What is a DMARC Failure (Forensic) Report?
DMARC Failure Report, formerly known as DMARC Forensic Report, is another type of report, which the DMARC protocol enables you to receive. Failure reports are much more detailed than DMARC Aggregate reports, as they show a "sample" of an email message that failed SPF, DKIM, or DMARC tests. To receive Failure report, one must set an email address in "ruf" field, like it's done for "rua" field. Failure reports are normally generated and sent almost immediately after the Mail Receiver detects a DMARC failure. Rather than waiting for an aggregate report, these reports are useful for quickly notifying the Domain Owners when there is an authentication failure. Whether the failure is due to an infrastructure problem or the message is inauthentic, failure reports also provide more information about the failed message than is available in an aggregate report.