Sendmarc provides a Threats dashboard that will allow you to see Threats across IPs for a specific domain in your account using DMARC reporting data
Threats Dashboard
The threats dashboard is a view of the reputation statistics of your domain's ips that have sent emails, this dashboard is designed to show your overall reputation across all the ips in your DMARC data.
Time Periods in Sendmarc default to 7 days, you have full control over the selected time period by using the date box selector in the top right-hand corner.
You can select the domain whose data you want to look at in the top right-hand corner.
Click this dropdown to view additional domains in this account.
You can change your current active dashboard by selecting the required dashboard in the top action bar.
Quick Insight Cards
Threat Sources
The threat sources card will show you the overall threat status across the IPs of all email-sending sources on this domain.
The doughnut chart will show you the different threat levels across all the IPs sending emails as your domain.
Threat Volume
The threat volume card will show you the overall number of emails that came from IPs that have a threat level assigned to them.
The chart will show you graphs with the amount of emails sent on a specific day that has a threat level associated to it.
Volume By Threat
The volume by threat card will show you the overall number of IPs that are correlated to specific threats. This view will show you the top threat seen on your account.
The doughnut chart will show you the makeup of the most prevalent threats.
Detailed Insight Cards
Threat Sources
This threat sources view will show you in great detail how many email-sending sources have a threat level assigned to them over the time period of data we are looking at. This view can be expected to go over many pages.
This view is where additional analysis and interpretation about the threat levels of emails will be completed.
Threat Sources & Authentication Legend
You will have a legend displaying the meaning of the colours in the bar graphs showing authentication status.
Source Overview
On the Sources page, you will see many unique sending sources grouped by name, these values are by default filtered to show the top sending sources from the most amount of mail volume to the least amount of mail volume sent over the data period.
There are multiple headings above each value:
- Source
- This will contain the name of the source and its categorisation of what type of email-sending system it may be.
- High Threat Level
- This view will show you how many high level threats were detected on this specific source.
- Medium Threat Level
- This view will show you how many medium level threats were detected on this specific source.
- Blacklistings
- This view will show you how many blacklists are applied to this specific source.
- Volume
- The amount of blacklisted emails this source has sent over the data period.
- Compliance
- The overall DMARC compliance ratio of the emails on this source.
Source Details
You can expand each source to view the IP addresses and the Hostnames of the servers that sent these emails.
This displays additional information in the header columns:
- IP Address
- The IP Address of the server that sent this email.
- This will also show the country flag of the country that this IP address is located in.
- Host
- The hostname of the server that sent this email.
- Threat Level
- The type of threat that was detected on this source.
- Threat Types
- This can show you additional information about the type of attacks this IP address might be involved in.
- Volume
- The amount of emails from this specific server has sent that has been blacklisted.
- Passing
- The amount of emails from this server that passed either SPF or DKIM authentication.
- Forwards
- The amount of emails from this server that were forwarded.
- Overridden
- The amount of emails from this server that had an override policy applied to the email.
- Failing
- The number of emails that failed DMARC authentication.
- Blocked
- The number of emails from this server that were blocked.
Detailed Source Overview
You can expand the data even further by clicking the IP Address. This will open a menu with more detailed contextual information about this specific IP Address and host.
This menu has multiple headers looking at various pieces of information.
Overview
The overview page has general information about this specific sending IP and host server.
- ISP (Internet Service Provider)
- Host
- Country
- Group
- This is what Sendmarc has source grouped this specific senders service as.
- Organisation
- Volume
- Compliance Ratio
- Deliverability Ratio
- Blacklists
- Threat Level
Reporters
The reporter's section tells us who sent us these DMARC reports.
This menu has multiple headers looking at various pieces of information.
- Volume
- Reporter
- The company or infrastructure that sent us these DMARC reports.
- % of Total
- The percentage total that these amounts of DMARC reports make up.
- Compliance
On the Reporters section if you hover over the 3 dots on the right-hand side you can see additional information such as:
- Envelope To
- Envelope From
- Header From
The amount of information you will see in these sections depends on the quality of the DMARC reports we are receiving, Microsoft Outlook and Microsoft Enterprise Outlook will show the most information where a reporter such as Google will only show the header from domain.
Results Summary
The results summary page shows us the alignment and authentication details of these senders unique to this specific IP address.
This menu has multiple headers looking at various pieces of information.
- Volume
- DKIM Result
- DKIM pass or failure.
- DKIM Alignment.
- DKIM Signing domain.
- SPF Result
- SPF pass or failure.
- SPF Alignment.
- SPF Return Path domain.
- DMARC Result
- Published Policy
- What was the DMARC policy active when this mail was validated.
- Policy Applied
- What policy applied to this email.
- This is dependent on the published policy and the authentication results.
SPF Results
The results summary page shows us the SPF alignment and authentication details of these senders unique to this specific IP address.
This menu has multiple headers looking at various pieces of information.
- Volume
- Return -Path Domain
- Alignment
- SPF Result
- DMARC via SPF
- Was DMARC via SPF achieved?
DKIM Results
The results summary page shows us the DKIM alignment and authentication details of these senders unique to this specific IP address.
This menu has multiple headers looking at various pieces of information.
- Volume
- Signing Domain
- Selector
- The specific selector key used to sign this specific email.
- Alignment
- DKIM Result
- DMARC via DKIM
- Was DMARC via DKIM achieved.
Overrides
Were any overrides applied to these emails, such as ARC (Authenticated Receivers-Chain)
This menu has multiple headers looking at various pieces of information.
- Volume
- Reporter
- DMARC Result
- Published Policy
- Policy Applied
- Override Type
- Comment
- This is where you can see any ARC comments that would be present in the headers of this email, such as ARC=FAIL or ARC=PASS.
Timeline
The timeline will show you your threat level mail volumes across the selected time period of the data that we are looking at.
Source Countries
The source countries card will show you the top 5 sending countries that are sending emails across all of your domains with a world map showing where the countries are located.
Need Help?
support@sendmarc.com is standing by to assist!