Domain Overview
The Domain Overview is your central hub for understanding your email security posture. It displays key metrics, compliance status, and recent activity at a glance.
Overview Dashboard
When you select a domain in SpoofWard, the overview tab shows:
Authentication Score
A large percentage showing what portion of your email is passing authentication checks (goal: 100%).
This score is calculated from DMARC aggregate reports:
- Pass - Email that passed SPF, DKIM, and DMARC alignment
- Fail - Email that failed authentication checks
- Neutral - Email from non-mail servers or ambiguous sources
The score only counts messages from domains that have DMARC policies.
85% and above is good. 95%+ is excellent. Below 85% indicates senders without proper SPF/DKIM alignment or unauthenticated sources.
DMARC Policy Status
Your current DMARC enforcement level:
- p=none - Monitoring mode. Email is authenticated but not rejected. Good for initial setup.
- p=quarantine - Failing email is sent to spam folder. Lower risk than reject.
- p=reject - Failing email is rejected outright. Maximum security.
Click "View Policy Roadmap" to see your guided path to enforcement.
DNS Health Status
Quick validation of key DNS records:
- DMARC - Is your DMARC record valid and reporting to SpoofWard?
- SPF - Is your SPF record correctly formatted and not exceeding the DNS lookup limit?
- DKIM - Are your active DKIM keys correctly published?
- MTA-STS (Optional) - Is your MTA-STS policy correctly configured?
- BIMI (Optional) - Is your BIMI record and certificate valid?
Each shows green (pass), yellow (warning), or red (failure).
Click "Full DNS Health Report" to get detailed validation of all records with specific recommendations for any issues.
Key Metrics
Sent Messages (7-Day Period)
Total authenticated message volume from your domain:
- Pass - Messages that passed SPF, DKIM, and DMARC
- Fail - Messages that failed alignment or authentication
- Neutral - Messages from systems without authentication
The chart helps identify trends. A sudden spike in failures indicates a configuration problem or new unauthenticated sender.
Top Senders
A list of IP addresses sending the most email from your domain (by volume):
- IP Address - Source IP
- Organization - Identified owner of the IP (using threat intelligence)
- Messages - Volume sent in the reporting period
- Status - Pass/Fail/Neutral for that sender
- Action - Allow/Block/Investigate
Click any sender to see detailed information.
Top Email Sources (Vendors)
SpoofWard's email source discovery automatically identifies all services sending email from your domain:
- Service Name - Identified service (SendGrid, Mailchimp, Office 365, etc.)
- Messages - Volume sent
- Status - Authenticated/Unauthenticated
- Action - Approve/Block/Investigate
Senders marked "Unauthenticated" may be legitimate but aren't properly configured with SPF or DKIM alignment.
Click each sender to see more details. You can mark them as authorized, investigate them further, or block them entirely.
Recent Activity
A timeline of recent events:
- New senders discovered
- Policy changes you've made
- DNS record updates
- Team member actions
- Compliance milestones
Threat Summary
Overview of suspicious activity:
- Spoofing Attempts - Messages claiming to be from your domain but from unauthenticated sources
- Suspicious IPs - IPs flagged by threat intelligence as malicious
- Authentication Failures - Recent spikes in failed authentication
- Recommendations - Suggested actions to improve security
Click "View Threats" to see detailed threat analysis.
Compliance & Readiness
Your organization's progress toward DMARC enforcement:
- Current Stage - Where you are in the enforcement journey
- Next Milestone - Recommended next action
- Estimated Timeline - How long until you're ready to move forward
- Blockers - Any senders that need configuration before enforcement
Use these insights to plan your enforcement roadmap safely.
Advanced Insights
DMARC Report Analysis
Click "View Reports" to see detailed analysis:
- Aggregate reports (RUA) - Daily statistics from receiving mail servers
- Forensic reports (RUF) - Detailed information about authentication failures
- Report timelines - Trending data over weeks and months
Sender Vendor Management
Under "Email Sources," manage individual senders:
- Approve - Mark as legitimate and authorized
- Block - Add to blocklist, reject their email
- Investigate - Research their authentication status and IP reputation
- Notes - Add internal notes about why they're authorized or blocked
IP Intelligence
Click any IP address to see:
- Reverse DNS information
- Geographic location
- Reputation scores from threat feeds
- Historical authentication patterns
- Action history (allowed/blocked/investigated)
Customizing Your View
Filters
Filter the dashboard by:
- Time period (last 7 days, 30 days, custom range)
- Sender type (all, authenticated, unauthenticated)
- Message status (pass, fail, neutral)
- Organization/vendor
Widgets (Business+ Plan)
Business and Enterprise plans can customize dashboard widgets:
- Click "Customize Dashboard"
- Choose which metrics to display
- Rearrange widget order
- Save your layout
Exporting Data
Generate reports for stakeholders:
- Executive Summary - High-level security posture
- Detailed Report - Full DMARC analysis, sender breakdown, recommendations
- CSV Export - Raw data for analysis in other tools
- PDF - Formatted report for sharing
Quick Actions
From the overview, take immediate actions:
- Update DNS Records - Link to your records with editing guides
- Send Test Email - Generate test emails to collect more data
- Invite Team Member - Add colleagues to collaborate
- View Full Reports - Deep-dive into DMARC intelligence
- Configure Policy - Adjust DMARC enforcement level
Related Documentation
- DNS Health Score - Detailed DNS validation
- Viewing DMARC Reports - Understanding report data
- Email Source Discovery - Managing senders
- DMARC Enforcement - Policy progression guide