Identifying Sources, Forwards and Threats
The single most important feature of the dmarcian application is its ability to help domain owners understand who is sending email on their behalf. Our application receives raw DMARC data and turns it into readable, actionable information. Over the last decade, dmarcian has categorized over 2,500 email sending sources and their capabilities. An email source is placed into one of four high-level categories, as follows:
- DMARC Capable
- Non-DMARC Capable
- Forwarders
- Threat/Unknown
DMARC Capable is the most common of all categories. These sources can be configured to send DMARC-compliant email; more often than not, they represent the majority of your legitimate email sending sources. As a reminder, in order for a message to be considered DMARC compliant, either SPF or DKIM must align. Your alignment and DMARC-compliant scores are shown in the table just below.
Non-DMARC Capable sources are quite uncommon these days. Email sources in this category do not support custom SPF or DKIM configurations necessary to become DMARC compliant. If you send any legitimate email over a Non-DMARC Capable source, it’s likely to experience delivery issues upon reaching either an enforcement policy of quarantine or reject. Consider moving these email volumes to a DMARC-Capable source or reach out to the Non-DMARC Capable source support team to see if they have any guidance for you.
Forwarders represent indirect email flows, where your original email is accepted and then relayed to a different destination. It’s quite common to have a portion of your email sending volume categorized as forwarded. This is a natural occurrence of sending email at scale, and it’s important to understand that you do not have any direct control over these sources. Your DMARC Compliance rate will be calculated as the DKIM survival rate. If you are not DKIM signing your original message, there will be no DKIM signing to preserve. SPF alignment does not come into play with forwarded email traffic because SPF does not survive forwarding. Though the DMARC standard requires either SPF or DKIM to align, dmarcian recommends DKIM signing wherever it is supported.
Threat/Unknown sources most often represent outright abuse. There are some cases of legitimate email falling into this category simply because dmarcian has not yet identified the source. One thing all sources in the category have in common is that they all fail DMARC. For any legitimate email sources that have been categorized here, you must still have either SPF or DKIM configured to pass DMARC. When that step is completed, these volumes will move to the DMARC-Capable tab.