DMARC Aggregate (RUA) Reports
One of the most useful features DMARC provides is the reporting functionality, which lets receiving email servers send back data regarding the emails that were sent from a domain to the domain owner.
What are DMARC Aggregate Reports (RUA)?
As a domain owner, when you have DMARC implemented for your domain, what you need is an extensive reporting mechanism that will help you gain complete visibility into your email ecosystem. That is exactly what DMARC RUA Aggregate Reports do. They provide information on the sending source, sending domain, the sender’s IP address, the volume of emails sent, the percentage of DMARC-compliant emails, and the DKIM and SPF authentication results.
How often are DMARC Aggregate Reports generated?
DMARC aggregate reports are generated once a day, on a daily basis. While a typical DMARC aggregate report is generated in the XML file format that can be quite complex to read for a non-technical person, PowerDMARC simplifies these aggregate reports in simple, readable tabular format for ease of understanding.
What information do DMARC Aggregate Reports contain?
A raw DMARC aggregate report contains the following information:
- Information on the Reporting organization (i.e the email receiver that generated and sent this report),such as the Report ID number, the Reporting Organisational Name, the reporting organization’s sending address, additional contact information, and the beginning and ending date range (in an epoch format)
- Published DMARC DNS record description: the sending domain, SPF and DKIM alignment settings, the domain and subdomain policy mode, and the percentage of failing emails to which the policy is to be applied (pct)
- the DKIM/SPF authentication results summary
Summary of Information Provided in DMARC RUA Reports
DMARC aggregate reports (RUA) are sent on a daily basis in the XML file format, and they supply several points of information regarding the status of emails sent from your domain:
- Information on the receiving email server, i.e the organization that sent you the DMARC aggregate report:
- Reporting Organization: name of receiving mailbox provider
- Reporting email address
- Reporting Organization Contact information
- Time range of sent report
- DMARC policy retrieved for your domain
- IP address(es) of the server(s) that sent an email from your domain
- DMARC disposition of the email: none, quarantine, reject
- SPF and DKIM authentication results
DMARC aggregate reports collate all of the daily email activity in your domain, so they don’t contain much information about individual emails themselves. Rather, their purpose is to provide an overall view of how email is being handled in your domain by various users, which emails are passing or failing authentication, and show you potential problems that might need to be fixed.
Critically, aggregate reports can be used to discover IP addresses that could be spoofing your domain to send malicious phishing emails. You can even see if the same source has been abusing your domain more than once, at which point you can take action against them.
What is SPF? Free2 m
Video Introduction to SPF Free1 m 41 s- A Brief History of SPF Free1 m
- How does SPF work? Free2 m
- SPF Tags: Syntax of an SPF Record Explained Free3 m
- How to create and publish SPF records? Free2 m
- SPF Authentication Failures Free3 m
- Video Explanation: SPF PermError Free1 m 39 s
Quiz 430 m
- What is DMARC? Free1 m
- Video Introduction to DMARC Free1 m 15 s
- A Brief History of DMARC Free1 m
- How does DMARC work? Free2 m
- What is DMARC Policy? : None, Quarantine & Reject Free2 m
- Video Explanation: DMARC Policy Free1 m 40 s
- DMARC Tags Free2 m
- DMARC Aggregate (RUA) Reports Free3 m
- DMARC Forensic (RUF) Reports Free2 m
- How to Create and Publish a DMARC Record? Free3 m
- DMARC Authentication Failures Free3 m
- Video Explanation: Why does DMARC Fail? Free1 m 37 s
- Quiz 630 m