Email Fraud Protection

Reading your first DMARC reports

Posted by Cherie Ansari on

I remember when I got hold of my first DMARC reports, almost a year ago. Finally, something new and shiny for me to play with! If you’re about to encounter the same experience, then here’s what you can expect:

Aggregate Reports (RUA)

  • The participating Mailbox Providers will send daily reports via email, HTTP, or HTTPS based on what you defined in the “rua” tag.
  • The reports sent by email will be MIME formatted messages. It will include an XML file contained in a zip file.
  • The reports include data about messages that passed and/or failed DMARC.

The report will include 3 sections:

  1. ISP information

    • Mailbox Provider name
    • Mailbox Provider’s sending email address and additional contact information
    • Report ID number
    • Beginning and ending date range in seconds
  2. DMARC Record – a line by line description of your DMARC record
  3. Summary of authentication results – This is what you’ve been waiting for. Look for the areas that show neutral, none, or failed results.

    • IP identified in the legitimate and/or fraudulent email
    • Count of IP address identified
    • From: domain
    • DKIM authentication results – lists the domain and result (i.e. none, pass, or fail)
    • SPF authentication results – lists the domain and result (i.e. neutral, pass, or fail)

Forensic Reports

After seeing rows and rows of endless XML tags, my excitement quickly faded. Put it this way, I considered printing the aggregate report until I saw that it was 500 pages. The bottom line is that you need some intelligent way to summarize these reports for you. Obviously, you can ask one of your IT folks to parse the data, but is there really a need to recreate the wheel? Here are some information that you might find useful:

Have you come across any other scripts that you’ve found useful to parse these reports? Is so, please do share.

About Cherie Ansari

Cherie has been in the email deliverability business for the past six years. As a former email marketer and a Return Path client, she understands first-hand what it takes to earn a good sender reputation. Today, she works diligently to reduce ISP blocks, complaints, spam traps, and data hygiene problems for her clients and has proudly achieved 90%+ inbox deliverability rates. Her portfolio of clients includes those in the social networking, retail, travel, insurance, affiliate, and educational industries. Cherie’s in-depth knowledge has earned her the privilege to be an email deliverability expert guest speaker at the Direct Marketing Association Conference. Cherie holds an M.S.B.A with a concentration in eCommerce from San Francisco State University.

Read more from this author