Fix “External Verification Failure” in EasyDMARC | EasyDMARC

Fix “External Verification Failure” in EasyDMARC

3 Min Read
Red and blue image with some code on it and the word

Reviewing DMARC record issues with our DMARC Record Checker is the first step in your DMARC troubleshooting journey. This article focuses on the “External verification failure” warning.

This notification indicates that the URI mentioned in your RUA and RUF tags won’t be able to receive these reports yet.

As you might know, RUA and RUF tags are essential for proper DMARC deployment. They help to specify the email addresses to which ESPs must deliver DMARC aggregate (RUA) and forensic/failure (RUF) reports. Once received, DMARC reports help users investigate the problems with their email sending sources and configure them.

For instance, this is your domain You’ve published a DMARC record, like the one below, mentioning an inbox address for the RUA and RUF tags to get the DMARC reports of

v=DMARC1;p=reject;rua=mailto:[email protected];ruf=mailto:[email protected];fo=1:s

If domain doesn’t have an external domain verification confirming that it’s authorized to receive the DMARC reports of, the reports won’t be delivered to the specified email address (

When you send an email from your domain (, the receiving server checks if the domain with the record matches the domain mentioned in the email address of the RUA or RUF tag of the DMARC record. Only in case of any mismatch does the verification start. The receiving server checks if the report-receiving domain ( has confirmed receiving the reports. The server verifies it by looking for a specific TXT record in the external domain’s DNS zone.

If that particular record is found in their DNS, the reports are sent to that very email.

How to Solve “External Verification Failure”?

This warning has an easy fix. Publish a TXT record in the given external domain’s ( DNS to authorize the delivery of the reports to the email mentioned above addresses.

In our example, you need to generate a TXT record in the domain’s DNS zone to confirm receiving DMARC reports of your domain ( The record should look like the screenshot below.

– Record type: TXT
– Host/Name:
– Value: v=DMARC1;

Don’t publish this record on your domain’s DNS but on the external domain ( to which you want to receive your reports.

Marlena Nersisyan | Technical Support Engineer

Once you’ve published your record, authorize the addresses ending with You’ll start receiving both RUA and RUF DMARC reports from

Content Team Lead | EasyDMARC
Hasmik talks about DMARC, email security, and cyberawareness. She finds joy in turning tough technical concepts into approachable and fun articles in plain language.


Inline Feedbacks
View all comments
Jan 15, 2024

Do I need to use a business email for the RUA and RUF emails? Can I not just use a regular gmail for that?

Hagop Khatchoian
Hagop Khatchoian
Jan 15, 2024
Reply to  Kirsten

Your RUA address domain must align with your own domain. If they don’t match, you’ll need to conduct external verification for the other domain to receive reports for your own. Therefore, using ‘’ isn’t permissible, as it is a freemail domain, and you don’t have the authority to perform external verification for it.

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us