Understanding DMARC reports

DMARC reports may seem difficult to understand at first, but with the right help can be handy for your business.

If you’ve followed the recent changes Google and Yahoo made to email, you may have set up a DMARC record.

The DMARC record allows you to set a policy to get reports of emails failing to follow the rules you have set in your other email authentication and verification records, known as SPF and DKIM.

Understanding a DMARC email report, however, is complicated, so we’ll break it down for you and some free and paid tools you can use.

What is DMARC, SPF and DKIM?

You can see a more detailed review of these here, but for a quick snapshot, see below:

• DMARC (Domain-based Message Authentication, Reporting & Conformance): A security protocol that uses SPF and DKIM to determine the authenticity of an email, ensuring it hasn’t been tampered with, and provides instructions on how to handle unauthorised use of your domain.
• SPF (Sender Policy Framework): A security measure that specifies which mail servers are allowed to send email on behalf of your domain, helping to prevent misuse.
• DKIM (DomainKeys Identified Mail): A verification method that attaches a digital signature to emails, allowing the recipient to verify that the sender is legitimate and somebody did not alter the email.

What are DMARC reports?

Email providers send DMARC reports to you so you can check on how your email is going with the rules you provided based on your SPF and DKIM records.

This is very important if your email record policy is set to quarantine or reject, meaning the emails may not get delivered.

The reports are helpful for:

• When you send a large number of emails per month,
• Your brand is well-established or known.
• Run an online store or business where emails are a common occurrence.
• You have a higher-risk category business prone to scams, or your audience is less likely to detect scam messages.
• Curious to make sure your SPF and DKIM are working.
• Your DMARC is subject to the quarantine or reject policy.

How to enable a DMARC email report

When setting up a DMARC record, your DMARC record can set up a RUA tag policy (Reporting URI for Aggregate). The rua tag defines where aggregate DMARC reports should be emailed to. 

You can add multiple emails by adding a comma and the next rua=mailto:email@domain.au,mailto:email2@domain.au, etc.

DMARC policies for email delivery

There are three different rules for DMARC policy:

• None/monitor: email is delivered regardless of your rules in SPF and DKIM records.
• Quarantine: any unmatching or failed emails fall into a separate folder, such as a spam folder.
• Reject: any unmatching or failed emails are blocked, so they will not be sent to a user.

To protect who can send emails that appear from your domain (web address), you can start using the “p=quarantine” policy.

The “p=reject policy is the most strict.

Rejecting emails altogether is a risk and should be used with caution. It’s best suited for more prominent brands and sensitive organisations such as healthcare.

Be mindful that when you change or add new technology, such as a new content management system (CMS) for your website, an email marketing program or a third-party tool, you may need to adjust the email records to allow them to send email from your domain.

How to check your DMARC record

You can check your record using this free EasyDMARC checker tool.

Note even if you have an email that specifies the reports delivery address, the site still displays an error message saying it’s missing.

EasyDMARC reporting is a feature of the tool itself and is not to be confused with the email report.

Keep reading this guide on our website from "How to create or edit a DMARC record" heading.