rua in DMARC, and what role does it play in a typical DMARC implementation? In this post, I'll explain what
rua is and how it works.
Before we dive right into that, let's take a look at these DMARC concepts:
DMARC record and
What is a DMARC record?
A DMARC record is a TXT resource record published in the DNS for the target domain. It consists of a list of semicolon-separated DMARC tags which tell the email receiver what to do with email messages that fail DMARC authentication.
Here is an example DMARC record:
v=DMARC1; p=reject; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org; sp=none; fo=0;
For a more detailed description on DMARC records, refer to Everything about a DMARC Record.
What is a DMARC tag
As you can see above, this DMARC record has multiple components called DMARC tags separated by semicolons:
fo. Each tag has a value which defines a certain aspect of DMARC.
Not all tags are required in a DMARC record - only 3 are essential:
vis the DMARC version; it's always
pis the DMARC policy; it can be one of:
reject, corresponding to the 3 main modes of DMARC;
ruaspecifies the URI of the mailbox to receive DMARC aggregate reports. It's required to request for DMARC aggregate reports.
How does the DMARC rua tag work?
Email service providers send DMARC aggregate reports periodically, for all domains with DMARC properly implemented. Such reports contain email authentication statistics encoded in XML format, and are sent to the email following
mailto: in the rua tag.
One thing to note is that the domain specified in the rua tag must explicitly permit DMARC reports to be sent to that particular domain; otherwise, the email service provider won't send the reports. Allowing “external” domains to accept DMARC reports is what is called “External Domain Verification”.
Can I add multiple URIs in the rua tag?
Yes, you can. You can request email service providers to send reports to multiple email addresses by adding multiple email addresses in the rua tag. Just be sure to separate these URIs by commas and leave no space in the tag.
Here is an example:
I have specified my email in the rua tag, but I am not getting the aggregate reports. Why?
Several things can be at play here:
- your DMARC record might not be set up correctly; use our free DMARC record checker to verify the setup;
- check if External Domain Verification (EDV) has been set up. EDV must be set up before you can receive DMARC reports;
- these reports usually arrive one day or two after you publish your DMARC record - you might want to check again later.
Protect Your Business Email
Get a 14 day trial. No credit card required.Create Account