Explanation of CSV columns in data exports
dmarcian users can export Detail Viewer data via CSV. When doing so, the CSV will contain the following columns:
Explanations for each column follow:
The Header-From column contains the “DMARC domain” of the row of data. The DMARC domain is the domain found in the From: header of a piece of email. We’ve published a walk-through of how DMARC works.
IP corresponds to the Internet Protocol Address of the source of email represented by the row. This IP address was responsible for sending (or attempting to send) email to a DMARC-enabled email receiver. For a walk-through of how email flows around the Internet, see this tutorial.
The PTR represents the hostname of the source server of the email represented by the row. dmarcian adds this information by performing a PTR lookup (also known as a Reverse DNS Lookup) of the IP address (see above).
CC is the Country Code of the country where the server responsible for the email represented by the row is located. CC is added by dmarcian and is reliable, but not always perfectly accurate.
Count contains the total number of emails received by DMARC-enabled receivers that match the row of data.
Policy-applied describes the DMARC policy that was applied to the email represented by the row of data, if any. “None” is present if no policy was applied (as the email was deemed to be compliant with DMARC), otherwise “quarantine” or “reject” are present.
DMARC-enabled email receivers can choose to not apply a domain’s public DMARC policy if the email receiver determines that the email arrived due to an exceptional circumstance. Exceptions are rare and, if present, are described in this column.
DMARC uses DKIM to determine the legitimacy of a piece of email. If a piece of email contains a valid DKIM-Signature and is relevant to the Header-From (see above), then the email is considered to be compliant with DMARC. If no DKIM-Signature is present or if a DKIM-Signature references a domain other than that of the Header-From, the DKIM-Signature is not relevant to DMARC compliance.
The result of processing a DKIM-Signature – regardless of the signature’s relevance to DMARC compliance – is found in this column. Visit our tutorial on DKIM to learn more about how DKIM works.
The domain of the DKIM-Signature.
DMARC uses SPF to determine the legitimacy of a piece of email. If SPF is in place and the domain checked by SPF is relevant to the Header-From (see above), then the email is considered to be compliant with DMARC. If SPF is not present or if the domain checked by SPF references a domain other than that of the Header-From, the result of SPF checking is not relevant to DMARC compliance.
The result of processing SPF – regardless of the relevance to DMARC compliance – is found in this column. Visit our tutorial on SPF to learn more about how SPF works.
The domain that SPF checked. SPF checks the domain of the envelope-address (also known as the bounce address).
Questions? Contact us!