All Collections
Learn about DMARC
How do mail receivers know where to send DMARC aggregate and forensic reports to?
How do mail receivers know where to send DMARC aggregate and forensic reports to?

Information on DMARC compliant receivers of email and the process by which they find out where to send aggregate and forensics reports to.

Ivan Kovachev avatar
Written by Ivan Kovachev
Updated over a week ago

A mail receiver looks at the domain found in the RFC5322/From header of an email and looks up the DMARC reporting requests for that domain. It looks at the rua and ruf tags found and does an authorisation check to see if the domains specified (in the mailto:) as report receivers have authorised ("agreed") to receive reports for this RFC5322/From domain.

Report authorisation is related to when a sending domain specifies a different domain (in its rua and ruf tags) to which reports should be sent to. The destination domain (report receiver) of the reports has to have a record which essentially says “yes” I can receive reports on behalf of the sending domain. If this authorisation record does not exist at the report receiver side then reports should not be sent to that domain.

To learn more about report authorisation please click on the button below:

Verifying External Destinations for DMARC reports

Did this answer your question?