DMARC reports are an essential tool for combatting email authentication abuse on your domain. When you get a DMARC report, it may include some unfamiliar sources that might be addressed at domains you don’t recognize. Forensic DMARC reports can help you better understand these reports by sending more information about them. This helps uncover granular details about the origin of malicious sending sources, helping you identify spoofing attempts and take action against them faster.
Unfortunately, not all domains support sending forensic DMARC reports, but the good news is: many do.
We have made a list of a few known domains that send forensic reports on DMARC failure:
(Note: this is not a complete list)
spamexperts.com
hotmail.com
seznam.cz
emailsrvr.com
ing.com
163.com
droso.dk
netfront.net
126.com
yeah.net
andreasschulze
linkedin.com
dyndns.org
prime.gushi.org
bcb.gov.br
Icicibank.com
hamartun.priv.no
jacobrideout.net
klingon-embassy.co.za
vestel.com.tr
dar.com
kfmc.med.sa
laser.ru
simkin.ca
opatel.nl
sapienti-sat.org
csh.rit.edu
laposte.net
clouduss.com
bankofsharjah.com
Note: Gmail and Office 365 are among popular ESPs that do not send DMARC forensic reports.
If any one of the above-mentioned domains is used to send an email that is not authorized and would fail DMARC authentication, on your behalf, you will receive a DMARC forensic report that you can view in the Forensic report section on our DMARC report analyzer dashboard.