What to do after collecting DMARC data

You have implemented domains to your dashboard, published a DMARC record into your DNS and now receive data. What to do next? In this article is explained how you should analyze your data.

After you took the first steps of deploying DMARC you will be generating data. You can now start analyzing the valuable data DMARC Analyzer collects for you. In the perfect scenario you have a compliance of 100% and can immediately enforce your DMARC policy, however this is mostly not the case. Before you can can start enforcing your DMARC policy to Quarantine or Reject, you should work on your alignment. We describe what alignment is in one of our other articles about alignment.

DMARC Analyzer groups your data in several useful overviews. Of course you should use all overviews, however we recommend to start with the ‘Per sending source’ overview and work on the sources with the biggest volume first. In this overview we group the data of your aggregate reports into three different categories.

  1. In the DMARC compatible sources category you will find all sources of which we know are capable of sending DMARC compliant email. We recommend to improve alignment on these sources first. Behind most sources in this category you will see an information icon. When you click on the icon we will provide you with documentation on how to setup SPF and DKIM for that source. Use this to improve alignment.
  2. In the forwarding category you will find sources that automatically forward your emails, for more information please check one of our other articles about forwarding. You can not directly improve the alignment of forwarding sources. However signing your DMARC compatible sources with DKIM will improve the compliance of forwarding sources. Therefore we always recommend to (also) sign your emails with DKIM.
  3. In the failed sources category you will find sources that completely failed the DMARC checks. These sources can be malicious or incorrectly configured legitimate sources. It is important to investigate this and improve alignment for the known sources. Having trouble to identify if a source is malicious or valid? Search for the source in the forensic reports section to gain additional information.

Having trouble with a specific source? Go to the ‘Per host’ page and analyze the data for this specific source. Having trouble with a specific IP address? Go to the ‘ Detailed stats’ page and analyze the data for this specific IP.

Need help with deploying DMARC and determine next steps to take? We can help, take a look at our services!