DMARC Compliant vs Non-Compliant vs Threat/Unknown vs Forwarded tabs - What do they represent?

EasyDMARC segments DMARC Reports into four tabs to make your DMARC enforcement journey easier and more successful.

  1. DMARC Compliant: Under this tab, our system discovers and shows you all the email sources that are sending DMARC Compliant emails on your domain's behalf. These are your legitimate sources that are meeting compliance via SPF and/or DKIM authentication and alignment.
  2. DMARC Non-Compliant: This tab identifies your sending sources that are failing DMARC compliance checks. These sources are failing both SPF and DKIM authentication and alignment. You may also identify sources that you don’t use within your ecosystem. That is mostly tied with “good” sources that are eventually being used by cybercriminals to spoof your organization.
  3. Threat/Unknown: This tab identifies all the spoofing or fraudulent attempts on your domain's behalf that are being sent from Source IPs that are blacklisted in multiple RBLs (Blocklist checks) or a Source IP which doesn't resolve to a Reverse DNS (PTR). You may, at some point, discover your legitimate servers labeled under this tab, which indicates your server is either blocklisted in multiple lists or lacks Reverse DNS (PTR).
  4. Forwarded: Forwarding happens when your receiver forwards your email to another recipient. This is usually caused by Auto-Forwarding or Routing rules that are applied in major Mailbox Providers. In this case, DKIM should pass while SPF always fail. This tab can be ignored as long as you have a valid DKIM implemented on your ESP(s).