Understanding DMARC Reports and Their Types
This article will help you in understanding DMARC Reports and their types, highlight the meaning and purpose of each type, and explain why DMARC reports are crucial for protecting your domain.
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email authentication and verification system. DMARC report provides an overview of fundamental information about a domain’s activities. It confirms the integrity and consistency of an email’s source by analyzing its source and header domains for monitoring your users and ensuring email security.
In What Way Does DMARC Work?
DKIM (Domain Keys Identified Mails) and SPF (Sender Policy Framework) are two email authentication techniques that DMARC uses. DKIM and SPF help to verify that the sources utilized only deliver authorized emails.
“Domain Alignment” is one of DMARC’s important values that help determine if the domain of the email address in the “From:” line matches the SPF verification and DKIM signature IDs. One of the following policies decides the outcome depending upon the alignment:
- “None”: There was no action taken in response to the unqualified email. It is delivered to the recipient’s mailbox. The domain owner receives a report including information on the message’s transmission.
- “Quarantine”: The unqualified email is routed to the recipient’s email server’s “Spam” folder, whereas the Domain owners get the detailed report.
- “Reject”: DMARC-failed emails are simply rejected and do not reach recipients.
It would be best to make sure that any third parties authorized to send emails on your behalf are authenticated before configuring the DMARC “Reject” policy. Otherwise, their emails would also be rejected.
Types of DMARC Reports and why do you need them?
1. DMARC Aggregate Reports(RUI)
RUI or aggregate DMARC reports provide information on a daily basis in XML (Extensible Markup Language) format. The report contains details such as the sender’s IP address, email count, SPF/DKIM identities, etc. For example, rua=mailto:email@example.com.
DMARC Aggregate Report includes the following information:
- The source of the IP address’ source that is being sent
- Date Range
- Domain for which the report relates
- Information related to SPF
- SPF domain alignment verification: pass or fail?
- SPF authentication outcomes: none, neutral, pass, fail, softfail, temperror, or permerror.
- Information related to DKIM
- Domain alignment check: success or failure?
- DKIM authentication results: none, neutral, pass, fail, policy, temperror, and permerror.
- Disposition of email as per the receiver’s policy: None, Quarantined, or Refused
2. Forensic Reports (RUF)
A DMARC forensic report contains additional information such as subject line, header information (e.g., “To” and “From”), URLs included, and attached files.
For receiving forensic reports, the DMARC record uses the Ruf tag. For example, ruf=mailto:firstname.lastname@example.org.
- Sender’s IP Address
- From: sender’s email address
- To: recipient’s email address
- Email subject line
- SPF, DKIM, DMARC Authentication Results
- The time when it was received
- The header information in an email: sending host, the ID of the email message, DKIM signature, and delivery result.
Understanding and correctly implementing DMARC policies and analyzing reports can help provide organizations with enhanced email security and ensure email deliverability. In today’s digital world of increasing cyber-attacks and spoofing attempts, one needs to adopt measures such as DMARC to ensure the confidentiality, integrity, and availability of their organization’s information assets.