Views:

Monitor the DMARC authentication trends and anomalies for your domains by using the DMARC Report Analysis feature

Enable DMARC Report Analysis to send DMARC reports to Cloud Email Gateway Protection for analysis. Get easily readable analysis results to monitor trends and identify anomalies in emails sent on behalf of your managed domains.

Procedure

  1. Go to Outbound ProtectionDomain-based AuthenticationDomain-based Message Authentication, Reporting and Conformance (DMARC) Monitoring.
  2. Go to DMARC Report Analysis.
  3. Check whether your have configured DMARC records for your domains to send DMARC reports to Cloud Email Gateway Protection by clicking Reporting Configuration.
    If you haven't, you can following the on-screen instructions to update your DMARC records.
    The Cloud Email Gateway Protection address for receiving DMARC reports is as follows for each serving site:
    Serving Site
    Report Receiving Address
    North America, Latin America and Asia Pacific
    %company_identifier%@dmarcrua.tmes.trendmicro.com
    Europe and Africa
    %company_identifier%@dmarcrua.tmes.trendmicro.eu
    Australia and New Zealand
    %company_identifier%@dmarcrua.tmes-anz.trendmicro.com
    Japan
    %company_identifier%@dmarcrua.tmems-jp.trendmicro.com
    Singapore
    %company_identifier%@dmarcrua.tmes-sg.trendmicro.com
    India
    %company_identifier%@dmarcrua.tmes-in.trendmicro.com
    Middle East (UAE)
    %company_identifier%@dmarcrua.tmes-uae.trendmicro.com
    To generate a new DMARC record, you can use the built-in DMARC record generator by clicking Generate DMARC Record and following on-screen instructions.
    After your DMARC record is updated for DMARC reporting, you can click Verify to check whether the new DMARC record has taken effect.
    Note
    Note
    You need to wait because DMARC record update takes some time to propagate across DNS servers.
  4. Check the DMARC report analysis results for your domains by clicking the other tabs under DMARC Report Analysis.
    Based on received DMARC reports, Cloud Email Gateway Protection generates results to show the DMARC compliance check results and more DMARC authentication details about emails sent on behalf of your domains.
    Tab Name
    Description
    Action
    Overview
    Displays the DMARC compliance check result for each managed domain.
    Note
    Note
    • The results only show the domains whose DMARC records you have configured to send DMARC reports to Cloud Email Gateway Protection.
    • Cloud Email Gateway Protection regards an email as passing DMARC compliance checks when the email passes either SPF authentication and alignment check or DKIM authentication and alignment check.
    • Filter the results by specifying the managed domain name and time period and clicking Search.
    • View the DMARC compliance check result for a managed domain by sending source by clicking View by sending source in the Action column.
    • View more details about the DMARC compliance check by clicking View details in the Action column.
    By Sending Source
    Displays the DMARC compliance check result by sending source.
    A sending source is the email service that sends emails on behalf of a managed domain. Click the right arrow icon (sending_source_expand=20240611103829.png) next to the sending source to view the results for each host and IP address that the email service uses for sending emails.
    • Filter the results by specifying the managed domain name, sending source, and time period and clicking Search.
      Note
      Note
      • For the sending email service, type the exact domain name used by the email service or use wildcards (*) to represent any part of the name.
      • For the sending hostname, type the exact hostname or use wildcards (*) to represent any part of the name.
      • For the sending IP address, type an IP address, CIDR block, or the beginning part of an IP address.
    • View more details about the DMARC compliance check for emails from a sending source by clicking View details in the Action column.
    Details
    Displays the DMARC compliance check details, including the check result, the sending sources, the disposition of an email by the receiving server, and the SPF/DKIM authentication details.
    • Filter the results by specifying the search criteria and clicking Search.
      Note
      Note
      • For the sending email service, type the exact domain name used by the email service or use wildcards (*) to represent any part of the name.
      • For the sending hostname, type the exact hostname or use wildcards (*) to represent any part of the name.
      • For the sending IP address, type an IP address, CIDR block, or the beginning part of an IP address.
    • Select one or more queried records and click Export selected to export them to a CSV file.
    • Click Export all to export all the queried records if needed.
      If the number of records to export is large, the export task needs to take time to complete. Go to the Analysis Export Tasks tab to check the export status.
      Note
      Note
      You can export up to 1.5 million records at a time and the maximum number of times of exporting all the queried records is 10 per day, which is calculated based on the time zone UTC+00:00.
    Analysis Export Tasks
    Displays the status of DMARC compliance check details export tasks and provides an option to download the queried records.
    • View the export tasks and their statuses by time.
    • Click the name of a task under Timestamp to view the basic information and the search criteria of the task.
    • After a task is completed, click Download CSV file to download the queried DMARC compliance check records to a CSV file.