Content of Threat/Unknown sources

Hi Experts,

We’ve just set up DMARC policies and exploring the features DMARCIAN portal.

While the section “Threat/Unknown sources” within the “Detail Viewer” provides a great source of information, I was wondering if there’s a way to know what sort of content is being circulated using our domains. Even if we can see the subject lines of those emails, we might be in a position to say that someone’s running phishing campaign against us.


DMARC Failure reports (ruf=, also known as Forensic reports) may provide some insight into unauthorized mails. Be aware that far from all reporters send failure reports, and many reports contain only (selected) headers from the failing mails.