DMARC Reporting (rua / ruf) – Aggregate & Forensic Reports

DMARC lets you receive reports on how your domain's mail is being evaluated. rua is for aggregate summaries; ruf is for forensic (per-message) failure reports. Here's how they work and how to use them.

rua – aggregate reports

Receivers that support DMARC can send daily (or periodic) aggregate reports to the address you specify in rua=mailto:.... The report summarizes how many messages passed or failed DMARC, by source IP and policy. You use this to see overall alignment health and spot problems without handling individual messages.

ruf – forensic reports

ruf= requests forensic reports: details about individual messages that failed. Not all receivers send them; when they do, volume can be high. Use a dedicated mailbox or a DMARC reporting service. Forensic data can help debug specific failures but isn't required for basic monitoring.

Common mistakes

  • Invalid mailto: in rua or ruf (typos, missing mailto:).
  • Using a mailbox that can't receive or store reports (bounces, full inbox).
  • Enabling ruf without capacity to handle volume; start with rua only.

Check my DMARC reports setup

Check that your DMARC record and rua/ruf are valid. No signup required.

Check my DMARC reports setupView pricing

FAQ

What is rua?

rua is the address for aggregate DMARC reports. Receivers send daily (or periodic) summaries of how many messages passed, failed, or were quarantined/rejected for your domain. Usually a mailto: address.

What is ruf?

ruf is for forensic (failure) reports: individual messages that failed DMARC. Not all receivers send these; they can be high volume. Use a dedicated mailbox or a service that can process them.

Do I need both rua and ruf?

rua is recommended for everyone—it proves you're monitoring and shows pass/fail counts. ruf is optional and useful for debugging specific failures; start with rua only if you prefer.

What format are the reports?

Aggregate reports are typically XML (application/gzip). Forensic reports are often full or partial message samples. You need a mailbox or tool that can receive and optionally parse them.

Related reading

Read-only checks. We don't send email or modify DNS. How we check