On Thu, 4 Feb 2021, Jeff Abrahamson wrote:
2(a) I get lots of dmarc reports. After looking at a few, I started
pushing them to a special dmarc mailbox where I don't have to see
them. Is there any sense in which these are actionable ? Should I
occasionally look at them or set a machine to look at them? Are there
any easy ways to look at them, say a mutt viewer? (Detach, ungzip,
and dmarc-cat doesn't scale.) Or automated tools?
The point of dmarc reports are twofold.
1) Letting admins know where their domains are being sent from.
(i.e. detecting level of spoofing and forgery)
2) Letting admins see what's happening with messages *they* send (i.e.
seeing if your stuff from your domain is being rejected, screwed up by bad
forwarders or mailing list, etc).
I'm in the process of rolling this out at the day job, and signed up for
dmarcian.com for my personal domain (which continues to qualify for the
"free" tier even after the trial.
It gives you pretty graphs and metrics and knows how to parse the
aggregate and forensic reports. There are other services, this is just
one of them (and they've contributed to the DMARC rfc's). I don't work
for them, but I've found it reasonable.
-Dan
--
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
FB: fb.com/DanielMahoneyIV
LI: linkedin.com/in/gushi
Site: http://www.gushi.org
---------------------------
