Note
"DMARC Monitor" is a function for Pro pran. To use this function, please subscribe to the Pro plan.
Summary report of DMARC Monitor
This summary report displays the aggregate values of DMARC reports for the specified period. For each purpose, aggregate values can be viewed in the "Authentication Result", "Legitimate IP", and "Illegitimate IP" tabs.
Specify the sender domain and the aggregate start/end dates before click the Search button. You can specify a range of up to 40 days for the aggregation period.
Note
DMARC authentication will be started from the delivered mail after "Confirm DNS" is performed and "DNS-registered" on Customers Mail Cloud . Reported values are updated in real time.
The response of the report email depends on the behavior of the email receiving server. Please allow a period of 2-3 days after adding a new DMARC setting before checking the report.
Authentication result
The authentication result report displays the DMARC reports received during the specified period, aggregated by reporting party (e.g., ISP).
To search for an ISP name by a partial match, enter ISP name and click the Search button.
The authentication results are displayed in a tabular format with the following items
| Item | Description |
|---|---|
| ISP name | Displays the name of the reporter of the DMARC report. |
| Processed | Represents the total number of processed mail in DMARC reports reported by ISP. |
| DKIM authentication | It represents the percentage of the number of email successfully authenticated by DMARC's DKIM authentication out of the number of processed email. |
| SPF authentication | It represents the percentage of the number of email successfully authenticated by DMARC's SPF authentication out of the number of processed email. |
| Spoofing | It represents the percentage of the number of email that failed both DMARC DKIM and SPF authentication out of the total number of processed email. |
Legitimate IP
Outgoing IP addresses authenticated to both or either of DMARC's DKIM and SPF authentication are displayed for each source IP address.
Emails sent from IP addresses in this list will be received normally even if "quarantine" or "reject" is declared in the DMARC policy.
For legitimate IP addresses, the following items are displayed in tabular form
| Item | Description |
|---|---|
| IP address | Displays the IP address of the server from which the mail is sent. |
| Host name | Displays the hostname reverse-engineered from this IP address. |
| Processed | Displays the total number of emails sent from this IP address that successfully passed DMARC's DKIM and SPF authentication, or both. |
| DKIM authentication | It represents the percentage of the number of email successfully authenticated by DMARC's DKIM authentication out of the number of processed email. |
| SPF authentication | It represents the percentage of the number of email successfully authenticated by DMARC's SPF authentication out of the number of processed email. |
You can specify ISPs and the authentication results to filter the data displayed in the list. The conditions that can be specified for authentication results are as follows.
| Item | Description |
|---|---|
| Select authentication result | Displays IP addresses that have authenticated both or either DKIM or SPF authentication. |
| Authentication success | Displays IP addresses where both DKIM and SPF authentication are 100%. |
| Authentication fail | Displays IP addresses for which both or either DKIM or SPF authentication is not 100%. |
Illegitimate IP
This Displays IP addresses sending mail that failed both DMARC DKIM and SPF authentication.
This list shows the IP address of the mail server that is sending the mail deemed to be spoofed. If the IP address of the correct server is on the list, the DKIM or SPF settings for that server may not be configured or may be incorrect.
| Item | Description |
|---|---|
| IP address | Displays the IP address of the server from which the mail is sent. |
| Host name | Displays the hostname reverse-engineered from this IP address. |
| Processed | Displays the total number of email sent from this IP address that successfully passed DMARC's DKIM and SPF authentication, or both. |
| Return-Path | Displays the domain of the Envelope From address used to send mail from this IP address. |
Refer WHOIS information
Click the WHOIS button in the list to retrieve and display the WHOIS information for the target IP address.
By referring to the WHOIS information, you can identify the mail server that is sending the spoofed email.
