I have successfully set up DMARC reporting on my domain, I now have two weeks of reports confirming that the DMARC check passed for 97% of emails. Is there a way to have a list of the 3% of emails that failed DMARC checking? I actually have to check every single email received at the “rua” address to find the one that didn’t get through
Do you mind if I ask, what is your goal with a such list?
And how specific (e.g. detailed) would you want a such list to be?
RUA reports on their own won’t give you the granularity, where you can find out that it was the specific email you sent to [email protected], that has failed.
They will include aggregate information about messages passing or failing DMARC, but not information about the individual message itself.
If you want the granularity, such as e.g. including “john.doe@”, then you need the RUF reports, that will expose (much more) information about the individual message.
Unfortunately, some DMARC senders won’t send RUF reports, apparently due to privacy reasons.
Hi @DarkDeviL thanks for response
I’ve posted this question because I want to set up BIMI for my company (Set up BIMI - Google Workspace Admin Help), to do that it’s mandatory to set 100% reject or quarantine in DMARC record, then I will be less worried if I know exactly what kinds of mails will be blocked from recipient
I’ve found this useful tool Geo Statement - DMARC advisor to verify the reports that I’ve received.
I would have liked to receive information that would allow me to get to the exact email that failed the DMARC check, for example with the Message ID by searching for it through the Google Workspace VAULT
Do you have the mandatory third party certification, such as e.g. a Verified Mark Certificate (VMC) from a trusted certificate authority?
You won’t get that much details alone with the RUA reports.
RUA will normally only give the aggregate / statistical information, and then the fields that are used for email authentication, such as e.g.:
The IP address delivering message(s) to the DMARC reporter’s mail server.
Amount (count) of how many messages.
Policy evaluated (e.g. overall DKIM/SPF result, and disposition (e.g. what it did with this (or these) messages)).
Various identifiers of the message(s), such as e.g.:
RFC5321.MailFrom / SMTP MAIL FROM / Return-Path / Envelope From domain.
RFC5322.From / Header From:.
And if the message actually is DKIM signed, with one or more DKIM signatures, it will have the information from them, e.g.:
DKIM domain(s) (DKIM-Signature header’s “d=”).
DKIM selector(s) (DKIM-Signature header’s “s=”).
→
If you can customize the way you’re sending your emails, so that one (or more) of the above parameters can include the information you’re looking for, you might be able to gather what you’re looking for, directly from the RUA reports.
But that will likely require a bit, not necessarily from you alone, but also from the email provider(s) you’re using.
And then there is also the big question of whether or not the DMARC tool(s) you’re using, will actually display the information, in a way that you find useful, or if you’re still in need of digging through the reports manually, in order to figure out what you want.