[dmarc-discuss] RUA : Field Reports

MH Michael Hammer (5304) MHammer at ag.com
Wed Jul 10 05:59:54 PDT 2013


The RUA reports show both pass and fails for (aligned) SPF and DKIM for IP addresses that claim to send email for your domain under DMARC (aligned From field).

For the IP Addresses you send mail from, any fails indicate some sort of problem with either your SPF record or with your DKIM signing. That is, your practices don't match your policy.

For IP addresses which you do not send mail from, there are two basic cases. The first would be forwarding or mailing lists where SPF fails and/or DKIM signing breaks. The other case would be (as you indicated) spam or phishing.

What triggers these reports is your publication of a DMARC record designating an email address for the reports to be sent to.

If you have deliverability issues, the only thing these reports can really help you understand is whether your deliverability issues might involve authentication failures. Receivers will still apply local policy (spam filters, high bounce rates or user unknowns, spam traps, etc) in determining how they will deal with your mail streams.


From: dmarc-discuss-bounces at blackops.org [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of Umesh Ratnayake
Sent: Wednesday, July 10, 2013 5:27 AM
To: dmarc-discuss at dmarc.org
Subject: [dmarc-discuss] RUA : Field Reports

Hi There!

First of all, apologies, if I'm in the wrong section. I have a quick question, and need some clarification about this please. Or anyone can guide me to the correct area to get help, that would be fantastic.


Very recently I implemented DMARC for one of my clients DNS Record. And set the  rua field to mailto:abuse at xxxxx.co.uk. And since that, I'm getting mails from google and hotmail with subject lines "Report domain: xxxxxx.co.uk Submitter: google.com Report-ID: 6472627502258170xxx , Report Domain: xxxxx.co.uk Submitter: hotmail.com Report-ID: <9002f496f0f0475fbde43020fb0beeeb at hotmail.com<mailto:9002f496f0f0475fbde43020fb0beeeb at hotmail.com>> respectively.

When go into the Email, it contains a XML file which includes basically a report which says, where the Email was from, does the DKIM,SPF is passed etc.

My problem is are these reports are generated when some one tries a phishing attack or spam issue with our Email ? and what triggers these reports ?

I need some more details about this please, like how we can use this report to improve our Email Deliverability in future.

Thank you very much for the Support.

Kind Regards

U Ratnayake
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.dmarc.org/pipermail/dmarc-discuss/attachments/20130710/41234459/attachment.htm>

More information about the dmarc-discuss mailing list