Different DMARC Report Formats For Complete Information Regarding Email Authentication

Get DMARC Monitoring

DMARC or ‘Domain-based Message Authentication, Reporting, and Conformance’ is a technical standard working as an email authentication protocol. It helps safeguard the email senders and recipients from social engineering attacks and provides reports in two different DMARC report formats based on the authentication status of the emails.

Table of Contents

How To Use DMARC Reports

The user only has to add a DMARC record to the organization’s DNS database. When the DNS record is published, the ISPs start sending various online DMARC reports, such as the Google DMARC reports or the kind of DMARC reports Office 365 sends. The report comes in flat XML text, which the user can analyze using any DMARC report analyzer open-source software.

DMARC Formats – Aggregate And Forensic

There are two fundamental types of DMARC report formats, viz., Aggregate, and Forensic. They provide different sets of valuable information, as discussed below.

Aggregate Report

It is an XML document with information regarding the authentication process of a message sent from a particular domain. This report helps the organization in verifying if the emails are authenticated against the standard policies and practices.

It provides the following crucial information with which the organization can quickly identify who is sending emails on its behalf and if the emails are authenticated. Its format includes the following details

The domain using which the email is sent
The IP address of the sender
The number or volume of messages sent on a particular date
The DKIM (Domain Keys Identified Mail) or SPF (Sender Policy Framework) details of the sending domain
The authentication result based on DKIM and SPF
The authentication result of DMARC

Forensic Report

An ISP generates a report in the Forensic DMARC report format when a message fails the DMARC authentication, and the DKIM or the SPF does not line up with the DMARC. It contains the following information

Sample data of emails that point out the issues concerning a specific source or mail stream
Message-level data
‘To’ and ‘From’ fields of the emails
Sender’s IP address
The body of the message

Final Words

When an organization has to send a large volume of commercial and transactional emails, it may implement a DMARC policy and ask its ISP to generate reports in both types of DMARC report formats. It will help the organization with efficient email authentication and in verifying whether a particular email is sent from its network or not.

Join the thousands of organizations that use DuoCircle

Find out how affordable it is for your organization today and be pleasantly surprised.