AWS Logo
Menu

Visualizing DMARC report using SES and QuickSight

Receiving DMARC reports with SES email receiving feature and creating visualization using Amazon QuickSight

sesquicksightathena
Jonathan Lee
Amazon Employee
Published Sep 6, 2024
Domain owners who monitor DMARC (Domain-based Message Authentication, Reporting and Conformance) reports have better success with email deliverability because they can ensure all messages conform to authentication best practices. Using the approach suggested here, it is now possible to visualize DMARC retrieving reports discussed in this blog.

Prerequisites

Configure DNS for DMARC reports

Configure DNS records according to this blog so that periodic DMARC report will be sent to an email address configured existing in your SES email identities.

Configure DMARC report receiving

If you want to enrich the data with DMARC monitoring, you will need the following.
  • A domain is verified with DMARC and DKIM configured
  • Add a record to request report from email mailbox provider
Setup Email Receiving in the SES console. Follow this instruction to configure email receipt rule set and rules. Set the S3 bucket to be the template created ses-dmarc-email-received-[account ID] bucket.
SES receiving email
SES receiving email configuration
Store received email to S3 bucket
Store received email to S3 bucket

Solution Deployment

Lambda function triggered by S3 objects

Here is the AWS Lambda function (Github link) which is triggered by each email with DMARC report as an attachment.
Configure read and write permission for S3 buckets which are configured in Environment variables.
lambda environment variables
lambda environment variables
Once the reports are processes, there should be JSON objects in the destination bucket.

Set up Athena

First, create a database in AWS Glue. Then, access Amazon Athena to create two tables and three views. We will only use the final combined view for visualization. The reason for multiple tables and views is to handle different JSON structures in DMARC report.
The following three queries will create views.

Create datasets in Amazon QuickSight and visualize

In Amazon QuickSight, datasets with Athena data source are added and a visualization can be created. If your organization uses AWS Lake Formation, you will need to provide find-grained permission from Amazon QuickSight to tables and views in Athena.
DMARC visuals in QuickSight
DMARC visuals in QuickSight
In addition, you can utilize various QuickSight features, such as data join from multiple datasets, non-console access, periodic email delivery of reports, granular permission with row-level security, to meet your business reporting needs.
In this post, I showed you how to build SES deliverability reports from external DMARC data using Amazon QuickSight. The solution will allow you to share reports to users without AWS console access. You can customize graphs and tables in Amazon QuickSight dashboard in order to meet your business requirements
 

Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.

Comments