//DMARC
Understanding Your DMARC Report
A DMARC report gives you insight into the health and security of your email system. It breaks down your email traffic based on how well it meets DMARC standards, which combine several authentication mechanisms to verify that emails sent from your domain are legitimate. Here's what each part of the report means:
Compliant vs. Non-Compliant Emails
DMARC Compliant Emails
These emails successfully meet the required authentication standards. They have passed the verification processes (SPF and DKIM) that confirm their origin and integrity. Essentially, this means these emails are reliably from the source they claim to be and have not been tampered with during their delivery. Compliant emails are a sign of a secure and trustworthy email communication system.
DMARC Non-Compliant Emails
These are emails that fail to meet the authentication standards set by DMARC. There are a couple of reasons for this:
- The email might pass individual checks like SPF or DKIM but fails to align correctly with your domain’s authentication parameters.
- Alternatively, the email could fail both SPF and DKIM checks, raising flags about its legitimacy.
Depending on your DMARC policy, these emails could be monitored for further review, marked as spam, or rejected outright. Non-compliant emails warrant attention as they could either be a result of misconfiguration or potential impersonation attempts.
Unknown/Threat Emails:
This category includes emails where authentication status is ambiguous or they are identified as potential security threats. ‘Unknown’ emails may arise due to gaps in the SPF or DKIM coverage or due to certain discrepancies in the authentication setup.
‘Threat’ emails, on the other hand, are those that are identified as harmful, often linked to phishing or spoofing activities. These require immediate and decisive action to mitigate potential security risks.
Volume and Sources
1. Compliant Volume
This shows the number of emails that have fully met DMARC’s authentication requirements. A high number here is good, as it means most of your outgoing emails are properly authenticated and trusted by recipient email servers.
2. Non-Compliant Volume
These emails haven’t passed DMARC’s authentication checks. They could be failing SPF, DKIM, or both. The reasons can vary, from being sent from unapproved servers to having their content changed in transit. It’s important to address these issues to prevent legitimate emails from being rejected or marked as spam.
3. Threat/Unknown Volume
This section includes emails that couldn’t be clearly authenticated or have been flagged as potential security threats, like phishing or spoofing attempts. It’s critical to investigate these to protect your domain’s reputation and your recipients’ security.
4. Forwarder Volume
These are emails that have been forwarded by the receiver, which can sometimes cause authentication checks like SPF to fail. They may be forwarded by systems like third-party spam filtering run by the receiver.
5. Compliant Sources
This count reflects the number of sending sources that are consistently passing DMARC checks. More sources here generally indicate a broad and healthy email ecosystem under your domain.
6. Non-Compliant Sources
This represents the number of sending sources that have sent at least one email failing DMARC checks. You should review these sources to ensure they are authorised and configured correctly.
In addition to DMARC, it’s worth understanding the difference between SPF and DKIM.
What is SPF?
SPF (Sender Policy Framework) is like a security check for your business’s emails. It helps make sure that emails sent from your business’s email address are actually from you.
How Does SPF Work?
As a business, you create a list of email services that are allowed to send emails from your business’s address. This list is called an SPF record. When you send an email, the receiving email server checks this list. If the email is from a service on your list, it’s considered legitimate.
Key Points About SPF
SPF is good at verifying the source of an email, but it doesn’t check the visible ‘From’ address, so it’s not foolproof. If emails are forwarded, SPF might not work properly, because the forwarding service isn’t on your approved list.
SPF is a tool to help protect your business’s email from being misused. It’s an important part of keeping your email communications secure, but it works best when used with other security measures.
What is DKIM?
DKIM (DomainKeys Identified Mail) is like a digital signature for your business’s emails. It helps ensure that the content of your emails hasn’t been tampered with during their journey to the recipient.
How Does DKIM Work?
When you send an email, your email system adds a special encrypted signature to the message. This signature is unique to your business. The receiving email server uses a public key, which is available in your domain’s DNS records, to decrypt the signature and verify that the email hasn’t been altered.
Key Points About DKIM:
DKIM provides a way to check that the content of the email remains unchanged from the time it was sent. It helps build trust in your email communications, as recipients can be more confident that the email is genuinely from your business and hasn’t been modified.
DKIM is like a seal of authenticity for your emails. It’s a tool for maintaining the integrity of your email communications and is most effective when used in combination with other email security measures like SPF and DMARC.
What is a good ‘DMARC Score?’
In the context of DMARC a “compliant score” refers to the percentage of your email traffic that passes DMARC checks. A good compliant score is crucial for ensuring that your emails are trusted by recipients and mail servers, reducing the risk of them being marked as spam or phishing. A high DMARC compliant score is indicative of robust email security practices. Here’s what you should aim for:
Ideal Compliant Score
Strive for as close to 100% compliance as possible. This means nearly all your outgoing emails are authenticated correctly and align with your DMARC policy. A high score indicates that your SPF and DKIM records are correctly set up, and your email sending practices are in good health.
Realistic Expectations
While 100% is ideal, it’s also important to be realistic. Depending on the complexity of your email ecosystem, achieving absolute compliance can be challenging.
A compliance rate of 95% or above is generally considered very good. It shows that most of your emails are correctly authenticated and that you have effective control over your email domain.
Improving Your DMARC Compliance
A high DMARC compliant score is not just about avoiding the spam folder; it’s about protecting your brand and maintaining trust with your customers and partners. Here’s a few steps you can take to start improving your compliance:
- Regularly review your DMARC reports to identify and address sources of non-compliance.
- Ensure that your SPF and DKIM records are up-to-date and reflect all legitimate email sources.
- If you’re consistently falling below a desirable compliance rate, it might indicate issues such as misconfigured email services or unauthorised email sources. These should be investigated and resolved.
In summary, aiming for a DMARC compliant score of 95% or above is a good benchmark for businesses. However, the ultimate goal should always be to work towards 100% compliance, ensuring that all legitimate emails are authenticated correctly and unauthorised use of your email domain is prevented. Regular monitoring and adjustments to your email authentication setup are key to maintaining a high compliant score.