The DMARC protocol creates a record with metadata about the validation status of each email it receives from each organisation. These records are then aggregated and sent as a file attachment to the OnDMARC email specified in the organisation’s DMARC record. 

Aggregated reports include metadata about each validated email, the only data stored on our systems is:

  • IP address of the senders of emails that use your domain, this can be authorised and unauthorised senders

  • Domain name related to each IP, when the IPs resolve to a domain name

  • Email count for each IP sender

  • Email validation information for each email: 

                 - SPF Pass or Fail

                 - DKIM Pass or Fail

                 - DMARC Pass or Fail

Forensic reports are generated for emails that failed DMARC validation and can include certain headers as defined for each email sending service. Forensic reports are not supported by all email receivers. The usual headers and data that Forensic reports may contain are:

  • Return-Path

  • Authentication-Results

  • DKIM-Signature

  • Received

  • From

  • Subject

  • Body (preventively redacted by OnDMARC. Only character count and URLs used are kept)

  • Mime-Type

  • “X-” extension headers 

Body information is not sent by specifications of the protocol, however some email receiving servers can add the body in the forensic reports. OnDMARC removes the body information which is not stored or processed in any of our systems.

To find out how we treat information found in forensics reports please click on the button below. 


We also store the contact data of the admin user in our customer company. This is stored in our CRM management cloud SaaS providers:

Business email address: [email protected]

Contact name:  John Doe
Business email: [email protected]
Phone number:  +44 (0)111 222 3333

Did this answer your question?