DMARC Reports: A Complete Guide to RUAs

DMARC reports are critical to ensure that your organization’s emails are authentic and validated. This article shares an in-depth look at what DMARC reports are and answers common questions such as what is RUA, RUA definition, RUA meaning in detail, and how to read a DMARC report.

DMARC reports (Domain-based Message Authentication Reporting and Conformance) include detailed information that is essential for safeguarding an organization’s domains. When you establish a DMARC entry in your domain DNS (Domain Name System), you will receive information on all the sources that are sending emails on behalf of your domain. Before we dive deep into the detailed analysis of DMARC aggregate reports, let us understand what DMARC reports are.

DMARC Reports and DMARC Records

A DMARC report summarizes essential information concerning an email domain’s operations. Aggregate and forensic DMARC reports are the two different types of DMARC reports. By assessing the domains and header domains (for example, a sender’s address), a DMARC report serves as authentication to verify the integrity and reliability of an email’s sender. This reduces the risk of email spoofing.

A DMARC record includes information regarding the domain, the policy implemented by the domain owner (none, quarantine, or reject), and the enforcement level of said policy (strict or relaxed). A DMARC record is contained in the DMARC report.

DMARC Aggregate Reports Explained

DMARC is a technological standard that helps safeguard email senders and recipients against spam, spoofing, and phishing. The DMARC report comprises information on the authenticity status of emails sent on behalf of a domain, thus, acting as a tool to protect organizations against phishing attacks.

DMARC is an email authentication system that relies upon two other email verification protocols: DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). It enables domain owners to post a policy requiring only authenticated emails to be sent from the sources they utilize.

What is RUA?

RUA Definition

Aggregate Reports or RUA reports give a complete statistical picture of a domain’s traffic, and provide an overview of all traffic or use for a domain, including the DKIM/SPF authentication result and the DMARC result of authenticated emails, including the source that supplied them.

RUA Meaning in Detail

RUA (report type—aggregate) is the DMARC aggregate report that is issued to every domain owner on a daily basis. It provides an in-depth overview of the email traffic as well as authentication status for SPF, DKIM, and DMARC. It specifies the website, IP address, and quantity of emails sent in a specific time period. An aggregate report contains only message counts and email authentication characteristics; it does not capture any sensitive information from the email.

DMARC Aggregate Reports: Attributes of RUA

There are specific characteristics of the DMARC aggregate report, including:

  • Time: All aggregate reports are generated and received daily, i.e., every 24 hours.
  • Format: The aggregate reports are generated using the XML (Extensible Markup Language) file format. All information inside DMARC aggregate reports is enclosed in tags.

What Does a DMARC Report Contain?

A DMARC aggregate report provides a lot of information, which is why email admins should know how to read a DMARC report. A DMARC report provides:

ISP Information

The beginning of a DMARC report contains the Internet Service Provider information. All such information is enclosed within subtags in the <report_metadata> tag. The ISP information includes:

  • Report ID: Contained in the <report_id> tag.
  • Organization Name: Contained in the <org_name> tag.
  • Organizational Email: Contained in the<email> tag.
  • Data Range: The range is described within the <begin> and <end>tags, inside the <date_range> tag. The range is shown in seconds.

DMARC Description

The description of the DMARC aggregate report provides information about the following:

  • Header Domain: Contained in the <domain> tag.
  • The strength of DKIM and SPF alignments: Specified in <adkim> and aspf> tags, specified as “s or r” for “strict or relaxed.”
  • The domain policy: Specified in the <p> tag.
  • The subdomain policy: Specified in the <sp> tag.
  • DMARC policy percentage: The fraction of emails that will be subject to the DMARC policy, specified as a percentage in the <pct> tag.

Authentication Summary

A DMARC aggregate report also provides a summary of all authentication results, like:

  • Email’s IP (Internet Protocol Address): Contained in the <source_ip> tag.
  • IP addresses identified: Total number of IP addresses identified in the <count> tag.
  • DKIM and SPF result: DKIM and SPF authentication results in the <dkim> and <spf> tags.

The Significance of DMARC Reports

When paired with SPF and DKIM alignment methods, DMARC reports can prove effective tools against spear-phishing and spoofing. Moreover, DMARC checks facilitate the enforcement of policies by inspecting email sending functionalities and authorizing legitimate email accounts only.

Furthermore, DMARC aggregate reports provide daily and accurate information by mailbox users to enable active monitoring of outgoing traffic and email transmissions. DMARC reports help identify fake emails and malicious actors for an efficient email filtering mechanism for increased security. In addition, a DMARC aggregate report also improves an organization’s email deliverability by ensuring transparent email communication and verification of all email origins.

How Do You Receive DMARC reports?

Receiving DMARC reports is easy. You have to create a DMARC record to invite various entities and individuals to send RUAs to email senders. The report includes an RUA tag to specify an email that will receive all DMARC reports. The address tag is used to provide the email address as shown:


Final Words

DMARC reports can be a bane for your organization in an age where cyberattacks involving emails are at their peak. There is a constant need to improve email security and authentication, a need fulfilled by DMARC reports. DMARC reports also help maintain domain visibility, brand reputation, recognition, and safety, aiding in conserving a trustworthy brand.

Ready to Start?

DMARC Report is designed for large scale reporting needs, with a combination of domains and message volume.