{"id":176,"date":"2021-03-18T11:30:26","date_gmt":"2021-03-18T11:30:26","guid":{"rendered":"https:\/\/prodmarc.com\/knowledge\/?p=176"},"modified":"2021-03-18T11:30:26","modified_gmt":"2021-03-18T11:30:26","slug":"difference-between-aggregate-report-and-forensic-report","status":"publish","type":"post","link":"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/difference-between-aggregate-report-and-forensic-report\/","title":{"rendered":"What is the difference between aggregate report and forensic report?"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"176\" class=\"elementor elementor-176\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-63134685 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"63134685\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b2c7066\" data-id=\"b2c7066\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3efab9a7 elementor-widget elementor-widget-text-editor\" data-id=\"3efab9a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><br>An aggregate report is an XML feedback report designed to provide visibility into emails that passed or failed SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). <\/p>\n<p> The report provides domain owners with precise insight into: <\/p>\n<ul>\n<li>The authentication results, and<\/li>\n<li>The effect of the domain owner\u2019s DMARC policy<\/li>\n<\/ul>\n<p> The report contains the following: <\/p>\n<ul>\n<li>The domain or organization that sent the report<\/li>\n<li>The domain that you are receiving the report for and its current DMARC policy <\/li>\n<li>Date<\/li>\n<li>Sending IP address<\/li>\n<li>Email count<\/li>\n<li>The disposition of those emails ie. the policy that was applied to those emails by the receiver<\/li>\n<li>The SPF identifier and result, if any<\/li>\n<li>The DKIM identifier and result, if any<\/li>\n<\/ul>\n<p> The DMARC forensic reports include additional information such as the subject line, header information (i.e. \u201cTo\u201d and \u201cFrom\u201d), URLs included and attachment information. <\/p>\n<p> DMARC forensic reports are generated by an ISP when the SPF or DKIM does not align with DMARC. These reports are only created when the ISP receives a message that fails DMARC authentication. Forensic reports contain sample data indicating that there is an issue with a certain source, mailstream or sending IP. The forensic reports contain message-level data, \u201cTo\u201d and \u201cFrom\u201d email addresses and the IP addresses of the sender. It is also possible to see the body of a message. <\/p>\n<p> Forensic reports could contain the following information: <\/p>\n<ul>\n<li>Subject line<\/li>\n<li>Time when the message was received <\/li>\n<li>IP information<\/li>\n<li>Authentication results<\/li>\n<ul>\n<li>SPF result<\/li>\n<li>DKIM result<\/li>\n<li>DMARC result<\/li>\n<\/ul>\n<li>From domain information <\/li>\n<ul>\n<li>From address<\/li>\n<li>Mail from address<\/li>\n<li>DKIM from address<\/li>\n<\/ul>\n<li>Message ID<\/li>\n<li>URLs<\/li>\n<li>Delivery result<\/li>\n<li>What was the applied policy, the message could be rejected if there\u2019s a reject policy in place, or quarantined, or delivered because of a none policy<\/li>\n<li>ISP information<\/li><\/ul>\n<p><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>An aggregate report is an XML feedback report designed to provide visibility into emails that passed or failed SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). The report provides<\/p>\n<p><a href=\"https:\/\/knowledge.progist.net\/index.php\/2021\/03\/18\/difference-between-aggregate-report-and-forensic-report\/\" class=\"more-link\">Continue Reading<span class=\"screen-reader-text\">What is the difference between aggregate report and forensic report?<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","om_disable_all_campaigns":false,"footnotes":""},"categories":[7],"tags":[22,56,76],"class_list":["post-176","post","type-post","status-publish","format-standard","hentry","category-dmarc","tag-aggregate-report","tag-dmarc","tag-forensic-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":0,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"wp:attachment":[{"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/knowledge.progist.net\/index.php\/wp-json\/wp\/v2\/tags?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}