TEXAS A&M UNIVERSITY
DMARC Grafana Dashboard
Audience: Email Security Administrators and Security Analysts.
Purpose: Interpret DMARC aggregate reports using the Grafana dashboard.
Overview
The DMARC Grafana dashboard provides visibility into DMARC aggregate reports (RUA reports), helping identify authentication issues and unauthorized senders.
Dashboard Sections
DMARC Summary
Three pie charts showing pass/fail percentages for:
- SPF Alignment
- DKIM Alignment
- DMARC Overall
Over Time Graphs
| Graph | Purpose |
|---|---|
| SPF/DKIM Over Time | Authentication pass/fail trends |
| SPF/DKIM Alignment Over Time | Alignment pass/fail trends |
| DMARC/Disposition Over Time | Policy enforcement trends |
Disposition values:
none— Policy not applied, email deliveredquarantine— Email quarantinedreject— Email rejected
Total Message Count
Total number of messages from parsed DMARC reports.
Reporting Tables
Reporting Organizations
Organizations sending you DMARC reports.
Top 2000 Message Sources by Reverse DNS
Sending servers grouped by base domain in reverse DNS.
Message Volume by Header From
Email from domains sorted by message volume.
Geographic Data
A world map showing message origin countries with corresponding message counts.
Overview Table
| Column | Description |
|---|---|
| Sending Domain | Domain of sending MTA/SEG |
| PTR | Reverse DNS of sending server |
| Source IP | IP of sending server |
| Country | Country of sending server |
| Disposition | DMARC policy action taken |
| SPF | SPF alignment status |
| DKIM | DKIM alignment status |
| Reporter | Organization that sent the report |
| SPF Auth Result | SPF authentication pass/fail |
| DKIM Auth Result | DKIM authentication pass/fail |
| Email Domain | RFC5322.From domain |
| Messages | Message count |
Published Policies Table
| Column | Description |
|---|---|
| Domain | Domain for DMARC policy lookup |
| DKIM Policy | adkim field — s (strict) or r (relaxed) |
| SPF Policy | aspf field — s (strict) or r (relaxed) |
| Policy | p field — none, quarantine, or reject |
| Percentage | pct field — default 100 |
| Subdomain Policy | sp field — none, quarantine, or reject |
Alignment Details
SPF Alignment Table
| Column | Description |
|---|---|
| Header From | RFC5322.From domain |
| Envelope From | RFC5321.MailFrom (Return-Path) |
| SPF Result | Authentication pass/fail |
| SPF Aligned | Alignment status |
DKIM Alignment Table
| Column | Description |
|---|---|
| Header From | RFC5322.From domain |
| DKIM Selector | s= field for public key lookup |
| DKIM Domain | d= field for public key lookup |
| DKIM Result | Signature validation pass/fail |
| DKIM Aligned | Alignment status |
Analysis Tips
Identifying Unauthorized Senders
- Look at Message Sources by Reverse DNS table
- Find senders you don't recognize
- Use filter tools (magnifying glass icons) to drill down
- Cross-reference with Message From Header table
Finding DKIM Configuration Needs
- Find a recognized sender (e.g., email marketing service)
- Hover and click + magnifying glass to filter
- Check Message From Header to see which domains use the service
- Contact those departments to set up DKIM
DMARC Alignment Quick Reference
| Mechanism | Passing | Alignment |
|---|---|---|
| DKIM | Signature validated using published public key | d= domain matches From header |
| SPF | Server IP listed in SPF record | Envelope From matches From header |
Pass Requirement
A message passes DMARC by passing DKIM or SPF, as long as the related indicators are also aligned.