ‘Compliant’ column shows if the message was DMARC compliant or not.

Forwarded

 
DMARC forwarded
 
The ‘Forwarded’ column shows if the message was automatically forwarded or not.
 

IP address

IP address
The ‘IP address’ column shows the IP-address that was used to send the email.

Reason

DMARC reason
The ‘Reason’ column shows if the receiving party’s handled the message differently, than the enforced DMARC policy. In some cases the applied DMARC policy can be overruled. In the example above nothing changed.
 
DMARC reason
 
In this example the reason is local policy arc=pass. This indicates that an ISP applied a certain ‘local policy’ to the messages, which results in a different DMARC policy then you would expect based on the DKIM and/or SPF data for that message.
 

Results combined

 
DMARC reason
 
In this example you can see that the source AmazonSES has sent an email on behalf of example.com. The IP address that was used to send the message is 123.123.123.123. The message was DMARC compliant and not forwarded.
 
DMARC reason
 
By having a closer look into the provided results you can see that the email is DMARC compliant because of DKIM verification.
 

DKIM/SPF verification

 
DKIM SPF verification
 
The ‘DKIM verification’ and ‘SPF verification’ columns shows the percentage of messages which had an ‘aligned’ DKIM signature and or SPF record. Meaning that the ‘sending’ domain which was used to create the DKIM signature, is equal to the “From’ domain. When you sign an email with a different ‘sending’ domain then the ‘from’ domain, this email will not be DMARC compliant. Click on a line to see more detailed data (including the used DKIM / SPF domains). In the example below there is DKIM alignment, but there is no SPF alignment.
 
DKIM SPF verification
 
After expanding the rows, the DKIM and SPF authentication results can be seen. Let’s start with DKIM verification: in the DKIM verification column there’s an aligned result and a not aligned result. The aligned – thisisyourselector – example.com shows 3 things. First an aligned result, this means that the ‘From’ domain (which can be found in the first column) matched with the DKIM domain. This can be checked by comparing example.com to the “From’ domain. The thisisyourselector is obviously the selector we received from the DMARC reporting organisation.

Next to DKIM verification, an email can be DMARC compliant because of SPF verification. In this example there’s no SPF verification. There was no SPF result, this is shown by the text: ‘not set’. Next to that the envelope from is missing. If there’s a valid SPF record, the envelope “From’ can be found here.
 
DKIM SPF verification
 
When a message is SPF compliant, the authentication results look like the example above. A message could also be not aligned. Then the SPF is valid, but there’s no alignment.
 
SPF verification

Source Library

The information button is placed behind the source. This means that this source is added in the DMARC Analyzer library. By clicking on the button the documentation pop up. Here an organization can find how to set up DKIM and SPF.
 
Source library