Getting started with dmarcian

We’ve created the following guide to help you get started and ensure you get the most from your dmarcian account. Regardless of your company size or email program complexity, the first action to take is to sign up for a 30-day trial if you have not already done so. Having access to our reporting platform will allow for dmarcian to receive and process your domain’s DMARC data. From here, you can explore a rich dataset about email sources sending on your behalf and quickly identify gaps in well established email authentication best practices.

The dmarcian platform can also help you understand if your domain meets the new sender guidelines that Google and Yahoo began enforcing in February 2024.

At the core of our offering is our DMARC Management Platform, which automates the collection and processing of important signals about your domain and email programs. We make it easy to measure your adoption rates of foundational email authentication standards—SPF, DKIM and DMARC—through a series of DNS validation tools, DMARC XML reporting, and alerting services. From this data, domain owners can confidently take advantage of anti-abuse protections afforded by the DMARC standard.

Without dmarcian’s platform, domain owners are faced with the challenge of manually interpreting raw XML reports and keeping track of the health of underlying DNS records. For the last 12 years, thousands of domain owners have come to rely on dmarcian to help them get the necessary visability into how both their legitimate efforts are performing, as well as abusive attempts by bad actors. DMARC reports are essentially audit logs of emails received claiming to come from your domain. More and more domain owners have come to learn that they have been unaware of unexpected and unauthorized attempts.

The account set-up process begins with publishing a DMARC record which will enable getting your domain’s DMARC data into the dmarcian platform. Once that is accomplished and you’ve let the data build for a few days, you can begin the process of interpreting your data and working to achieve DMARC compliance, the state in which the emails you send can be verified as being legitimate by email receivers (Yahoo, Google, Microsoft, Comcast, Mimecast, Proofpoint, etc.).

Sending DMARC-compliant email makes it easy for email receivers to identify and stop phishing, spoofing and unauthorized attempts on your domain. A milestone of success is when you have brought all of your legitimate email sources into compliance and can then enable a strict, DMARC policy of p=reject on your domain. This action will instruct email receivers to block any emails being sent from your domain that have not been explicitly authorized.

Publishing a DMARC Record

We have tools available to generate your DMARC record; if you haven’t published one yet, here are some instructions on how to do that. If you have already published one, you can verify that it is properly formatted.

Getting Data to Us

There are a number of ways to get your data to the dmarcian platform, though we strongly recommend the first option—sending data directly to dmarcian. DMARC data is generated and sent by email receivers based on the messages they received claiming to come from your domain. As a reminder, DMARC is an established internet standard, as opposed to a proprietary piece of technology more commonly found in the cybersecurity space.

DMARC has broad adoption across the entire email ecosystem and has had steady growth of adoption since its introduction. It’s important to understand that the DMARC reports themselves are entirely free to domain owners, with email receivers bearing the operational cost to send them. The investment of a dmarcian subscription is entirely for the receiving, processing and visualization of that data. If you are just adopting DMARC now, there may be other standards and best practices you may not be taking advantage of. We will present a number of learning opportunities throughout your time with dmarcian.

The following are options for getting your data to the dmarcian platform:

1. Send Data Directly to dmarcian: The most convenient option to have data processed is by sending your DMARC reports directly to dmarcian for processing. Upon creation of your account, you will receive a dmarcian address to include in your DMARC record. This option has proven to be the most reliable method of receiving reports.
   
   
2. Forward Data to your dmarcian Account: If you are receiving DMARC reports or sending them elsewhere and do not wish to send reports directly to dmarcian, you can forward DMARC reports to the dmarcian address provided when you register. From time to time, forwarding rules can break or sending and storage quotas can be reached. Cases like this could result in gaps of data.
   
   
3. Upload Data to dmarcian: If you already have DMARC XML data, you can easily upload it using our XML-to-Human Converter. You will be given a detailed report of your data, but your data history will not be stored unless you are logged in.
   

Because DMARC data is generated on a 24-hour cycle, after a few days, enough data is gathered to begin generating meaningful reports. If you don’t see data after more than 48 hours of publishing your DMARC record, here is some advice.

Upon successfully publishing a DMARC record, data will populate in your dmarcian account automatically. We typically recommend letting 1-2 weeks worth of data to collect before making assertions about your domain’s usage. DMARC data in your account will be available only from the date you published the record onward. Similarly, if you publish a DMARC record but don’t frequently send email from that domain, data will not arrive until after you start sending email.

dmarcian’s DMARC Management Platform

The dmarcian application receives two distinct types of data:

1. Public DNS: Users are notified of DNS syntax errors, extraneous entries and recommended improvements.
2. DMARC XML: The XML format used for transmitting DMARC data is not designed for immediate human interpretation.

Our platform visualizes the data in a series of predefined views so you can quickly identify email authentication gaps (SPF, DKIM, DMARC), email sending sources, and unauthorized use of your domains. In addition to aggregating DMARC data, our platform provides domain administration teams with the necessary features to adopt DMARC with clarity and confidence.

Domain Overview

Once information is flowing into your account, you’ll see a visual representation of how your domains are being used across the internet. You can visit the Domain Overview to assess the state of your domains. From there you can view the state of DMARC, SPF, DKIM and determine the volume of your domains.

Source Viewer

Our Source Viewer provides best-in-class visibility of the email sources that have been observed to send email using your domain. Before you can protect your email domains with DMARC, all legitimate sources of email need to be configured to send DMARC-compliant email. Our Source Viewer provides insights into where your email is originating and the level of compliance. For sources that require additional configurations, we have provided how-to information on the steps needed to achieve DMARC-compliance. Our support team has cataloged the world’s most popular ways of sending email. They continue their lofty goal of cataloging the entire world’s means of sending mail by adding new sources each day.

Detail Viewer

The Detail Viewer, provides the richest dataset and control over the data returned. The top half of the page shows a trendline of your data along with powerful search and filtering capabilities. Where the Domain Overview and Source Viewer provide key high level data points, the Detail Viewer is where you are likely to spend the majority of your time doing discovery.

The bottom half of the Detail Viewer, shown below, shows your data grouped into four tabbed classifications: DMARC-capable, Non-compliant, Forwarding, and Threat/Unknown (you can find details on how we categorize this data here). Each tab shows groups of email sources, configuration instructions and details on SPF, DKIM and DMARC compliance trends. You can expand each source to reveal details at the message level. This data discloses how email streams that are using your domains are being perceived by email receivers. As a reminder, the data is actually generated by the email receivers themselves.

This is only the start. Our platform is feature-rich, and the best way to experience it is firsthand.

What Happens at the End of the Trial?

At the end of your 30-day test run, you’ll receive an email with instructions for continuing your DMARC project on our DMARC Management Platform. To continue your DMARC implementation and management project with dmarcian, you can subscribe via our self-serve portal by choosing your subscription level and billing frequency (monthly or annual) on the Billing & Usages page in your account. You can then enter your customer and billing details and your account will be automatically activated. You won’t be able to select a subscription that falls below your current level of active domains or email volume use.

If you find that you need some assistance with getting DMARC in place, dmarcian offers a few options. For small and medium-sized organizations looking to outsource their projects, we have a local and global network of partners ready to assist.

Large organizations or those with more complex domain catalogs will benefit from our Deployment Services—project-based initiatives with a dedicated deployment representative to guide you through DMARC implementation so you achieve your objectives and milestones. We’ve successfully deployed DMARC for every organization that has used our Deployment Services.

While support is included in every subscription, Dedicated Support can help you manage DMARC-related incidents, editorialize data reviews, and embed DMARC into your organization’s daily operations.

We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.