DMARC monitor Documentation

1. Introduction

Our DMARC monitor tool is designed to help you effectively monitor and analyze DMARC(Domain-based Message Authentication, Reporting, and Conformance) data for your domains. This documentation will cover detailed information and guidance on how to set up and how to use this tool to improve email security and authentication.

2. DMARC Basics

  • What is DMARC?
    DMARC, which stands for “Domain-based Message Authentication, Reporting, and Conformance” is a security protocol used to prevent email spoofing and phishing. In simple terms, DMARC helps ensure that the emails you receive in your inbox are actually from the sender they claim to be from.

  • How DMARC works?
    It works by enhancing email authentication and providing a framework for email receivers to verify the authenticity of incoming emails.

  • DMARC Policies and Tags
    Here’s an example of a DMARC Record generated by our DMARC monitor tool, let’s learn more about the tags and what can be customized:

v=DMARC1; p=none; sp=none;
rua=mailto:dmarc_aggregate_analyser+0d9f56ee5e6d38d98e937f227617bfe4@zerobounce.net!5k;
ruf=mailto:dmarc_forensics_analyser+0d9f56ee5e6d38d98e937f227617bfe4@zerobounce.net!5k;
rf=afrf; pct=100;ri=86400; fo=1;

v=DMARC1: This part of the DMARC record indicates the version of the DMARC protocol being used.
P: The “p” tag defines the policy for how failing DMARC checks should be handled.
rua: Specifies the email address where aggregate DMARC reports ( RUA ) should be sent. These reports provide information about overall email authentication results for the domain.
Sp: Stands for Subdomain Policy; Can be added to specify the policy for handling email sent from subdomains of the domain in question.
Ruf: Specifies the URI(uniform resource identifier) where forensic DMARC reports (RUF) should be sent.
RF: Report Format, we use afrf

3. What are the benefits of using our DMARC Analyzer/Monitor Tool?

3.a Dmarc Record Configuration

  • Simplifies the process of setting up and configuring DMARC records for your domains
  • Provides a user-friendly interface to customize DMARC policies, alignment requirements and other options

3.b Reporting and Monitoring:

  • Aggregates and processes DMARC reports received from email providers and generates actionable insights
  • Presents DMARC data in a comprehensible dashboard and format

3.c Aggregate Reporting:

  • Generates aggregate DMARC reports to summarize email authentication results for a domain
  • Helps domain owners understand the overall health of their email authentication

3.d Forensic Reporting:

  • Provides forensic-level DMARC reports for individual email messages that failed authentication

3.e Customization and Policies:

  • Supports customization of DMARC policies to instruct email receivers on how to handle unauthenticated or failed emails(none, quarantine, reject)

3.f Historical Data and Trend Analysis:

  • Maintains historical DMARC data, enabling trend analysis and performance monitoring over time

3.g User-Friendly Interface

  • Provides a user-friendly and intuitive dashboard for users to view and analyze DMARC data
  • Includes charts and visualizations for easy data interpretation

4. DMARC monitor - How to create the DMARC Record

Creating and customizing our DMARC Record for the Monitor/Analyzer tool is quite simple:

  1. Head over to Tools -> DMARC monitor
  2. Click on Add DomainDMARC monitor Page
  3. Add the domain you want to MonitorAdd a DMARC monitor Domain
  4. Once we add the domain we’ll get our DMARC Record; this is where we can customize it by clicking on the Optional Settings buttonSet up your DMARC Domain
  5. Done customizing? Add the DMARC TXT record into your DNS registrar and proceed by clicking on the Verify DMARC record button
  6. It may take up to 24 hours for your DMARC policy to take effect. We’ll send an email once we’ve verified it’s working correctly.
  7. Your domain’s status will be “Verifying DMARC record…” until the DNS record propagates and the DMARC monitor gets synced.List of your DMARC Domains

Note: The DMARC monitor tool is live only after the Verifying DMARC record status is gone, any emails sent before or meanwhile it’s setting up will not be monitored by the tool. It does NOT monitor emails retrospectively, only from the time the tool is fully configured.

5. Pricing and Packages

  • Is included in all Tools plans except Freemium
  • Can be purchased via Custom Packages
  • Costs $49 for 1 DMARC monitor up to 50 then it’s discounted by 25% and even 50% for a higher volume(purchased via Custom Packages)

Note: 1 DMARC monitor credit will be used only as long as the domain is being monitored/analyzed and is not deleted, after deletion the DMARC monitor Domain credit will be freed up and can be reused with another domain.

6. DMARC monitor dashboard, functionality and features

In our DMARC monitor dashboard we will find the following:

DMARC monitor Dashboard

Domain = the domain monitored
Emails Reported = The number of emails reported for this domain
DMARC Compliance = The percentage of emails that successfully align with both SPF and DKIM
SPF = The SPF Alignment
DKIM = The DKIM Alignment
DMARC Policy = The DMARC Policy applied for the domain

To find out more about the DMARC reports/emails reported we’ll have to click on our domain which will forward us to the next dashboard, as seen in the screenshot below:

DMARC monitor Statistics

We can select the start and end date for which we want the statistics, we’ll get a count of the total emails reported and a count of the Monitored, Quarantined or Rejected emails(depending on our dmarc policy) and also a percentage of the DMARC compliance.

Scrolling down a bit further we’ll find our “Sources”

DMARC monitor Sources

Sources = Email servers/recipient servers that have sent us dmarc reports.

Clicking on a specific domain, as in our case google.com will open a dashboard containing information only received by that particular domain.

DMARC monitor Country Statistics

IP’s in the screenshots are redacted for security reasons, the actual dashboard will shot the full IP(s).

Requests by country = This is determined by geolocating the sender IP’s used to send the emails for which we received the report(s). The Source IP field specifies the exact IP’s used to send the emails while also providing a count for the Emails Reported, a DMARC Compliance percentage, and our SPF and DKIM success rate.

To get even more information we can click on any of the Source IP’s and we will find:

DMARC monitor Domain Details

Reporter: The domain that generated and sent the DMARC report to our RUA
Policy Overrides: A DMARC policy override occurs when an email recipient decides to override the policy that you have specified in your DMARC record. Additional information about Policy Overrides can be found here
From Domain: The domain used by the sender of the email( sender domain )
Return-Path Domain: Specifies the domain of the return-path. The return-path is an email header that tells SMTP servers where they should send non-delivery notifications(a.k.a bounces).
Policy applied: Monitored = a policy of none or no action was taken(emails that passed SPF and DKIM alignment)

Note: If the domain has a red-ish highlight as in the screenshot below, it means that the domain is NO longer set up for DMARC monitoring. Possible causes: the DMARC record generated by the tool was modified and the record wasn’t updated in your DNS registrar.

Disabled DMARC Domain