dmarcian’s platform receives, processes, classifies and visualizes mail from your domain so you can quickly identify SPF and DKIM authentication gaps and unauthorized use of your domains. The reporting platform runs on the most accurate source classification engine in the industry and provides you with accurate and actionable knowledge for managing your email domains.

One segment of our platform is the Detail Viewer; for ease of organization in this overview, we’ve divided it into the following three sections: Search Parameters, Email Volume and DMARC Data.

Search Parameters

dmarcian Detail Viewer search parameters section

The top section of the Detail Viewer is composed of search parameters that allow you to select the reporting you’d like to view. You’re presented with these options:

  • Domain: search by a specific domain 
  • Reporters: search by which source is sending reports
  • IP/CIDR: search by IP address or CIDR
  • Timeframe: enter dates for which you’d like to see results
  • Compliance
    • None: shows all compliant and non-compliant data
    • Show impact of policy: show messages impacted by DMARC policy 
    • Show non-compliant email: show messages failing DMARC
    • Show compliant email: show messages passing DMARC

Email Volume

dmarcian Detail Viewer email volume section

The middle section of the Detail Viewer displays the Email Volume by Category. Here, you get a quick look at your email volume and in what categories they fall. Email volume is the number of emails sent from your domain(s). By mousing over images, you can extract detailed information.

DMARC Data

dmarcian Detail Viewer bottom section

The bottom section of the Detail Viewer shows DMARC data grouped by source. 

In this section of the Detail Viewer, you have four navigation tabs that reveal the four high-level categories in which dmarcian classifies DMARC data. The four categories are:

DMARC Capable – a source of email that is capable of sending DMARC-compliant email. When displayed in the dmarcian tools, DMARC-Capable sources are often accompanied by statistics showing the current level of DMARC compliance for email associated with the source. For example, a 25% DMARC compliance rate means that 25% of this source is passing DMARC.

Non-compliant Sources – a source of email that is not capable of sending DMARC-compliant email. If you’re using a service that shows up in “Non-compliant Sources,” you can refer them to How to send DMARC compliant email on behalf of others.

Forwarders – Forwarding happens when you send an email to john@example.org and John has configured his email to be forwarded to another of his email addresses. Another example of forwarding is how mailing lists route email. From the perspective of the email receiver (the entity that is generating DMARC XML reports), your email appears to be coming out of infrastructure that has nothing to do with you. The Forwarders tab shows which sources are forwarding email on your behalf and whether or not the forwarding is passing DMARC. Forwarded email can only be authenticated via DKIM, though DKIM signatures can be inadvertently broken because of how messages are forwarded through different types of infrastructure. For forwarded email, your DMARC compliance is equal to the “survival” of your DKIM signatures as they travel through forwarders. To increase your DMARC compliance rates, be sure to DKIM sign as much mail as is supported by your DMARC-Capable sources. This will allow forwarded messages to pass DMARC checks at the next hop, as long as the intermediary has not changed either the body or significant headers.

Threat/Unknown – Threat/Unknown sources are either fraudulent or need to be identified as legitimate. To help dmarcian development identify unknown sources, click the Identify as Legitimate button next to the source to provide more information.

The graph below the navigation tabs provides a chronological visualization of the data category you’ve selected.

Detail Viewer Graph showing chronological data view

Below this graph, you get a list of your sources and each of these are expandable to reveal the server names and the data columns. You can mouseover the column headers, click on the “Column Meanings” tab on the right side of the page or read the relevant article in our knowledge base to learn about the headers and how they relate to your DMARC report.

Detail Viewer showing sources

When you click on a reporter in the “Reporter” column, there is helpful sorting that appears in a popover as well as a new column which shows data in columns you have hidden when you mouse over the blue plus symbol (see below). This is helpful if you’d like quick insight into a particular row, without having to adjust your preferred column visibility options.

Detail Viewer hidden fields

The data provided in the Detail Viewer represents your current levels of DMARC compliance, gaps, and the underlying SPF and DKIM values in play on mail flow. You’ll want to have a solid grasp of the term “alignment” and how messages achieve a state of DMARC compliance. Interpreting the data can seem challenging at first, but once you’ve understood each of the columns’ meanings and learned to practice filtering, you’ll be on your way.

Here’s a quick video of the Detail Viewer.

We’re here to help people understand and deploy DMARC, so get in touch with us if you have any questions about the Detail Viewer.

Want to continue the conversation? Head over to the dmarcian Forum