A day or two after a domain owner publishes the simplest monitoring-mode DMARC record in DNS, they will begin to receive reports from DMARC receivers with statistics about email sent to them using the domain owner’s domain. In other words, if you own or operate example.com and publish a DMARC record requesting reports, you will get statistics on all messages that claim to come from your domain from all DMARC receivers. So, you will suddenly be able to see how many fraudulent messages are using your domain, where they’re coming from, and whether or not they would be stopped by a DMARC “quarantine” or “reject” policy. The report from each receiver is an XML file that includes the following fields:
- Every IP address using your domain to send email
- A count of messages from each of those IP addresses
- What was done with these messages per the DMARC policy shown
- SPF results for these messages
- DKIM results for these messages
Usually, DMARC Solution’s client portal provide reports which provide a great deal of insight into the health of your message streams.