DMARCLY

Everything about DMARC, DKIM, SPF, email authentication, deliverability, anti-spoofing, anti-phishing, security, and tools.

Why Am I Not Receiving DMARC Aggregate or Forensic Reports?

Say you've created your DMARC record and published it in the DNS, now you expect to see some nice reports dripping in, except that none can be found in your specified mailboxes! Why are you missing DMARC reports?

No worries. Let's find out!

Here is a checklist for troubleshooting the issue of not getting DMARC reports:

  • is your DMARC record readily available in the DNS, and is the syntax correct?
  • is external domain verification (EDV) set up on your domain?
  • are the specified mailboxes working as expected?
  • have any emails been sent since your published the DMARC record?
  • retry after 1 day or 2;
  • only some email service providers send forensic (failure) reports.

I will go through the list in detail below.

Check your DMARC record in the DNS

Email service providers (ESP) rely on the DMARC record published in the DNS to enforce the DMARC policy and find the recipient mailboxes by looking up the rua and ruf tags in the record. So the first thing here is to make sure your DMARC record is published correctly and accessible in the DNS. To do so, use our free DMARC checker to check your DMARC record. Watch out for the record availability and syntax correctness.

Here is a post on How to Check DMARC Record.

Check if external domain verification (EDV) is set up

When you use a rua tag and publish a DMARC record like this:

v=DMARC1; p=none; rua=mailto:aggregate@reporting.com;

you are requesting compliant email service providers to send aggregate reports to the specified email address aggregate@reporting.com. However, the owner of aggregate@reporting.com must grant you the permission before you can do so. Otherwise, these reports won't be sent to that particular email address. This is called external destination verification (EDV).

External destination verification works like this:

  • the owner of reporting.com publishes an EDV record at:

    example.com._report._dmarc.reporting.com

    with the value v=DMARC1 to the DNS, in order to enable EDV;

  • before an email service provider sends an aggregate report to aggregate@reporting.com, it needs to check if reporting.com has allowed reports on example.com to be sent to it. It does this by looking example.com._report._dmarc.reporting.com up in DNS. If this record exists, and it's value is v=DMARC1, the report will be sent; otherwise not.

Note that the above EDV record is per domain, i.e., it only allows reports on example.com to be sent to aggregate@reporting.com. If you want reports on anotherexample.com to be sent to aggregate@reporting.com, you will need to publish an EDV record for anotherexample.com.

If you want to allow reports on any domain to be sent to aggregate@reporting.com, publish a wildcard EDV record at:

*._report._dmarc.reporting.com

If you are using DMARCLY to process your DMARC reports, you don't need to worry about EDV - DMARCLY handles that for you already.

Make sure your recipient mailboxes are accepting emails

It goes without saying that the specified mailboxes must be able to accept emails wit XML/zip/gz(ip) attachments so that DMARC reports can go through. If you are not seeing any report after a few days, check your mailbox settings to make sure nothing is blocking the incoming reports.

If you are using DMARCLY, you don't need to worry about this. DMARCLY mailboxes accept DMARC report emails just fine (of course).

There need to be emails sent from your domain

This is another obvious point: if there is no email sent from your domain, you won't see any DMARC report whatsoever! So make sure emails have been sent from the domain. In addition, if your email volume is low, there can be an additional few days before you receive your first reports.

Retry after 1 day or 2

ESPs send DMARC aggregate reports periodically, typically everyday by default. This means it's absolutely normal if it takes 1 day or 2 to get your first aggregate reports.

Only some ESPs support forensic reports

Unlike DMARC aggregate reports which are universally supported, only some ESPs support forensic reports. Many ESPs don't send forensic/failure reports due to the following reasons:

  • forensic/failure reports contain personally identifiable information, like sender, recipient, subject, etc., therefore these ESPs don't send them to avoid privacy issues;
  • supporting forensic/failure reports requires a lot of resources on the receiving server. For each failing email, a forensic report is generated. If a lot of spoofed emails are sent, it can bring the receiving server to its knees.

You won't get any forensic reports from ESPs who don't support forensic reports.

Upload historical data

In case you are so eager to see DMARC aggregate data in the dashboard and you don't want to wait until the next day, you can upload your historical data so that DMARCLY can render it.

Go to the upload page, and upload the DMARC aggregate report files there. Once uploaded, your data will show up instantly on the Aggregate Reports page. Remember to pick the correct date range when the reports were received when you view the data.

Summary

After you've struck the items off the checklist above, you should be fine. Just sit back, relax, and grab a beer. Your DMARC reports are on the way to your mailboxes!

However, if you are still experiencing issue at this point, please drop a line at: support@dmarcly.com. We are happy to help!

Protect Your Business Email

Get a 14 day trial. No credit card required.

Create Account
Need to fix the "SPF PermError: too many DNS lookups" issue? Check out this post: Want to get the ultimate DMARC guide? Click the link below:
What is DMARC (Domain-based Message Authentication, Reporting & Conformance)? Why SPF Authentication Fails: none, neutral, fail(hard fail), soft fail, temperror, and permerror Explained
Blog Comments powered by Disqus.