Content of Threat/Unknown sources

utsav.sejpal · May 7, 2020, 11:26pm

Hi Experts,

We’ve just set up DMARC policies and exploring the features DMARCIAN portal.

While the section “Threat/Unknown sources” within the “Detail Viewer” provides a great source of information, I was wondering if there’s a way to know what sort of content is being circulated using our domains. Even if we can see the subject lines of those emails, we might be in a position to say that someone’s running phishing campaign against us.

Regards,
Utsav

opvind · May 17, 2020, 1:20pm

DMARC Failure reports (ruf=, also known as Forensic reports) may provide some insight into unauthorized mails. Be aware that far from all reporters send failure reports, and many reports contain only (selected) headers from the failing mails.

Topic		Replies	Views
Unknown Sources but DKIM and SPF Pass. Why? Technical Help	1	3902	September 11, 2019
Way to many threat/unknown sources. Need help?	0	431	January 20, 2023
DKIM passes, SPF passes, DMARC fails... how to fix? Technical Help	3	285	March 11, 2024
FAQ: DMARC Reports FAQ	0	2197	May 13, 2019
Help - Articles/Guides with advanced analysis	2	690	October 19, 2021

Content of Threat/Unknown sources

Related topics