The Importance of Sources in DMARC
A “source” is what we call any company that offers its clients the ability to send emails with their own domain. This translates to any infrastructure that’s capable of “sending emails on behalf of others.” Bearing this explanation in mind, we can identify several types of sources, the most notable are:
- ESPs – offer their clients the ability to send bulk (marketing and/or transactional) emails with their own domain
- ISPs – offer the ability to receive and send emails with your own domain (business or personal communication, but not bulk messaging)
- Other services – allow you to send emails with your own domain. Those can be support/ticketing systems, payment providers, e-merchant services, etc.
Apart from listing a specific infrastructure as a “source,” dmarcian provides you with a brief overview of that source’s capabilities, links to any publicly available resources on SPF and DKIM configuration, things you should be aware of, and any generally useful information on that source. This information is available both within our application and on our public repository for source information – DMARC.IO. You can find more information about this resource here.
Why are sources important?
Sources are important for many reasons, such as the convenience of being able to view one “source” instead of 50 standalone IPs through which your domain traffic is coming. Perhaps the most important reason is having the right mechanism to properly map all the services your company is using through its domains and allowing them to be kept tight and neatly organized.
How are sources created and updated?
There’s a lot of information available in DMARC reports, all of which is useful. In order to identify a source, we need to look at the details on the sending infrastructure; in other words, we need to identify traffic as coming from a particular server/network in order to let you know “Hey! those emails are coming from Source A.” We do that through multiple mechanisms and combinations of various bits and pieces that best categorize the network of a specific source.
Due to the nature of the email ecosystem, this process isn’t perfect. When creating a specific rule to categorize a source, there are two risks:
- the rule can either be too broad and “catch” traffic that it’s not supposed to
- the rule can be too narrow and miss traffic that’s coming from the given source.
In order to avoid making either of these mistakes, we employ a multitude of mechanisms, both automated and manual.
What happens if a company suddenly starts using a whole block of new IPs with a completely different footprint than the rest of its network? That’s why we have the manual aspect of the process, which allows us to easily catch such changes and make certain our sources are kept up to date.
Your role in the process
Do you have a role in the process of source creation and maintenance? Of course, and a central one at that! Given the vastness of sources and the sheer number of companies that offer such services, the involvement of everyone along the chain is needed to ensure maximum efficiency. Your role comes into play when you
- would like to see a missing source listed within dmarcian’s application
- would like to report an update in the infrastructure of a source, whether it’s adding a new chunk to their sending infrastructure or a change in their capabilities
We strongly encourage you to do that via the dmarcian application. You can request the addition of a missing source by clicking “Source Legitimate” next to each non-listed source in the “Threat/Unknown” tab of the “Detail Viewer” in your account:
If you’d like to report an update, you can send an email to email@example.com with an explanation of how you believe the source should be updated and information that would help the investigation.
Want to continue the conversation? Head over to the dmarcian Forum