Monitor Your Traffic
As DMARC reporting data (aggregate and forensic) begins to be sent into DMARC Protection, you can begin the process of monitoring your traffic. As one customer for Agari has said, the process of being able to monitor traffic from DMARC reporting data, “Turning on Agari was like turning on the lights in a dark room.”
In most cases, it is recommended to obtain at least two weeks of data collection to achieve a meaningful data set.
With DMARC reporting data, you’ll be able to see :
- Which Senders are sending email on behalf of your domain.
- From which sending inventory (IP addresses).
- Whether those emails pass SPF and DKIM authentication checks.
But the first step is to monitor traffic for a period of time. The period of time varies with the size and complexity of your organization. For example, your organization may send receipts or order confirmation emails every single day, but it may also employ a third-party Sender to send a marketing campaign less often — while another department might send a newsletter from a different third-party Sender sporadically. You should consider that some legitimate third party email newsletters, campaigns, or other types of events can occur on a monthly, quarterly, or even annual basis, and for that reason might not be captured within an initial two week window. Most companies don’t realize how complex their email ecosystem is until they begin getting aggregate data from DMARC reporting.
The point is: you want to monitor data for a period of time so that you are confident that you have collected all third-party senders on your behalf so that you can set up authentication for all potential Senders for a domain.
Get Started with Monitoring
Go to Analyze > Email Traffic to familiarize yourself with the available reports in DMARC Protection.
The Analyze Email Traffic pages provide a list of common questions to provide you with helpful views into your email ecosystem. See Email Traffic Reports for more information about what you can see and do with these reports.
Take some time to explore all views and drill-down capabilities in these reports.
Next Steps
Do not be overwhelmed by the extensive reporting capabilities and rich granularity of the data! At this point in the process, you are merely collecting information to inform your strategy for the next phases of the project:
- Identifying a target set of domains to begin with.
- Identify sender messaging authentication requirements (SPF, DKIM) for the target set of domains.
- Work with your messaging team to set authentication on your own mail infrastructure for the target set of domains.
- Work with 3rd party senders and business units to set authentication for the target set of domains.
- Modify DNS SPF and/or DKIM records for the target set of domains.
- Observe and confirm settings.