You just finished setting up DMARC for your domain. Congratulations! You’re on your way to securing your domain. Now, you have to… wait a little…
We all hate waiting, but it this case it’s necessary to wait at first. DMARC has two main functions- reporting (for monitoring and configuration) and conformance (for controlling unauthenticated email). Reporting comes first.
Reporting relies on Data, That Takes time
DMARC reports provide a lot of valuable information. They contain senders, including IP addresses, and the pass rate for SPF and DKIM (if you’re using DKIM), among other things. With all this data, reports are the key to correctly configuring SPF and DKIM so that you can move on to conformance. Trying to adjust your policies without DMARC data would be like taking shots in the dark.
The data comes from the email you send. When you send an email, it’s received and processed by the recipient’s ISP. The ISP gathers the data and sends it back in a report. However, ISPs don’t send a report for each individual email that they receive. Instead, they wait a set period of time (which varies by ISP) and send all available DMARC data for a domain in one report for that period. Usually, ISPs will send reports once a day, but it can be longer.
Why Wait a Week?
If reports are coming in daily, you could try to analyze it daily as well. However, one day worth of data is not that much to base big configuration changes on. In addition, some ISPs send DMARC reports less frequently, meaning you may not get the full picture if you jump the gun.
We know you’re eager to get your domain secure- so are we! However, if you edit your policies before you have a good idea of the changes you need to make, you may make thing more confusing. You’ll have to make more changes and could end up spending more time getting to a Reject policy. We’ve seen greater success in editing policies when more than one day’s worth of DMARC data is considered.
What to do While You Wait
There’s plenty to do while you’re waiting for DMARC reports. You can learn more about phishing, DNS, and email authentication (SPF, DKIM, and DMARC) on our info pages or check out our blog. We have some tips on how to get to reject, a list of DMARC’s features, some advice about selecting SPF all terms and reducing DNS lookups, and more. Or you can just get back to the whatever you were doing before you set up DMARC. In the meantime, we’ll gather your reports and be ready when you come back in a week. See you soon!