Regarding the Use of CMC Domain Protection
To use CMC Domain Protection, purchasing the CMC Domain Protection plan is required.
DMARC Dashboard
This document explains the DMARC dashboard of CMC Domain Protection and how to interpret it. The DMARC dashboard visualizes the statistics of DMARC reports received by CMC Domain Protection and provides important information to understand the authentication status of emails sent from your domain and the effectiveness of measures against "spoofed emails".
The main information you can check on the dashboard screen is as follows:
Search Function
In the search area at the top of the dashboard, you can narrow down the displayed statistics. You can specify the following conditions:
-
Organizational Domain: Select the organizational domain you want to monitor. DMARC is declared for organizational domains, so it is used to understand the situation of the entire organization.
-
Header-from Domain: Select the domain listed in the From header of the sent email. Use this when you want to narrow down the analysis to a specific From address domain.
-
Coverage period: Select the period for which you want to collect DMARC reports.
After selecting the filtering criteria, click the "Search" button to display the corresponding DMARC report statistics on the dashboard.
Top of the dashboard (summary information, statistical pie chart, daily trend bar chart)
The top of the dashboard displays summary information, statistical pie charts, and daily trend bar charts based on the selected search criteria.
The daily trend bar graph shows the daily trend of email volume during the target period. By placing the cursor over each bar graph, you can view detailed numerical information for that day.
Each bar in the graph represents the total number of emails processed on that day, and is color-coded to represent the following:
| Item | Description |
|---|---|
| Process Count | This represents the total number of processed emails listed in DMARC reports received during the period covered. |
| DMARC Pass | This indicates the percentage of emails that passed DMARC authentication. |
| DKIM & SPF Pass | This indicates the percentage of emails that passed both DMARC DKIM authentication and SPF authentication. |
| DKIM Pass Only | This represents the percentage of emails that were successfully authenticated by DMARC's DKIM authentication alone. DMARC evaluation requires that the DKIM signature is aligned (matched or related) to the Header-from Domain. |
| SPF Pass Only | This represents the percentage of emails that passed only DMARC SPF authentication. DMARC evaluation requires that the SPF-authenticated envelope From domain is aligned (matched or related) to Header-from Domain. |
| Forwarded | This indicates the percentage of emails that failed DMARC authentication and were determined to be forwarded. If an email is identified as "forwarded" in the DMARC report, it suggests that it is highly likely that the email was not simply "spoofed" but was delivered through a legitimate process. |
| DMARC Fail | This represents the percentage of emails that failed DMARC authentication and were determined not to be forwarded. |
Bottom of the dashboard (Statistics by Header-from Domain)
The bottom of the dashboard displays a detailed table of each Header-from Domain, aggregated based on the search criteria you selected.
Note
If the value is greater than "0" percent and less than "1" percent, it is displayed as "< 1%."
| Item | Description |
|---|---|
| Header-from Domain | Represents the From domain in the outgoing email header. This also includes cases where the From header was used in a spoofed email. |
| Count | The total number of emails processed during the period covered. |
| DKIM&SPF alignment Pass | This indicates the percentage of emails that passed both DMARC DKIM authentication and SPF authentication. |
| DKIM alignment Pass | This shows the percentage of emails that passed DMARC DKIM authentication. For DMARC evaluation, the DKIM signature must be aligned (matched or in a parent-child relationship) with Header-from Domain. |
| SPF alignment Pass | This represents the percentage of emails that passed DMARC SPF authentication. For DMARC evaluation, the SPF-authenticated envelope From domain must be aligned (match or correlate) with Header-from Domain. |
| Forwarded | Of the messages, DMARC authentication failed andThis indicates the percentage of emails that were determined to be forwarded.Being identified as a "forward" in the DMARC report suggests that the email is more likely to have been delivered through a legitimate process and not simply "spoofed." |
| DMARC Fail | This represents the percentage of emails that failed DMARC authentication and were determined not to be forwarded. |
| Policy (PCT) | The DMARC record of the From header is obtained from DNS, and the published policy (none, quarantine, reject) and enforcement rate (pct) are displayed. The enforcement rate indicates the percentage of emails that apply the DMARC policy. |
Download function
By clicking the "Download" button in the upper right corner of the dashboard, you can download the currently displayed data (data narrowed down by search criteria) as a CSV file.
The downloaded CSV file will contain the following header columns:
| Header Column Name | Screen Items |
|---|---|
| Header From | Header-from Domain |
| Message Count | Message Count |
| DMARC: DKIM/SPF Pass Rate | DKIM&SPF alignment Pass |
| DKIM Pass (Only) Rate | DKIM alignment Pass |
| SPF Pass (Only) Rate | SPF alignment Pass |
| Forwarded Rate | Forwarded |
| DMARC Fail Rate | DMARC Fail |
| Published Policy | Policy |
| Published PCT | PCT |
By using the DMARC dashboard, you can get information on the following:
-
The domain used in the Header-from address of the email
The DMARC report shows all the From domains in the email header used for email delivery during the collection period. To improve the DMARC policy, we first determine whether the domains displayed in this list are legitimate email sending domains or domains used for unintentional "spoofed emails."
-
Authentication status of emails using your company's domain as theHeader-from address (DMARC success rate, DKIM/SPF success rate breakdown)
Check how to successfully authenticate legitimate emails from your company's domain. If the success rate is low, it may be because there is an issue with your DKIM or SPF settings, or your domain is being used for "spoofing."If you wish, you can also use our optional paid advisory service to identify the source of the email and receive advice on how to respond.In the early stages, it is important to set your DMARC policy to p=none and use this information to identify and remediate the cause of authentication errors.
-
Percentage of emails that fail DMARC authentication and trends
If you have a high rate of DMARC authentication failures,This suggests that the email may be a spoofed email or that the sender may be a legitimate one but email authentication may not have been performed.Raising your policy to quarantine or reject will likely help keep these emails out of your recipients' inboxes, but you should be cautious when doing so and monitor daily to make sure your legitimate emails aren't being flagged as false positives.
-
Number of emails sent and authentication status for each Header-from domain
Identify domains with high sending volumes and low authentication success rates.MeasuresThis provides information for determining priorities. For example, if the authentication rate of a large number of legitimate domains is low, it is necessary to immediately improve the settings. Also, if sending from an unfamiliar From domain is confirmed, it can be determined that there is a high possibility that it is "spoofing."
-
Check your domain’s DMARC publishing policy
You can check whether the configured DMARC record is published correctly in DNS and whether the policy and enforcement rate are as intended. It is important to always check the current settings as you gradually increase the policy. For example, if you change from p=none to p=quarantine, check the dashboard to make sure the published policy is updated correctly.
It is recommended that you upgrade your DMARC policy in stages, starting with p=none, then monitoring authentication status via the dashboard and reports, moving to p=quarantine, and finally to p=reject. During this process, the DMARC dashboard is an essential tool for understanding the current situation, identifying issues, measuring the effectiveness of measures, and determining next steps.