Failure Breakdown Chart
Reading the SPF/DKIM failure distribution
Failure Breakdown Chart
The Failure Breakdown chart gives you a visual overview of how your email is distributed across authentication states. It answers the question: "Of all the email sent from my domain, what proportion is fully authenticated, partially authenticated, or failing completely?"
Understanding the Segments
Both SPF and DKIM passed with alignment. Fully authenticated email — the ideal state. Your goal is to push this segment as high as possible.
One method passes. DMARC still passes, but you have no redundancy. If SPF-only sources are in this segment, add DKIM. If DKIM-only, consider adding the source to SPF.
Neither SPF nor DKIM passed. DMARC fails for these emails. Under a p=quarantine or p=reject policy, these are sent to spam or blocked. This segment should be as close to 0% as possible.
What the Chart Tells You Over Time
Watch the trend, not just today's snapshot:
- Green growing, red shrinking — you're making progress. Keep approving sources.
- Red growing suddenly — a new service started sending, or an existing one changed IPs. Go to Authentication Troubleshooting to identify it.
- Yellow large, red small — good DMARC compliance, but DKIM is underused. Enable DKIM for more senders.
- Flat at low green — not enough DMARC report data yet, or many unapproved sources. Work through the SPF Decision Queue.
Acting on the Chart
Large red segment: Go to Authentication Troubleshooting and fix Critical issues first. Approve legitimate sources in SPF Management.
Large yellow segment: SPF-only or DKIM-only passing. Enable DKIM for services that are SPF-passing only. Consider approving DKIM-passing sources in SPF too.
95%+ green: You're ready to consider upgrading your DMARC policy from p=none to p=quarantine. Check the Policy Readiness card.