The DMARC protocol creates a record with metadata about the validation status of each email it receives from each organisation. These records are then aggregated and sent as a file attachment to the OnDMARC email specified in the organisation’s DMARC record.
Aggregated reports include metadata about each validated email, the only data stored on our systems is:
IP address of the senders of emails that use your domain, this can be authorised and unauthorised senders
Domain name related to each IP, when the IPs resolve to a domain name
Email count for each IP sender
Email validation information for each email:
- SPF Pass or Fail
- DKIM Pass or Fail
- DMARC Pass or Fail
Forensic reports are generated for emails that failed DMARC validation and can include certain headers as defined for each email sending service. Forensic reports are not supported by all email receivers. The usual headers and data that Forensic reports may contain are:
Return-Path
Authentication-Results
DKIM-Signature
Received
From
Subject
Body (preventively redacted by OnDMARC. Only character count and URLs used are kept)
Mime-Type
“X-” extension headers
Body information is not sent by specifications of the protocol, however some email receiving servers can add the body in the forensic reports. OnDMARC removes the body information which is not stored or processed in any of our systems.
To find out how we treat information found in forensics reports please click on the button below.
We also store the contact data of the admin user in our customer company. This is stored in our CRM management cloud SaaS providers:
Website contact form - Drip https://www.drip.com/
Business email address: [email protected]
CRM - Base https://getbase.com/
Contact name: John Doe
Business email: [email protected]
Phone number: +44 (0)111 222 3333