Here are the steps you can follow to fix email authentication issues and analyze the collected data:
1. Go to the DMARC Analytics –> Aggregate Reports.
2. Click on the number in the Sources column for the domain.
The dashboard presents your sending sources for the domain.
Notice your legal sources and look at the DMARC PASS percentage for them.
If the DMARC PASS percentage is above 90% like for Amazon.com, CenturyLink, Telstra Global, GoDaddy, 1 & 1, Yahoo and Proximus, then everything is good with DMARC email authentication for the messages sent by these sources.
With Amazon.com your DMARC compliance rate is 100%. However, DMARC passes based on DKIM, not SPF. As you can see, SPF compliance is 0%. To be on the safe side, it is highly recommended that you make the SPF evaluation pass by setting up a custom domain for Mail FROM just like you did it in Mimecast (CenturyLink, Telstra Global). Thus, if DKIM fails for some reason, your messages will still be DMARC compliant based on SPF.
Then, pay close attention to the sources where the DMARC PASS percentage is 0% such as Salesforce.
If it is your legal sending source, set up the proper SPF and DKIM records for that source. As you can see, neither SPF or DKIM is set up. Probably you have recently started using Salesforce and have not completed the domain set up for it yet.
If it is not your legal source, then do nothing.
As you can see from the above picture, your DMARC compliance with Outlook.com is 61%.
Click on 85 in the DMARC FAIL column. You see that SPF and DKIM failed for the domain affordableartfair.com.
Check the SPF record for the domain affordableartfair.com with the GlockApps SPF Validator.
I got this result:
This record is considered broken and can be fixed by reducing the number of total lookups/modifiers.
Total lookups 12/10.
There are two issues with the SPF:
1) it doesn’t include Outlook as the sender;
2) it has more than 10 DNS lookups.
You’ll want to correct the issues to pass SPF and DMARC authentication.
In the same way, you can go to 2, 3, 4 etc. pages and look at your sending sources and DMARC compliance rate. If it is low or middle and if you notice a considerable number of sent emails by a source, it is worth to go deeper in the report and see what must be corrected for the corresponding sending source.
Read more about how to analyze DMARC reports.