Open sirio81 opened 6 years ago
Thanks for you comment. Your use case sounds very reasonable and you should be able to create such a view using the view editor:
Create View
View Management
tab and click on the Add View
button.world map
and time line chart
checkboxesincoming
(default)mm/dd/yyyy
to mm/dd/yyyy
, or a dynamic range, e.g. last 5 months
. (Hint: to see the date of the first report in your database go to the Overview
page)Add Filter Set
button and assign it a Label
fail
option in the Aligned SPF Result(s)
select box.Save and show View
Analyze
The table will show you all the aggregated DMARC report records pertaining to your domains that failed DMARC SPF evaluation. Each table row shows the things you are interested in (sender server IP, message count, country code, ...). If you can't see all the information you need to click on the +
sign in the left-most table cells, or, alternatively you can use a wider monitor or reduce the font size. Currently, the tool does not perform any extra aggregation. But you can sort by sender IP
addresses to find out which servers send mail on your behalf.
You can also export the table to a handy csv document (see Export Table as CSV
button) and then use a program like Excel or the like to perform further aggregation. To get your distinct sender IP addresses, a bash oneliner might also do the trick.
Let me know if you have further questions.
Hi, first of all I'm not a developer so I'm giving a non code specific suggestion. The main thing I wish to know from all the dmarc reports I receive, is a list of domain which fail. For each domain, I would like to have a list of ip/name of the servers sending in my behalf (and the number of mail it has sent). To know the region state of sending servers would be convenient.
spf/dkim fail
Consider the case where I manage a mailserver and I set the spf to allow receiving mail only from my mailserver (spf policy ~all). Before setting spf policy to -all I wish to know if there are other servers sending mail for that domain. With the above view I could quickly identify, for example, a webserver that is sending mail in behalf of my domain. In such case, I will update my spf record with it's ip and, once I'm sure there are no other legitimate servers left, I will set spf policy to -all.
Thank you.