DMARC Reporting: Key Benefits and Takeaways

  • by

One of the numerous advantages of applying DMARC will be the reporting component. These reports offer different kinds of info that will assist an organization’s IT/email administrators allowing it to offer a contact asset inventory. The stories contain:

Date/time selection of the report
The domain name impacted
The IP address of the driving system (as well as the PTR record)
Whether SPF/DKIM check have passed or even failed
If SPF/DKIM is aligned correctly
The DMARC policy applied
The url regarding SPF/DKIM

The IP plus domains addresses of the driving systems should (hopefully) almost all be authorized programs, that should equal the IT/email administration inventory list. If something isn’t on the list of theirs, then it is possibly an email service not recognized through the team (thus enhancing IT asset inventory), or maybe all those domains/IP addresses are spammers and/or phishers. Understanding the spammers/phishers is helpful as well, because that information which may be utilized for cyber intel & spam blocklists.

DMARC has 2 types of reports, the forensic report as well as the aggregate report. Both stories are delivered by participating recipient email servers on the driving organization. Nevertheless, to get these accounts, the rua (aggregate) and ruf (forensic) tags should be incorporated. At a minimum, most businesses must obtain the aggregate reports.

These reports may be delivered to anyone within the business. It’s highly recommended to send out the reports to a team account rather compared to individual accounts, particularly in mid to large sized organizations. The reason being, the inbox of yours might get flooded with reports.

In several instances, you might wish to send out reports to an outside organization (a DMARC reporting services or even a third-party IT service provider). To be able to do so, the DMARC policy will continue to make use of the rua and also ruf tags. Nevertheless, the external business must create DNS TXT data to be able to accept those reports. Those files are going to look as follows:

Host:,_report._dmarc.

Text: v=DMARC1

For instance, if pusherthemovie.co.uk is the group that would like to send out the article to pusherthemovie.co.uk, the the information would be like:

Host: pusherthemovie.co.uk._report._dmarc.pusherthemovie.co.uk

Text: v=DMARC1