DMARC Report Viewer

DMARC is a two-sided coin: on one side, it is used by email filtering servers to detect forgeries, and on the other side, it generates a report for administrators that helps them ensure their outbound emails are sent with a correct SPF record and DKIM signature. These reports are generated by foreign servers, such as Gmail, Yahoo, and Outlook.com, and show how your emails are perceived on their end.

Checking if DMARC is Enabled For Your Domain

DMARC is added as a TXT record in your DNS server. Use the following steps to check if DMARC is enabled for your domain:

  • Open a Command Prompt on any machine (Linux, Windows, or MAC). The following command is supported on every operating system.
  • Type: nslookup -q=txt _dmarc.yourdomain.com
  • Needless to say, change the domain name to your domain in the above command

Here is the result of the DMARC record published for synametrics.com

v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc.rua@synametrics.com; ruf=mailto:dmarc.ruf@synametrics.com

There are two parts in the example you see above:

  • BLUE - This information is for spam filters who will receive emails from your domain. The word quarantine instructs them to treat emails into junk if DMARC does not align - in other words, if SPF and/or DKIM fails.
  • RED - This part of the DMARC record is used for reporting. It instructs servers like Gmail, Yahoo and others to send their DMARC report to a specific email address.

Watch A Short Video

What is a DMARC Report

After you configure a DMARC record for your domain in the DNS server and specify a value for aggregate reports, such as rua=mailto:dmarc.rua@yourdomain.com, servers on the Internet will send DMARC reports to your specified address. These reports are in XML format and contain beneficial information, allowing you to fix any routing problems. These reports will contain IP addresses from which the reporting servers, such as Gmail, Yahoo, and Outlook.com, received emails for your domain, and include the alignment value for these IP addresses.

Since these reports are in XML format, reading them in their raw format is impractical. Therefore, Xeams parses these reports and presents the data in for user-friendly format that is very easy to understand.

Processing DMARC reports is a built-in feature in Xeams. To enable report processing, go to Filter Management, DMARC, and specify the user for Aggregate and Forensic Feedback, as shown below.

Once you've done this, emails sent to these addresses will be processed as DMARC reports in Xeams. You must ensure the values you specify on this screen match the values in your DNS servers.

Analyziing DMARC Report

Click Filter Management/DMARC to view processed reports. Ensure your desired domain name is selected as shown below.

The data is displayed in three tabs. The first tab, Authorized IPs, is the most important. This tab displays IP addresses authorized to send emails for your domain as specified in your SPF record. Ideally, the DMARC Compliance Rate for authorized IP addresses should be close to 100%. Clicking an IP address will display every record for this IP from every sender, giving you further information.

Steps to Take If Compliance Rate is Low

It is normal to see the compliance rate slightly lower than 100%. This happens when an occasional email ends up in quarantine because the filtering system ran into some DNS problems. For example, it could not resolve the SPF record due to a networking problem or when an intermediate server modified the message to make the DKIM signature invalid.

On the flip side, if the compliance rate is low, you should investigate why emails from an authorized IP are going into quarantine. The easiest way to confirm is to run Tools/Diagnostic Check - Outbound in Xeams, which runs a test and reports any misconfiguration.

If you're not using Xeams to send outbound emails, you must ensure your SPF record is correct, and emails are signed with a DKIM signature.