What is rua in DMARC: DMARC rua Tag Explained.


What is rua in DMARC, and what role does it play in a typical DMARC implementation? In this post, I'll explain what rua is and how it works.

Before we dive right into that, let's take a look at these DMARC concepts: DMARC record and DMARC tag.

What is a DMARC record?

A DMARC record is a TXT resource record published in the DNS for the target domain. It consists of a list of semicolon-separated DMARC tags which tell the email receiver what to do with email messages that fail DMARC authentication.

Here is an example DMARC record:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; fo=0;

For a more detailed description on DMARC records, refer to Everything about a DMARC Record.

What is a DMARC tag

As you can see above, this DMARC record has multiple components called DMARC tags separated by semicolons: v, p, rua, ruf, sp, and fo. Each tag has a value which defines a certain aspect of DMARC.

Not all tags are required in a DMARC record - only 3 are essential: v, p, and rua:

  • v is the DMARC version; it's always DMARC1;
  • p is the DMARC policy; it can be one of: none, quarantine, and reject, corresponding to the 3 main modes of DMARC;
  • rua specifies the URI of the mailbox to receive DMARC aggregate reports. It's required to request for DMARC aggregate reports.

How does the DMARC rua tag work?

Email service providers send DMARC aggregate reports periodically, for all domains with DMARC properly implemented. Such reports contain email authentication statistics encoded in XML format, and are sent to the email following mailto: in the rua tag.

One thing to note is that the domain specified in the rua tag must explicitly permit DMARC reports to be sent to that particular domain; otherwise, the email service provider won't send the reports. Allowing “external” domains to accept DMARC reports is what is called “External Domain Verification”.


Can I add multiple URIs in the rua tag?

Yes, you can. You can request email service providers to send reports to multiple email addresses by adding multiple email addresses in the rua tag. Just be sure to separate these URIs by commas and leave no space in the tag.

Here is an example: rua=mailto:[email protected],mailto:[email protected].

Learn more in this article.

I have specified my email in the rua tag, but I am not getting the aggregate reports. Why?

Several things can be at play here:

  • your DMARC record might not be set up correctly; use our free DMARC record checker to verify the setup;
  • check if External Domain Verification (EDV) has been set up. EDV must be set up before you can receive DMARC reports;
  • these reports usually arrive one day or two after you publish your DMARC record - you might want to check again later.

This article contains a complete checklist for troubleshooting this issue.

Previous Post Next Post

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account