Getting started with dmarcian

dmarcian tools are under constant development to make DMARC deployment faster and easier for everyone. This article describes how to best use the tools today.

If you’re just getting started, create an account on dmarcian. Then, while logged into your account, add your domains to the site.

When your domains are added to the site, publish DMARC records for each domain to begin collecting data. DMARC data is generated on a 24 hour cycle, so give the site a few days to collect data.

If you’re new to DMARC, now would be a good time to get familiar with the technology and what it can do.

With data in place, visit the Domain Viewer -> Mission Control tool to get an overview of the state of your domains. From there you can click on the state of DMARC, SPF, DKIM, and assess the volume of your domains. If you ever want to force the site to refresh your domain (maybe because you just updated a DMARC or SPF record and want the site to pick up the change), click on the refresh button just to the right of the domain name.

Next, visit the Domain Lifter -> Source Viewer tool. dmarcian maintains a set of rules to identify legitimate sources of email that are capable of sending DMARC compliant email. The Source Viewer is used to identify which sources of email need work to bring the compliance percentage as close to 100% as possible. Click on the SPF/DKIM percentages to view notes on how to get individual sources into compliance with DMARC.

The last tool to get familiar with is the Domain Overview  -> Detail Viewer.  This tool allows you to explore your DMARC data in a variety of ways. The top half of the page shows a timeline of your data along with search parameters such as date selectors, domain and data-provider pickers, and a filter option that can be used to shows what would have happened had a DMARC policy been in place.

The bottom half of the Detail Viewer page shows your data grouped into four high-level tabs: DMARC-capable, Non-compliant, Forwarding, and Threat/Unknown. For details on how dmarcian categorizes data, see this article. Each tab shows groups of infrastructure and details on DMARC compliance. You can reveal more detail about each group by clicking “show details”. Fine-grained detail on each message flow can be revealed by drilling down further by clicking on the green “+” buttons. Column definitions for the fine-grained view can be found by clicking the white “?” icon. This data shows you exactly how email streams that are using your domains are being perceived by email receivers.

If you’re new to dmarcian, give the Threat/Unknown tab a once over and let dmarcian know if you find a source of email that is known to you. We’ll investigate the source and add it to our rules. Once added, the source of email will no longer appear in Threat/Unknown, making ongoing management of DMARC compliance easier.

You can end your introduction to dmarcian by revisiting the Source Viewer tool and discovering which sources need help with DMARC compliance. By clicking on the green-background SPF/DKIM percentages, you’ll see a popup that provides notes on how to configure the source to become compliant with DMARC.

Once your sources of email are >98% compliant with DMARC, you’ll be ready to publish a more stringent DMARC policy.