DMARC External Destinations verification
The aggregate (rua) and failure (ruf) report destinations can be specified within the domain's DMARC policy. And while it is possible to specify a destination on a different organizational domain, the receiving domain must expressly indicate that reports for other domains are welcome. The absence of this record will prevent DMARC compliant mail servers from sending the reports altogether.
DMARC specifies a DNS-based verification mechanism (RFC chapter 7.1) to avoid bad actors flooding a victim's email address with unwanted reports.
Suppose domain example.com
specifies a DMARC rua or ruf element with an email destination @example.net
. In that case, the receiving domain must publish a TXT DNS record at example.com._report._dmarc.example.net
with value v=DMARC1;
to indicate that reports for domain example.com
are indeed welcome.
It is also possible to add a wildcard DNS record. For example, a TXT DNS record at *._report._dmarc.example.net
containing v=DMARC1;
confirms that example.net
is willing to receive DMARC reports for any domain.
The DNS record for external destination verification is automatically created if you use a DMARC analyzing and monitoring service like URIports. You can use our free DMARC record validator to check if all report destinations have been set up correctly.
URIports DNS monitoring also keeps track of your DNS records and validates them regularly. We will notify you when issues occur, and your records require an update. Once you've set up our service, you can sit back and relax, knowing that we will keep you up-to-date and your web and mail services are in good hands.