The Detail Viewer is a comprehensive data discovery tool that allows you to explore your DMARC data in a variety of ways and to inform you on how to get your email sources compliant with DMARC.

UPDATE

We’re excited to share improvements to one of the most heavily used elements of our application—the Detail Viewer. You now have a more powerful data filtering tool to help with the work of deploying DMARC, saving you time and resources.  Regardless of how complex your email infrastructure might be, this update lets you easily navigate the large datasets afforded by DMARC reporting. With these enhanced options, you have a greater ability to identify successes, gaps in authentication, sending patterns, and much more. To enable the new filtering categories, click on “Advanced Filters” under the basic filtering dialog, shown below.

Screen shot of collapsed detail viewer filters

With the basic filtering search parameters, you’re presented with these options:

  • Domain: search by a specific domain 
  • Reporters: search by which source is sending reports
  • IP/CIDR: search by IP address or CIDR
  • Timeframe: enter dates for which you’d like to see results
  • Compliance
    • None: shows all compliant and non-compliant data
    • Show impact of policy: show messages impacted by DMARC policy 
    • Show non-compliant email: show messages failing DMARC
    • Show compliant email: show messages passing DMARC

By enabling the Advanced Filters view, you’ll see the following expanded section:

Screen shot of expanded detail viewer filters

The introduction of the advanced filters lends both time saving and a means of data exploration necessary for more complex DMARC projects.

Advanced filters include the following fields:

  • Source: Isolate a curated list of sources sending on your behalf for management or troubleshooting.
  • SPF Alignment: Result of whether or not a particular mail stream meets DMARC compliance requirements by way of SPF.
  • DKIM Alignment: Result of whether or not a particular mail stream meets DMARC compliance requirements by way of DKIM.
  • PTR/Server Name: The server name of the IP address that transmitted the message (eg. result of DNS PTR lookup on the IP address ).
  • SPF Raw Result: The raw SPF check result conducted by the receiver (eg. Did SPF pass/fail/other?).
  • DKIM Raw Result: The raw DKIM check result conducted by the receiver (eg. Did DKIM pass/fail/other?).
  • Country: The country where the server is believed to be located.
  • SPF Mail From: The domain that was used to pass SPF. This field is also referred to as the Envelope-From, bounce domain, and Return-Path.
  • DMARC Policy Applied: The DMARC policy (if any) that was applied to the message by the recipient email receiver.

In the remainder of this article, we’ll cover the other sections of the Detail Viewer: Email Volume and DMARC Data.

Email Volume

dmarcian Detail Viewer email volume section

The middle section of the Detail Viewer displays the Email Volume by Category. Here, you get a quick look at your email volume and in what categories they fall. Email volume is the number of emails sent from your domain(s). By mousing over images, you can extract detailed information.

DMARC Data

dmarcian Detail Viewer bottom section

The bottom section of the Detail Viewer shows DMARC data grouped by source. 

In this section of the Detail Viewer, you have four navigation tabs that reveal the four high-level categories in which dmarcian classifies DMARC data. The four categories are:

DMARC Capable – a source of email that is capable of sending DMARC-compliant email. When displayed in the dmarcian tools, DMARC-Capable sources are often accompanied by statistics showing the current level of DMARC compliance for email associated with the source. For example, a 25% DMARC compliance rate means that 25% of this source is passing DMARC.

Non-compliant Sources – a source of email that is not capable of sending DMARC-compliant email. If you’re using a service that shows up in “Non-compliant Sources,” you can refer them to How to send DMARC compliant email on behalf of others.

Forwarders – Forwarding happens when you send an email to john@example.org and John has configured his email to be forwarded to another of his email addresses. Another example of forwarding is how mailing lists route email. From the perspective of the email receiver (the entity that is generating DMARC XML reports), your email appears to be coming out of infrastructure that has nothing to do with you. The Forwarders tab shows which sources are forwarding email on your behalf and whether or not the forwarding is passing DMARC. Forwarded email can only be authenticated via DKIM, though DKIM signatures can be inadvertently broken because of how messages are forwarded through different types of infrastructure. For forwarded email, your DMARC compliance is equal to the “survival” of your DKIM signatures as they travel through forwarders. To increase your DMARC compliance rates, be sure to DKIM sign as much mail as is supported by your DMARC-Capable sources. This will allow forwarded messages to pass DMARC checks at the next hop, as long as the intermediary has not changed either the body or significant headers.

Threat/Unknown – Threat/Unknown sources are either fraudulent or need to be identified as legitimate. To help dmarcian development identify unknown sources, click the Identify as Legitimate button next to the source to provide more information.

The graph below the navigation tabs provides a chronological visualization of the data category you’ve selected.

Detail Viewer Graph showing chronological data view

Below this graph, you get a list of your sources and each of these are expandable to reveal the server names and the data columns. You can mouseover the column headers, click on the “Column Meanings” tab on the right side of the page or read the relevant article in our knowledge base to learn about the headers and how they relate to your DMARC report.

Detail Viewer showing sources

When you click on a reporter in the “Reporter” column, there is helpful sorting that appears in a popover as well as a new column which shows data in columns you have hidden when you mouse over the blue plus symbol (see below). This is helpful if you’d like quick insight into a particular row, without having to adjust your preferred column visibility options.

Detail Viewer hidden fields

The data provided in the Detail Viewer represents your current levels of DMARC compliance, gaps, and the underlying SPF and DKIM values in play on mail flow. You’ll want to have a solid grasp of the term “alignment” and how messages achieve a state of DMARC compliance. Interpreting the data can seem challenging at first, but once you’ve understood each of the columns’ meanings and learned to practice filtering, you’ll be on your way.

We’re here to help people understand and deploy DMARC, so get in touch with us if you have any questions about the Detail Viewer.

Want to continue the conversation? Head over to the dmarcian Forum