Best tool for analysis of DMARC aggregate (Email) reporting?

Forums › IT Pro and developers › Best tool for analysis of DMARC aggregate (Email) reporting?

Aaroona

3204 posts

Uber Geek
+1 received by user: 169

#195130 7-Apr-2016 11:19

I'm currently working on getting SPF and DMARC set up for all our email domains.

I have seen that there are a number of services that offer DMARC report processing (the XML aggregate file), but I'm wanting to know what services people would suggest.

One of the key things here for me is, I'd like to understand what trends we have; i.e. most spoofed domain, IP's that regularly get flagged, etc.

Does anyone have any recommendations?

-A

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2711968 24-May-2021 08:18

There were no replies to this a few years ago - but thinking DMARC is in much wider use now, so wanted to see if anyone had suggestions for good aggregators

I have been using Postmark to generate free DMARC human readable reports for each domain, but am looking for a good aggregator so we can monitor our clients.

Anyone have any suggestions?

Clint

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2711969 24-May-2021 08:19

I am using Valimail for multiple domains.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2712601 24-May-2021 20:09

Not sure i can justify the pricing of Valimail - $199 per month per domain is pretty steep. Is there anything specific that justifies the cost?

Just looking for a basic agregation of the rua e-mails and probably some basic reporting. we can handle the actual creation and monitoring of the SPF, DMARC and DKIM values for the domains

Anyone else have other thoughts?

Clint

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2716861 1-Jun-2021 20:11

freitasm:

I am using Valimail for multiple domains.

Are you using the free Valimail for Office 365?

Clint

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2716923 1-Jun-2021 21:10

clinty:

freitasm:

I am using Valimail for multiple domains.

Are you using the free Valimail for Office 365?

Correct.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

jhsol

102 posts

Master Geek
+1 received by user: 27

#2716934 1-Jun-2021 21:37

Ive trialled PowerDMARC and DMarcian for about 3 months each (free plan).

https://powerdmarc.com/power-dmarc-pricing-policy/

https://dmarcian.com/pricing/

I ran through a full sales brief with the PowerDMARC and I found that they were very sales heavy on their enterprise solution (pretty much a fully managed, and full bells and whistles on the reports). My personal thoughts are, unless the business is actively wanting and acting on the DMARC reports (ie you are suffering loss due to your domain being spoofed) ive found that the easiest solution is to not bother with a DMARC reporting tool at all.

Configure your SPF, DKIM and DMARC records to use a shared mailbox on the domain (ie I use mailto:rua-reports@yourdomain.co.nz and mailto:ruf-reports@yourdomain.co.nz). You can set a p=none (if you are not sure of all mail servers for your domain) or p=quarantine/reject if you are sure of your mail servers (i just use quarantine as default, especially for my O365 clients).

The biggest benefit of DMARC is being able to trust mail from from your server. As an example I contract for CompanyA and we use DMARC as a method of whitelisting the receiving of files between other organisations. IE a rule in Exchange that

- If sender domain is from [safe list of domains] AND Header [Authentication-Results] Value [DMARC=Pass or DMARC=BestGuessPass] => Set SCL to 0

We also use it to allow through through PasswordProtectedFiles and MacroDocuments (except we use exact email addresses, and not just domains). Otherwise the files and documents are blocked at the gateway.

For other small organisations, Ive personally found that

a) the reporting tools arent worth it (no value to the business)

b) No other real use except to reduce the amount of times your domains email ends up in other domain spam (current value to the business).

For medium to large organisations

a) the reporting tools are worth it if you can sell it (not the reports, but the time to disseminate the reports)

b) The benefit is being able to trust the sending and receiving of mail between other DMARC configured organisations. This is really good if you are trying to align up with Cert/NZISM/CIS/NIST frameworks.

New World

Shop on-line at New World now for your groceries (affiliate link).

jhsol

102 posts

Master Geek
+1 received by user: 27

#2716939 1-Jun-2021 21:43

Sorry, just realised I didnt answer the question directly.

DMARCIANs tool was better, i had problems with the powerdmarc with web application issues, random white screen and reports wouldnt load etc. Few refreashes or in most cases incognito mode fixed it. I logged into the portal to view the reports which look really cool for your manager, but after about 3 months they just sit there now.

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2717032 2-Jun-2021 08:59

Pretty much just looking to implement DMARC correctly for all our customers, and make sure we can detect any "Shadow IT" purchases (such as the marketing dept deciding to use Mailchimp with out informing us) in the future. Also allows us to be able to figure out if delivery issues could be spam related or not.

One pane of glass makes it easy and less time consuming for us to keep an eye on everyone going forward.

Am going to trial Valimail Dmarc monitor for Office 365 - its free, but the sign up link doesn't seem to be advertised on their main site

Free Valimail DMARC Monitor™ for Microsoft 365

Clint

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#2737054 30-Jun-2021 20:29

So after a some looking around, and testing for 30 days or so - I have found the following sites that will process the DMARC aggregate reports at reasonable cost :)

https://dmarc.postmarkapp.com/ - free, emails a weekly summary for the domain, but does not show all of the senders - however more than enough to identify various "other" email servers and Shadow IT services to setup your SPF and DKIM properly

Valimail DMARC Monitor for Office 365 - free, for Microsoft 365 tenant domains only (however have not tested it with non MS domains, may work). Can have multiple domains in one account, good layout, easy to drill down, look at previous data - @freitasm uses this so can probably comment a bit more

https://www.uriports.com/ - Paid ( $US1 for 3 x domains, $US5 for unlimited per month ). This site actually does more than DMARC, it also does website monitoring - crash reports, network error, CSP and more but i turned that off. They give more details than Valimail, and also process DMARC failure reports (this includes the message content - if you jump through some hoops regarding Encryption, and the reporting mail server supports it). Has a free 30 day trial, no C/C required, only prompted me to buy at 10 and 3 days before end of trial

Obviously not an exhaustive list, but most other sites are upwards of $50US per month

Will probably use Valimail going forward as clients all on 365, but think Uriports definitely worth it if you need to monitor email hosted on other systems

Clint

edit: Corrected pricing on Uriports

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41045

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2737056 30-Jun-2021 20:43

I really like Valimail. You can also delegate the DMARC rules and management to Valimail and manage the DMARC from their interface instead of creating the DMARC record yourself.

Also worth mentioning Google Postmaster (not a DMARC app but if you send lots of emails to Gmail or Google Workspace you will also get some visibility):

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Paul1977

5171 posts

Uber Geek
+1 received by user: 2192

#2949718 2-Aug-2022 13:51

I've just signed up to Valimail for the free plan, but not sure if it's the free plan for 365 or the plan they advertise as free for anyone. And having trouble find any info on what the difference is?

Can anyone with more experience point me in the right direction?