The Authentication Report provides data on authentication success for each email-sending service. It helps you to focus on senders that might be operating without authorization, or have issues authenticating emails.
TABLE OF CONTENTS
- How do I open the Authentication Report for my domain?
- What is inside the Authentication Report?
- How can I use the data in the Authentication Report?
How do I open the Authentication Report for my domain?
1. Go to app.valimail.com and log into your Align account.
2. Click on DOMAINS on the left side of the page.
3. Click the View button under the Report column in the domains list.
The View button is not visible if we do not receive DMARC reports for a particular domain.
What is inside the Authentication Report?
The Authentication Report can be broken down into 4 sections, each providing insight into who is sending emails on your domain's behalf and whether those emails are authenticated and aligned. The 4 sections of the report are:
1. Authentication Chart.
2. Services view.
3. Internal Sources.
4. Unidentified Senders
Authentication Chart
1. Number of emails passing and failing, DMARC, SPF, and DKIM alignment for the period selected.
2. Email disposition. This section shows how many emails were delivered, quarantined, or rejected. You can select or deselect each category by clicking the respective colored button to adjust the chart. For example, you can deselect the Delivered category in order to focus on the Quarantined and Rejected categories.
3. Date picker. Select the day or the period for which you want to see the DMARC reports.
4. Daily volume of emails passing and failing. Hover over each day to see the respective numbers.
Services view
Below the chart, you will find the services based view, that provides visibility into which services are sending emails on your domain's behalf and the overall DMARC, SPF, and DKIM pass rates for your domain.
1. DMARC Authentication. This section shows the number and the percentage of emails passing DMARC, SPF, and DKIM, as well as the number and percentage of emails failing DMARC. The DMARC Override shows the number of emails accepted by receivers regardless of the result of the DMARC check. When a sending IP, domain, or email address is added by the receiver to their Allow list, the DMARC result will not be taken into consideration by their email gateway and the email will be delivered to its intended recipient.
2. The list of sending services is broken down into 3 columns. The Mostly Passing column lists services that have a DMARC pass rate above 95%, Partially Passing below 95% and Mostly Failing below 50% DMARC pass rate.
3. Each service will show the number and percentage of emails passing and failing DMARC.
For a more granular view, click on each service to view its DMARC, SPF, and DKIM pass rates.
Internal Sources
This section is found in the bottom left corner of the Authentication Report and is visible if:
1. There is at least one IP configured as a netblock in the domain configuration page, and there are emails sent from that IP.
2. A DKIM key record is added to the domain configuration page, but it is not associated with any known sender.
Similar to the services-based view, the Internal Souces will list all the senders with their respective pass rates and number of emails sent. For more information on the Internal Sources report, check this article.
Unidentified Senders
This category is found above the Internal Sources, and it contains the traffic from the sources where we could not determine the sending service. In most cases, traffic seen under Unidentified Senders originates from fraudulent sources, but it can also include emails sent from services that are not in our catalog or messages transmitted in a way that makes it impossible to determine their origin. You can read more about Unidentified Senders in this article.
How can I use the data in the Authentication Report?
Now that you know how to navigate through the Authentication Report, let's talk about how to use this data to identify issues with your sending services. For an email to pass DMARC, it needs to be authenticated and aligned with SPF or DKIM. The pass rates shown throughout the Authentication Report are a combination of authentication and alignment, therefore if one or the other is not set up correctly the pass rate will be affected.
Due to factors outside of your control, like forwarding and secure email gateways that break email authentication, seeing a 100% pass rate on DMARC, SPF, or DKIM is very rare. Valimail's recommendation is to have both SPF and DKIM configured if the sending service supports both authentication methods, which increases the chance of seeing a DMARC pass rate as close to 100% as possible.
If one of the sending services on your domain has a DMARC pass rate below 95%, there could be a potential issue with email authentication. Use the Authentication Report to verify the SPF and DKIM pass rates, and see if at least one of these has a pass rate that is above 95%.
Services like Salesforce and Amazon SES can send emails from more than one instance, and they will need email authentication configured individually for each instance. You can consult the knowledge base articles in our support portal for instructions on setting up email authentication for the most popular senders.
The Valimail Product Support team can also offer guidance and instructions for configuring SPF and/or DKIM for your sending services.