What are DMARC Reports and what does it contain?
DMARC has 2 types of reports:
1). Aggregate Reports – RUA
2). Forensic Reports – RUF
Aggregate Reports talks about:
- Sender Source IP
- Status of SPF and DKIM Alignment and Authentication – Pass or Fail
- Date in UTM format
- Recipient Server or organization who has shared backed the DMARC Report
- And the DMARC policy applied by the recipient server i.e. None(p=none), Quarantine(p=quarantine), Reject(p=reject)
In value addition to the above GoDMARC provides a reverse hostname, WhoIS of the IP address along with a Blacklist check and IP reputation. Blacklist check and IP reputation help Security & email marketing team to enhance email deliverability and get better ROI.
Forensic Reports talks about:
- Sender Source IP
- Status of SPF and DKIM Alignment and Authentication – Pass or Fail
- Date in UTM format
- Recipient Server or organization who has shared backed the DMARC Report
- And the DMARC policy applied by the recipient server i.e. None(p=none), Quarantine(p=quarantine), Reject(p=reject)
- It also contains critical information of From, To, CC, Subject, and Message body of that email.
Due to privacy concerns, many mailbox providers including Gmail have dropped support for DMARC RUF reports. Any of the RUF received from the recipient server is parsed, encrypted, and shown to the customers in their GoDMARC dashboard.
DMARC Records and its parameters
DMARC record looks like:
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=r; aspf=r; pct=100; rf=afrf;
Here p=reject is the highest DMARC policy enforced and one should be careful while enforcing Reject policy. For consultants please connect with us if you have any questions regarding how our DMARC reporting tool works.
| Tag | TagValue | Name | Description |
|---|---|---|---|
| v | DMARC1 | Version | Identifies the record retrieved as a DMARC record. It must be the first tag in the list. |
| p | reject | Policy | Policy to apply to email that fails the DMARC test. Valid values can be ‘none’, ‘quarantine’, or ‘reject’. |
| rua | mailto:[email protected] | Receivers | Addresses to which aggregate feedback is to be sent. Comma-separated plain-text list of DMARC URIs. |
| ruf | mailto:[email protected] | Forensic Receivers | Addresses to which message-specific failure information is to be reported. Comma-separated plain-text list of DMARC URIs. |
| fo | 1 | Forensic Reporting | Provides requested options for generation of failure reports. Valid values are any combination of characters ’01ds’ separated by ‘:’. fo=0 = SPF and DKIM Both fo=1 = SPF or DKIM fo=d = only DKIM failure fo=s = only SPF failure |
| adkim | r | Alignment Mode DKIM | Indicates whether strict or relaxed DKIM Identifier Alignment mode is required by the Domain Owner. Valid values can be ‘r’ (relaxed) or ‘s’ (strict mode). |
| aspf | r | Alignment Mode SPF | Indicates whether strict or relaxed SPF Identifier Alignment mode is required by the Domain Owner. Valid values can be ‘r’ (relaxed) or ‘s’ (strict mode). |
| pct | 100 | Percentage | Percentage of messages from the Domain Owner’s mail stream to which the DMARC policy is to be applied. A valid value is an integer between 0 to 100. |
| rf | afrf | Forensic Format | Format to be used for message-specific failure reports. Valid values are ‘afrf’ and ‘iodef’. |
