DMARC Management | Top 10 Sources

I added cloudflare DMARC Management for an email to one of my domain, everything set up correctly and work as expected.
However, in the past few days, under the section of “Below are the top 10 sources sending emails on your behalf. A source must be either SPF or DKIM aligned to get a DMARC pass.”, I keep getting a source that sent on my behalf, I thought maybe I did, but today I got another saying the same, and I didn’t used that domain email to send anything recently, so I am wondering, is someone is spoofing my email? even though it says it is DMARC pass (1), or does it count the email received at my server too?
Documentations (2) didn’t provide in depth details so hope someone shed some lights on this.



DMARC reports are about email messages that have been sent, which also appears to be from your domain name, in the message’s header From: (RFC5322.From), the header that appears as the visible sender of the message(s) in most email programs.

As it claims both SPF and DKIM have an alignment of 100%, it would be quite nasty for your domain, if the message wasn’t triggered by you (or maybe automatically by one of your systems)?

It only counts what others (e.g. the source of the actual DMARC report) have received at their end, which at the same time claimed to be from your domain.

Do you mind sharing the specific domain name?

In addition, do you mind clicking on “Atlantic Metro Communications II, Inc.”, and share a screenshot that, especially I’m looking for the “Source IP”?

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.