Reports Analysis Guide

Master the art of reading and interpreting your DMARC reports for actionable insights

Navigating the Reports Interface

Reports Page Overview

The Reports page is your central hub for DMARC analysis. Here's what you'll find:

Filter Controls
  • Date range selectors
  • Domain filters
  • Organization filters
  • Authentication status filters
Report List
  • Chronological report listing
  • Key metrics summary
  • Quick action buttons
  • Pagination controls

Understanding the Report List

Each row in the reports table provides essential information at a glance:

Column Information What to Look For
Date Report generation date Recent dates indicate active monitoring
Domain Your domain being reported on Verify it's a domain you actively manage
Reporter Organization that sent the report Common names: Google, Microsoft, Yahoo
Messages Total email volume in report Higher numbers indicate more activity
Pass Rate Percentage of emails that passed authentication Higher percentages are better (80%+ is good)
Actions View details, download, or share Click "View" for detailed analysis

Filtering and Searching Reports

Date Range Filtering

The system provides several convenient date range options:

Last 7 Days

Recent activity overview
Good for daily monitoring

Last 30 Days

Monthly trend analysis
Standard reporting period

Last 90 Days

Quarterly overview
Long-term trend identification

Timezone Awareness

All date filters automatically use your browser's timezone, ensuring that "Last 7 Days" means the last 7 days in your local time, not server time.

Advanced Filtering Options

Domain Filtering
  • All Domains: See reports across all monitored domains
  • Specific Domain: Focus on one domain's performance
  • Multiple Selection: Compare specific domains side-by-side
Reporter Organization Filtering
  • Major Providers: Google, Microsoft, Yahoo, etc.
  • Smaller Providers: Regional or specialized email services
  • Corporate Networks: Enterprise email systems
Authentication Status Filtering
  • All Results: Complete picture of email authentication
  • Passed Only: Focus on successful authentications
  • Failed Only: Identify potential security issues

Understanding Report Data

Key Metrics to Monitor

Positive Indicators
  • High DMARC pass rates (80%+)
  • Consistent email volumes
  • Known sending sources
  • Stable authentication patterns
Warning Signs
  • Sudden volume spikes
  • Unknown sending sources
  • High failure rates
  • Unusual geographic locations

Volume Analysis

Email volume patterns can reveal important insights:

Volume Pattern Typical Meaning Action Needed
Steady daily volume Normal business email activity Continue monitoring
Sudden spike Marketing campaign or potential spoofing Investigate source and legitimacy
Gradual increase Business growth or new email services Verify new sources are legitimate
Unexpected silence Service outage or configuration issue Check email systems and DNS

Identifying Trends and Patterns

Weekly and Monthly Patterns

Look for recurring patterns in your email traffic:

Normal Business Patterns:
  • Higher volume Monday-Friday
  • Lower volume on weekends
  • Reduced traffic during holidays
  • Monthly newsletter cycles
Concerning Patterns:
  • High weekend activity (potential spam)
  • Unusual time-of-day distributions
  • Volume from unexpected regions
  • Authentication failure clusters

Geographic Analysis

Pay attention to the geographic distribution of email sources:

  • Expected locations: Your office locations, known email services
  • Acceptable locations: Major email providers' data centers
  • Investigate further: Unexpected countries or regions
  • Red flags: Known spam-originating countries

Export and Sharing Options

Available Export Formats

CSV Export

Spreadsheet analysis
Data manipulation

PDF Report

Executive summaries
Archive records

Raw XML

Technical analysis
Custom processing

Sharing Best Practices

  • Internal teams: Share filtered views relevant to each team
  • Management: Use summary PDFs for executive reporting
  • Security teams: Focus on failed authentication reports
  • Compliance: Maintain archives of monthly reports

Advanced Analysis Techniques

Comparative Analysis

Compare different time periods to identify trends:

  1. Export data for current month
  2. Export data for previous month
  3. Compare volume, pass rates, and sources
  4. Identify significant changes
  5. Investigate causes of major variations

Source Authentication Analysis

Deep dive into authentication results by source:

  • Legitimate sources: Should consistently pass authentication
  • Third-party services: May need SPF/DKIM configuration
  • Unknown sources: Require investigation
  • Failing sources: Potential security threats

Policy Impact Assessment

Before changing DMARC policies, analyze potential impact:

  1. Identify current failure rate
  2. Categorize failing sources
  3. Determine legitimate vs. illegitimate traffic
  4. Calculate impact of policy enforcement
  5. Plan remediation for legitimate failures
Pro Tips for Effective Analysis
  1. Review reports daily during initial setup, then weekly for ongoing monitoring
  2. Set up regular export schedules for compliance and archival purposes
  3. Create a baseline of normal traffic patterns for your domains
  4. Document investigation results for future reference
  5. Use filtering to focus on specific issues or time periods
  6. Correlate DMARC data with other security monitoring tools
  7. Share insights with relevant teams to improve email security posture
Related Guides
Dashboard Overview Report Details Deep Dive Domain Management DNS Configuration
Quick Actions
View Reports Dashboard Contact Support