Understanding DMARC Reports: Best Practices | EasyDMARC

Understanding DMARC Reports: Best Practices

6 Min Read
Blue cover

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that protects business domains from spoofing and phishing. The main function of DMARC is to ensure that no threat passes through your domain infrastructure defenses. DMARC Reports are the key to achieving full protection.

They’re a window into your sender sources and their configuration status; that’s why understanding DMARC reports is crucial. This article discusses the types and benefits of DMARC reports with examples and explanations. 

What are DMARC Reports?

DMARC reports contain essential information about the authenticity status of emails sent on behalf of a domain. You start receiving DMARC reports by mentioning an email address (URI) in the “rua” and “ruf” tags of your DMARC record.

The first reports arrive soon after you create a DMARC record and publish it in your Domain Name System (DNS). Learning how to read DMARC reports is crucial for compliance and hardening domain protection.

There are two different types of DMARC reports – Failure (“ruf” tag) and Aggregate (“rua” tag). Each report type serves a different purpose, but more about that later in the article.

Now, let’s understand why reviewing and acting on dmarc reports is crucial.

Why Do You Need DMARC Reports?

DMARC reports are your main working document if you want to reach DMARC compliance. They contain information about your email sending volumes, sources, DMARC policy and alignment settings, and other details.

DMARC reports provide a bird’s eye view of your domain infrastructure. By analyzing them, you can detect malicious emails that claim to be from your domain. Without DMARC reports, you wouldn’t be able to know where to start your source configuration journey. They also hint toward the sources to configure and issues to fix.

DMARC reports that you receive on the mentioned email address can be overwhelming — especially when you send bulk emails regularly.

Fortunately, you can easily collect and analyze this information with EasyDMARC’s DMARC report analyzer. Replace your email address with the one provided by our platform specifically for that purpose.

EasyDMARC parses DMARC reports, making them more readable and easy to understand.

Opt-in for EasyDMARC’s

Human Readable DMARC Reports

How to Enable DMARC Reports?

To receive DMARC reports, you need to enable them. You can create and add a DMARC record to your DNS. The process is simple, and it’s the same for all domain providers:

  • First, you need to create a DMARC record for your domain. Use EasyDMARC’s Free DMARC Record Generator tool to do it quickly and easily.
  • During this process, enter your chosen email address in the ‘Report Email’ section to receive DMARC aggregate reports.
  • Next, enter your preferred email address in the ‘Failure Reporting’ section to receive forensic DMARC reports. 
  • Input the necessary details and hit the ‘Generate’ button.
  • Once ready, publish the record in your DNS zone.

Types of DMARC Reports

There are two main types of DMARC reports: Aggregate and Failure reports. The email receiver sends these reports, and they serve different purposes. 

Aggregate Reports

DMARC aggregate reports are XML documents that provide information about the authentication status of DMARC, SPF, and DKIM. This data is sent to the “rua” address and contains no sensitive information about email messages. 

It encompasses aggregate information, including:

  • Reporting ESP information
  • Header-from domain 
  • DMARC policy and alignment settings
  • Sender’s IP address
  • Message authentication status and data 
  • Number of messages sent
DMARC report dashboard for Aggregate reports

You can specify the frequency of receiving aggregate reports on the DMARC report under the “ri” tag. The default is 24 hours, but you can change it to any other convenient interval.

EasyDMARC’s user-friendly DMARC Aggregate XML Reports Analyzer makes working with your data and sending sources super practical. It also gives you a bird’s eye view of your email infrastructure.

If you want Aggregate reports sent to your EasyDMARC dashboard, use EasyDMARC’s URI for the “rua” tag. Here’s an example of the tag usage in your DMARC record:

v=DMARC1; p=none; rua=mailto:xxxxx@easy-blog;

Failure Reports

Failure reports go to the “ruf” tag address. They’re simple copies of emails that fail authentication checks. Failure reports provide information that can help identify the true origin of legitimate email sources that need further configuration.

DMARC report dashboard for Failure reports

Often, email services don’t provide forensic reports because of privacy concerns. If you’re just starting with DMARC, we recommend you concentrate on monitoring and acting on aggregate reports. 

If you want to receive failure reports on your EasyDMARC dashboard, publish a DMARC record and include the “ruf” tag:

v=DMARC1; p=none; rua=mailto:xxxxx@easy-blog; ruf=mailto:rufxxxxx@easy-blog

Best Practices

DMARC reports are central to DMARC enforcement. Thus, we’ve separated a few best practices to ease you into the process and keep you from making simple mistakes.

  • Always Enable Reporting When Implementing DMARC: There’s no point in starting DMARC implementation if you don’t receive reports.
  • Send the reports to a unique address or email group: “rua” and “ruf” tags require an email address or a URI. Still, we don’t recommend using a personal address, as the reports could get lost or mixed up with usual messages.
  • Analyze your reports to improve DMARC enforcement: Ignoring the reports is bad. However, not following the recommendations they provide is even worse.
  • Use a dedicated service to interpret DMARC Reports: XML files and email sender headers can get overwhelming. A third-party service like EasyDMARC for report analysis can be the light at the end of the tunnel.

Choose EasyDMARC for DMARC Report Analysis

If you send emails, the chances are that you’ve been frustrated by email security and deliverability issues. However, any domain owner that starts their journey with sender policy framework (SPF) and DKIM authentication is on the right track. Add DMARC to the mix and go through the policy enforcement, and you’ll completely safeguard your domain environment.

DMARC reports are vital for the following:

  • Monitoring the domain’s email activity
  • Viewing authentication results
  • Maintaining verified senders
  • Identifying fraudsters

However, reading Aggregate reports can be challenging because of their format, and Failure reports are cumbersome to deal with. At EasyDMARC, we make DMARC reports user-friendly and readable. With our dashboard, you can stop digging for important information and simply act on visualized data.

EasyDMARC offers access to both types of DMARC reporting. If you’re a free-tier user, you might already be receiving free DMARC reporting. You can configure our platform to send you more detailed Failure or Aggregate reports in the Plus tier and above.

Contact our support team if you have questions about our DMARC reporting tools.

Content Team Lead | EasyDMARC
Hasmik talks about DMARC, email security, and cyberawareness. She finds joy in turning tough technical concepts into approachable and fun articles in plain language.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us