Skip to main content

DMARC: Viewing Activity Reports

Comments

5 comments

  • cPRex Jurassic Moderator

    Hey there!  Since the reports are configured to go to an email address, I'm not sure how cPanel would be involved in that process.  It would be best to use a third-party tool if you have one available.

    0
  • mtindor

    I agree with Rex - use a third party DMARC analyzing company.   There are probably 6-12 very popular ones.

    My rant:  too bad no companies really send forensic reports any longer (all about privacy BS).   The forensic reporting in DMARC is what is the most help.  Without forensic reports, none of these companies can give you or me or anyone the "total view" that they are looking for.   But they certainly give you a better than you can get by manually collecting XML files via email.

    0
  • lmstearn

    Thanks, so if the email is the only way this info is disseminated, for user convenience the DMARC analyzers would want to have control of a dedicated mailbox for that purpose.

    There are  open source solutions like parsedmarc, and a few at github for example offering scripts with considerable scope, Currently badgering the client for such functionality, not sure if it will be greeted quite with open arms. :)

    0
  • mtindor

    Yes, DMARC reports are sent via email, to addresses specified in the DMARC record.   Not all mail providers send DMARC reports.  In fact, the vast majority do not.   Really only the "big guys" do, with some exceptions.   Microsoft, AOL, Yahoo, Gmail, Comcast, etc.    If you use a third-party DMARC analyzing company (valimail.com as an example), then they will tell you the email address to set.  Otherwise, if you want to try and do it yourself with opensource products, you would direct the DMARC records to go to some mailbox that you own/control and use only for that purpose.  And then when you set up your software to parse the data, it would get that data from the messages in the dedicated mailbox that you set up to receive the reports.

    On a rant again:   Although the typical DMARC reports are useful, to know if your emails are passing SPF / DKIM / DMARC and are going into the Inbox or Spam Folder or being rejected by the few "big guys", the fact that nearly no company sends out forensic reports limits its usefulness to me.   The forensic reports used to contain parts of the actual emails that failed authentication.   You could easily see if it failed authentication because it was actually a spam / phishing / unwanted email versus it failing authentication because it was a legit email without proper SPF / DKIM set.   But alas, the world is so "touchy" about privacy that "the big guys" and most any other company that send DMARC reports do not produce/send forensic reports.   So, for instance, all I end up knowing is that a server of mine send/forwarded some emails that did not pass DMARC, and you might know the domains involved, but you really have no easy way to tell exactly _why_ the damned things failed.   Sure, the DMARC emails will say it failed SPF, or DKIM, or wasn't aligned.   But unless you are looking at the message source of an email itself (which you would see in a forensic report) you are left to believe whatever the DMARC compliance company produces as data.

     

     

    1
  • lmstearn

    mtindor: thanks for the heads up. :)

    0

Please sign in to leave a comment.