SupermanTB
asked on
Understanding DMARC Reports
I'm looking for an expert to help me understand DMARC reports. I believe I understand the concepts of DMARC, DKIM, etc. and have set everything up properly. I'm receiving the DMARC reports and have also setup a free DMARCIAN account. I've been review the data in there and between that interface and looking at the XML reports in Excel, I'm just not putting it all together. Ideally, I'm looking to hire an expert that can get on the phone with me to help me understand these reports and answer some questions I have. I have a very good understanding of email, DNS, etc. but just can't figure out these reports. Someone that understands DMARCs very well would be a great fit for this.
thank you!
thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Steps....
1) Setup DMARC to report only. In the beginning setting DMARC to anything else will likely not have expected results.
2) Read your daily DMARC email reports.
3) Refine your SPF + DKIM infrastructure till no daily DMARC email reports arrive.
4) After a few weeks of no DMARC email reports arriving, then increase mode to strict.
5) Each time you add a new email sending source, likely best to drop DMARC policy back to none for a day, to ensure all's well. If no DMARC reports arrive next day, increase back to strict.
As I mentioned above...
Sometimes weeks or months of warmup are required to achieve high deliverability.
Email Deliverability is a marathon, rather than a sprint.
1) Setup DMARC to report only. In the beginning setting DMARC to anything else will likely not have expected results.
2) Read your daily DMARC email reports.
3) Refine your SPF + DKIM infrastructure till no daily DMARC email reports arrive.
4) After a few weeks of no DMARC email reports arriving, then increase mode to strict.
5) Each time you add a new email sending source, likely best to drop DMARC policy back to none for a day, to ensure all's well. If no DMARC reports arrive next day, increase back to strict.
As I mentioned above...
Email Deliverability is very complex. Best to hire an email consultant for assistance if you're new to deliverability optimization.
Sometimes weeks or months of warmup are required to achieve high deliverability.
Email Deliverability is a marathon, rather than a sprint.
ASKER
Thanks very much for you all's help. David, you mention hiring an email consultant. Do you know of any by chance?
p=none is actually meant to be used for testing. It's supposed to give you time to make adjustments to your dkim and spf records (as needed). Once you're comfortable with the deliverability reports, the next step is to set (p) to either reject or quarantine. (sp=) isn't really needed unless you want subdomains handled differently. If (sp=) isn't present, the (p=) policy is applied
If you plan on using p=none permanently, then there's really no benefit (or point for that matter) in setting one up
I personally use p=reject with no problems, and have customers that are currently using quarantine but are close to being ready to switch to reject
If something new gets added (a mailing list, etc) then the policies get temporarily switched to p=none for a few weeks to work out any kinks.
It's not really that difficult
But this is all wandering off track
What questions do you have? We can't answer them if you keep them to yourself :)