Problem
How can I receive DMARC reports and what is inside those reports?
Solution
A secondary functionality of DMARC enables ISPs to send reports about the authentication success or failure for a domain. Those reports are sent to the addresses defined in two switches:
Bot ruf and rua switch should contain a functional mailto-link where failure- and aggregated reports can be sent. It's important to receive, read and process those reports. The following example configures DMARC for all reporting, but reporting only:
# host -t txt _dmarc.sub.domain.TLD _dmarc.sub.domain.TLD descriptive text "v=DMARC1; p=none; rua=mailto:dmarc@mailmike.net; ruf=mailto:dmarc@mailmike.net;"
Forensic reports are very rare for 2 reasons:
- High volume: failure reports generate a single report for each individual mail that failed authentication.
- Privacy: Failure Reports are not compliant to GDPR. ARF Reports generally contain personal data, such as IPs.
It is generally recommended to refrain from setting a ruf-switch at all.
Sample reports
Related articles
Account
Support