Internal sources are an important category of the Authentication Reports page. This section should be checked to make sure the traffic from any internal IP is passing DMARC for your domain.
Internal sources are typically categorized as such when you add an IP address or range to the netblocks section on the configuration page for your domain.
You will see the email traffic from these IPs, categorized into 3 categories (Mostly Passing IPs, Partially Passing IPs, and Mostly Failing IPs), just like the sending services are categorized in the main Authentication Report window.
Notes:
Please keep in mind that this categorization is solely based on DMARC authentication.
For an email sent by an internal IP on behalf of your domain to pass DMARC, you will need to make sure:
That IP is added in the SPF configuration for that domain.
The emails sent by that IP on your behalf, are sent in SPF alignment for your domain. (SPF alignment = header.from must be aligned with the mailfrom/return path).