12/20/2019 1,209 People found this article helpful 454,376 Views
What is DMARC:
How to configure email security to receive DMRAC reports:
In order to receive DMRAC reports you should be having valid DKIM and SPF/TXT records created for your domain.
To Learn more visit:
To enable/utilize DMARC reporting for incoming threats on SonicWall Email Security (Version 8.0 onwards) SPF and DKIM both features should be enabled.
Configuring Inbound DMARC Settings:
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a policy that works in tandem with SPF and DKIM to fully authenticate incoming and outgoing email
messages. A DMARC policy allows a sender to indicate that his emails are protected by SPF and/or DKIM, and also tells a receiver what to do if neither of those authentication methods passes, such as junk or reject the message.
To configure DMARC settings, navigate to the Anti-Spoofing | Inbound page, and click the
Enable DMARC Policy Enforcement for incoming messages checkbox.
Note - To use DMARC, you must also have DKIM and SPF enabled.
Configure the following settings for DMARC:
Note- The RUA is the aggregated report for domains with published domain records. Reports are sent daily.
DMARC Incoming Reports:
You can configure DMARC Incoming Report settings by clicking the Add Domain button in the DMARC Incoming Reports Settings section. DMARC Incoming Reports will be collected and processed only for the domains added.
In the Add Domain window that displays, enter the following information:
Domain Enter the domain name to add for DMARC incoming reports.
Override DNS RUA Email Address Click the checkbox to override reports being sent to the RUA email address specified in the DNS record. An example from the DNS record is rua=mailto:aggrep@yourcompany.com .
RUA Email Address If you selected the Override DNS RUA Email Address, specify the RUA Email Address to which the reports are being sent.
Note - The RUA is the aggregated report for domains with published domain records. Reports are sent daily.
DMARC Reporting:
The following report types are available in the DMARC Reports section of the Email Security management interface: DMARC Reports and Configure Known Networks.
DMARC Reports:
When the Email Security Mail Server plays the role as email sender and RUA receiver, it extracts and aggregates daily RUA files from the email receiver and from RUA providers, such as Google, Yahoo, etc. The DMARC Reporting Scheduler then imports the RUA files hourly into its database.
Based on date range and data filter, you can obtain five different types of reports: One report is graphic chart. The other four are tabulated reports.
The Reports include:
All five reports are able to be rendered in HTML format and downloadable PDF file. (HTML reports allow you to mouse over 'Alignment' value to see alignment reason description.)
SonicWall recommends that the administrator enters the IP addresses of 'my server' on the 'Configure Known Networks' page before users (admin or manager role) view DMARC Reports because it retrieves reports data associated with those IP addresses by default.
Select Date Range:
Last x days Click the radio button for Last and select from the drop-down list of values. Last x days means the number of day(s) before the latest date of imported data.
Start Date and End Date Click the radio button to specify the dates. If no RUA data is in the database, the pop-up calendar displays the current date. If RUA data exists in the database, the calendar dates before the minimum date and after the maximum date display. Only data available on those available dates can be selected.
Set Filter:
Reports will be shown in a window below the 'Set Filters' section.
For the statistic report, it will display either horizontally or vertically, depending on the date range. If days of selected date range are less than 15 days, three (3) bar charts will be
horizontally display. If the date range is greater than 15 days, the bar charts will vertically display. For tabulated reports, scrolling the mouse over the 'Alignment' value displays the
Alignment Reason. For example, if the 'Alignment' is 'No', moving the mouse over this 'No' makes the Title Box show: "No DKIM and SPF is passed, On SPF Relaxed, SPF Organization
Domain(sina.com) Not Matched From Header Domain(SonicWall.com)" This message will be useful for DMARC troubleshooting.
Download PDF Report???Click the button to download a PDF report once the HTML report is generated. The PDF report name includes the Report Name and a time stamp.
Configure Known Networks:
There are two types of Known Networks you can configure: My Servers and External Trusted Servers.
My Servers:
External trusted servers:
This is the list of IP addresses of company-trusted external servers and customers, labelled as 'external trusted servers.'
Note that this is not a default condition. When setting the filter to generate a DMARC report, you can select External trusted servers from the Known Network group. Using include or exclude, you can select which IP addresses to view for the filter.
??? Add???Add a new server group and its respective IP addresses. You can add either 'My servers' or 'External trusted servers.'
??? Edit???Edit the Server Group label and its respective IP addresses.
??? Delete???Delete the Server Group label and its respective IP addresses.
Example of DMARC reports: