What are the Classification Actions?

OnDMARC Classification Actions - Assets vs Threats

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

Classification Actions are based on the DMARC reports that we have received for a particular domain. Whenever we receive a report, we take each source/sender from that report and display a Classification Action asking if you recognize the source.

An example of such Action is shown below.

Answering Yes classifies the source as an Asset ie. service that you recognize and use, and No classifies the source as Threat ie. service that you do not recognize or use.

Please keep in mind that seeing a well-known service such as Microsoft Office 365 does not indicate that you should answer Yes to. You should only answer Yes to sources that you use and expect them to be sending emails on your domain’s behalf.

Classifying senders as Threats does not affect your email traffic in any way, it just tells the tool to ignore failures from those senders and that you are not using them to send emails.

For each Asset you will receive instructions on how to configure SPF and DKIM, an example is shown below. 

Once you have configured SPF and DKIM, you will have to go into Email Sources and for each Asset enter the SPF and DKIM details so you can monitor their status.  

The action to configure the Asset with SPF and DKIM will remain until the tool receives reports which confirm that DMARC is passing based on SPF and DKIM.

Sometimes you may have hundreds of actions that need your attention. We have built a feature that enables you to multi-select sources and classify them all at once. In the Actions menu you will see a toggle that can be used to switch between single and multi-select.

Did this answer your question?