DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a tool that helps protect email domains from being used for spam or phishing. One of the key parts of DMARC is the feedback it provides to domain owners in the form of failure reports. But what is the format of these reports? Here’s a simple explanation.

What’s in a Failure Report?

A DMARC failure report includes several fields in its header. Here’s what each field means:

  • Identity-Alignment (REQUIRED): This field contains a list of authentication methods that produced an aligned identity. If none did, it contains the word “none”. The authentication methods could be “dkim” or “spf”.
  • Delivery-Result (OPTIONAL): This field might be included, but it’s not required.
  • DKIM-Domain, DKIM-Identity, DKIM-Selector (REQUIRED if the message was signed by DKIM): These fields are required if the message was signed using a method called DKIM.
  • DKIM-Canonicalized-Header, DKIM-Canonicalized-Body (OPTIONAL if the message was signed by DKIM): These fields might be included if the message was signed using DKIM, but they’re not required.
  • SPF-DNS (REQUIRED): This field is always required.

What’s the “Identity-Alignment” Field?

The “Identity-Alignment” field is a list of authentication methods that produced an aligned identity. An aligned identity means that the domain in the email header matches the domain in the DKIM signature or the domain in the return-path (for SPF).

The field can contain the names of the authentication methods, separated by commas. Or, if no methods produced an aligned identity, it contains the word “none”.

For example, if both DKIM and SPF produced an aligned identity, the field might look like this:

Identity-Alignment: dkim, spf

If neither method produced an aligned identity, the field would look like this:

Identity-Alignment: none

What’s the “Authentication Failure Type”?

The “Authentication Failure Type” is a term used when a failure report is generated because some or all of the authentication methods failed to produce aligned identifiers. In this case, the failure type is “dmarc”.

Remember, this is a simplified explanation. In reality, creating and sending DMARC failure reports involves a lot of complex processes and technologies. But hopefully, this gives you a basic understanding of how it works.

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *