As soon as you receive some DMARC reports from destination mail servers, you’ll start to see the dashboard populated with data.

Switch to the Sources tab to see a summary of the sending sources extracted from the DMARC reports.

DMARCwise dashboard

Everything in this page refers to the last week of activity by default. You can change the date interval through the date picker in the top right.

A the top you’ll see some stats, like the total number of emails reported through DMARC reports and the percentage of emails that passed DMARC alignment.

But the main thing you should monitor on this page is the categorized sources.

DMARCwise will try to group sending sources in three groups:

  • Authorized sources: these sources are at least partially DMARC compliant and are explicitly authorized to send emails from your domain, which means that SPF alignment is achieved. In detail, this group contains:
    • Sources that are fully aligned, on both SPF and DKIM. It’s normal if the percentage isn’t 100%, there’s always a small part of forwarded emails or temporary authentication errors that lower the compliance percentage.
    • Sources that are fully SPF aligned but don’t pass DKIM or DKIM alignment. If you find yourself in this situation, check that your emails are sent with a valid and aligned DKIM signature.
    • Some sources in this section may have a low SPF alignment percentage. This may be caused by your DMARC policy being too strict (look at aspf), or by a misconfiguration of the Envelope From. Learn more in Introduction to SPF.
    • We also have some rules to move to this section some sources that are well-known to not support SPF alignment. These are clearly identified as such in the dashboard. Some prominent examples are Mailchimp and Brevo.
  • Forwarded/unaligned sources: usually, these sources are mail servers that forwarded your emails. Since detection of forwarding cannot be done reliably, you may also find sources that are legitimate but not SPF aligned in this section. More in detail:
    • You may identify forwarded sources by their low volume of emails, and by the fact that they are fully or mostly DKIM aligned. In fact, DKIM alignment usually survives forwarding, while SPF fails.
    • Some sources might not be configured for SPF alignment (often called “custom Return-Path” by email service providers). You may find these sources in this section. To fix this issue, you should check if your provider is capable of SPF alignment.
    • Find more tips on SPF alignment issues in Fixing SPF alignment issues.
  • Non-compliant sources: messages that fail DMARC alignment end up in this section.
    • If you recognize sources that belong to your organization in this section, you should identify the authentication issues as soon as possible and fix them. Running a diagnosis might help identifying the issues.
    • Sources that you don’t recognize in this section are likely spoofed email or forwarded emails that failed alignment. If these emails are more than a few, it means it’s especially helpful in your case to have a stricter DMARC policy.

In the sources page you have two further options to help troubleshooting:

  • Clicking the Show IPs checkbox will show, for each source, the IP addresses from which the reported emails were sent. This can be useful to identify one misbehaving mail server.
  • Clicking on a row in the sources tables will lead you to a more detailed view where you’ll be able to see in more detail why SPF, SPF alignment, DKIM or DKIM alignment failed for that source, with specific domain names associated to SPF and DKIM signatures.

If you need help understanding what’s going on with your DMARC setup, all paid plans include DMARC technical support. Feel free to contact us.