GET: DMARC Finding Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dmarcGet an organization’s DMARC finding details. See how it is assessed.ParametersFor details specific to DMARC, use the ?risk_vector=dmarc parameter. Other query parameters are listed in GET: Finding Details.Example Response{ "links":{ "next":null, "previous":null }, "count":9, "results":[ […] { "temporary_id":"ABCd12EFgh345i678901j2k34567lmnop8901qr23s456t789uv0w12x34567yzzz8z99z0000", "affects_rating":true, "assets":[ { "asset":"example.com", "identifier":null, "category":"critical", "importance":0.1, "is_ip":false, "asset_type":"Domain" } ], "details":{ "cvss":{ "base":[ ] }, "check_pass":"", "diligence_annotations":{ "message":"Record does not exist", "record":[ [ ] ], "percentage":0, "policy":"reject", "ruaReportEmail":[ ], "rufReportEmail":[ ] }, "grade":"BAD", "remediations":[ { "message":"Record does not exist", "help_text":"Domain has no DMARC record in place.", "remediation_tip":"Implement a DMARC policy for this domain." } ], "sample_timestamp":"2024-03-22T21:19:11Z", "vulnerabilities":[ ], "rollup_end_date":"2024-03-22", "rollup_start_date":"2024-01-17" }, "evidence_key":"example.com", "first_seen":"2024-01-17", "last_seen":"2024-03-22", "related_findings":[ ], "risk_category":"Diligence", "risk_vector":"dmarc", "risk_vector_label":"DMARC", "rolledup_observation_id":"0aaaaAaaaAaaaaaaA0aa0A==", "severity":8.0, "severity_category":"material", "tags":[ "TagName" ], "remediation_history":{ "last_requested_refresh_date":"2024-06-19", "last_refresh_status_date":"2024-06-23", "last_refresh_status_label":"failed", "last_refresh_status_reason": "asset_not_found", "last_refresh_reason_code":"asset unreachable", "last_refresh_requester": "1e10564d-fawa-4331-0000-6f7588b55a98", "result_finding_date": null }, "asset_overrides":[ ], "duration":null, "comments":null, "remaining_decay":56, "remediated":null, "impacts_risk_vector_details":"AFFECTS_RATING" } ] }Response Attributes Field Description links Object Navigation for multiple pages of results. See pagination. next String The URL for navigating to the next page of results. previous String The URL for navigating to the previous page of results. count Integer The number of findings. results Array Findings and their details. Object A finding. temporary_id String A temporary identifier for this finding. affects_rating Boolean true = This finding has an impact on the letter grade. assets Array Asset details. Object An asset. asset Array The asset name. identifier String For internal Bitsight use. category String The Bitsight-calculated asset importance. importance Decimal The Bitsight-calculated asset importance. is_ip Boolean true = This asset is an IP address. asset_type String The type of asset. details Object Details of this finding. cvss Object If the finding has an associated vulnerability, this contains the CVSS score. base Array CVSS scores of vulnerabilities associated with this finding. check_pass String For internal Bitsight use. diligence_annotations Object Diligence finding details. message String The finding message. record Array The DMARC record configuration details. percentage Integer The proportion of email that have a passthrough policy protecting recipients of spoofed email. policy String How emails that fail authentication are handled. Values: quarantine reject none = Allow all email to pass through. ruaReportEmail Array The mailbox where the RUA report (a.k.a. DMARC aggregate report) containing authentication failures statistics are sent. rufReportEmail Array A second set of recipients of the RUA report. If available, this may be used to request detailed forensic authentication reports. grade String The finding grade. remediations Array Information about the finding and instructions to remediate it, if any. Object The information. message String The finding message. help_text String An overview of this finding. remediation_tip String The recommended remediation instructions. sample_timestamp String [YYYY-MM-DDTHH:MM:SSZ] The date and time when this finding was observed. vulnerabilities Array Vulnerability details. rollup_end_date String [YYYY-MM-DD] The date when this finding was last observed. rollup_start_date String [YYYY-MM-DD] The date when this finding was first observed. evidence_key String The asset attributed to this finding. first_seen String [YYYY-MM-DD] The date when this finding was first observed. last_seen String [YYYY-MM-DD] The date when this finding was last observed. related_findings Array Related findings. risk_category String The risk category. risk_vector String The risk vector slug name. risk_vector_label String The risk vector display name. rolledup_observation_id String A stable and randomized identifier for findings. It is assigned to a finding when one or more observations with largely similar key properties occur in close succession. severity Decimal This finding’s Bitsight severity. severity_category String This finding’s Bitsight severity. tags Array Infrastructure tags identifying the asset. remediation_history Object If ?expand=remediation_history parameter is set, the remediation history of the finding is included. last_requested_refresh_date String [YYYY‑MM‑DD] This is not applicable to DMARC. last_refresh_status_date String [YYYY‑MM‑DD] TThis is not applicable to DMARC. last_refresh_status_label String This is not applicable to DMARC. last_refresh_status_reason String This is not applicable to DMARC. last_refresh_reason_code String This is not applicable to DMARC. last_refresh_requester String [user_guid] This is not applicable to DMARC. result_finding_date String [YYYY-MM-DD] This is not applicable to DMARC. asset_overrides Array User-assigned asset importance. duration String This is not applicable to DMARC. comments String Finding comments. remaining_decay Integer This finding’s remaining lifetime. remediated Boolean true = The finding is remediated. impacts_risk_vector_details String Indicates how the risk vector is impacted. Values: AFFECTS_RATING DELEGATED_CONTROL LIFETIME_EXPIRED January 20, 2026: DMARC Risk Vector is recategorized from a temporarily non-graded risk vector to informational and does not affect Bitsight Security Ratings. February 28, 2025: Added last_refresh_status_reason, last_refresh_reason_code, last_refresh_requester, and result_finding_date response attributes. March 29, 2024: Published. Related articles Access Control: Companies Tab GET: Finding Details Understanding the DMARC Risk Vector and how it affects your Bitsight Rating GET: User Behavior Finding Details GET: SPF Domains Finding Details Feedback 0 comments Please sign in to leave a comment.