Understand DMARC Reports and its Parameter

dmarc report

What are DMARC Reports and what does it contain?

DMARC has 2 types of reports:
1). Aggregate Reports – RUA
2). Forensic Reports – RUF

Aggregate Reports talks about:

  • Sender Source IP
  • Status of SPF and DKIM Alignment and Authentication – Pass or Fail
  • Date in UTM format
  • Recipient Server or organization who has shared backed the DMARC Report
  • And the DMARC policy applied by the recipient server i.e. None(p=none), Quarantine(p=quarantine), Reject(p=reject)

In value addition to the above GoDMARC provides a reverse hostname, WhoIS of the IP address along with a Blacklist check and IP reputation. Blacklist check and IP reputation help Security & email marketing team to enhance email deliverability and get better ROI.

Forensic Reports talks about:

  • Sender Source IP
  • Status of SPF and DKIM Alignment and Authentication – Pass or Fail
  • Date in UTM format
  • Recipient Server or organization who has shared backed the DMARC Report
  • And the DMARC policy applied by the recipient server i.e. None(p=none), Quarantine(p=quarantine), Reject(p=reject)
  • It also contains critical information of From, To, CC, Subject, and Message body of that email.

Due to privacy concerns, many mailbox providers including Gmail have dropped support for DMARC RUF reports. Any of the RUF received from the recipient server is parsed, encrypted, and shown to the customers in their GoDMARC dashboard.

DMARC Records and its parameters

DMARC record looks like:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=r; aspf=r; pct=100; rf=afrf;

Here p=reject is the highest DMARC policy enforced and one should be careful while enforcing Reject policy. For consultants please connect with us if you have any questions regarding how our DMARC reporting tool works.

TagTagValueNameDescription
vDMARC1VersionIdentifies the record retrieved as a DMARC record. It must be the first tag in the list.
prejectPolicyPolicy to apply to email that fails the DMARC test. Valid values can be ‘none’, ‘quarantine’, or ‘reject’.
ruamailto:[email protected]ReceiversAddresses to which aggregate feedback is to be sent. Comma-separated plain-text list of DMARC URIs.
rufmailto:[email protected]Forensic ReceiversAddresses to which message-specific failure information is to be reported. Comma-separated plain-text list of DMARC URIs.
fo1Forensic ReportingProvides requested options for generation of failure reports. Valid values are any combination of characters ’01ds’ separated by ‘:’.
fo=0 = SPF and DKIM Both
fo=1 = SPF or DKIM
fo=d = only DKIM failure
fo=s = only SPF failure
adkimrAlignment Mode DKIMIndicates whether strict or relaxed DKIM Identifier Alignment mode is required by the Domain Owner. Valid values can be ‘r’ (relaxed) or ‘s’ (strict mode).
aspfrAlignment Mode SPFIndicates whether strict or relaxed SPF Identifier Alignment mode is required by the Domain Owner. Valid values can be ‘r’ (relaxed) or ‘s’ (strict mode).
pct100PercentagePercentage of messages from the Domain Owner’s mail stream to which the DMARC policy is to be applied. A valid value is an integer between 0 to 100.
rfafrfForensic FormatFormat to be used for message-specific failure reports. Valid values are ‘afrf’ and ‘iodef’.

Explore Our More Tools:

SPF

Look Up and validate SPF Record

Learn More
DKIM

Look Up DKIM Record

Learn More
DMARC

Look Up DMARC Record

Learn More
BIMI

Look Up BIMI Record

Learn More