DMARC has a great feature – it provides you with reports on unauthorized use of your domain, email authentication, potential email threats, etc. GlockApps DMARC report analyzer is a perfect tool for deciphering and presenting these reports in an easy-to-understand form. There are two types of reports – aggregate and forensic.
To receive aggregate reports you need to specify at least one email address to where these reports would be sent to.
This is where the ‘rua’ tag comes in. It is a comma-separated list of URLs for aggregate report delivery. These are typical “mailto” URLs and you ought to have at least one.
Important! If you add more than one email address after the ‘rua’ tag to receive aggregate reports, type ‘mailto:’ before each email address and separate the email addresses with commas.
Here’s a DMARC record example with a ‘rua’ tag and two email addresses:
v=DMARC1; p=quarantine; rua=mailto:firstname.lastname@example.org,
If you don’t add a ‘rua’ tag to your DMARC record, you will not be receiving DMARC email reports, and basically will stay blind as to who is using your domains, whether you have any threats or if you actually have been spoofed. Here’s a DMARC record example without the ‘rua’ tag:
Moreover, if you start changing your DMARC policy (from ‘none’ to ‘quarantine’ to ‘reject’) without having a ‘rua’ tag in place, you most probably will unknowingly block legitimate emails.
With a DMARC policy set to reject with no ‘rua’ tag, your record will look like this:
It is a very poor practice of DMARC protocol handling because it most probably will disrupt your email streams. The point of transitioning slowly from ‘none’ to ‘reject’ policy is to make sure you are not blocking any legitimate senders. With a reject policy and no email to receive reports, you are definitely preventing valid emails from coming through.