DMARC failure reports (ruf), sometimes incorrectly referred to as forensic reports, contain detailed information on messages that failed DMARC. Unlike aggregate reports, these reports contain personal data like email subject, sender address, recipient address and sometimes even the original message body.

Privacy

Because we want to be GDPR compliant and don't want to get personal or save any privacy-sensitive data we remove it as soon as we receive the report. Unfortunately this will make the failure reports less valuable and harder to analyze.

Solution

If you want to be able to view the original unfiltered message headers and body, you can add a public PGP key to your URIports account. The original headers and body are then encrypted upon arrival, so that you, and only you, can view and decrypt them with your own private key and password.

Pretty Good Privacy (PGP)

Here is a short introduction for those unfamiliar with PGP (Pretty Good Privacy). PGP is an encryption method that, among other things, provides cryptographic privacy and can be used to encrypt and decrypt texts, emails, files, etc.

Getting Started with PGP

All you need to do is download and install an application that can generate a unique private and public key pair for you. These 'keys' are strings of letters, numbers and characters and are usually stored in a text file from where you can copy/paste them into applications.

Example PGP Public Key

The private key is used to decrypt any message that was encrypted using the public key. You can share your public key with the world, allowing anyone to send you a secure message that only you can decrypt using your private key. The private key can also be protected with a password as an extra layer of protection (recommended).

Keep your private key private

You should never, ever share your private key (or password) with anyone or share it online. Also be sure to keep it in a safe place. If you lose your private key, you are unable to read encrypted messages that were encrypted with your public key.

Integrations

There are some browser plugins like Mailvelope that detect encrypted messages on web pages and automatically decrypt the messages for you. There are also plugins for email clients like Outlook for easy email encryption and decryption.

Add your public key to URIports

Got your public key? Great! Just log in to URIports and go to your settings (1). Hit the 'DMARC failure reports encryption'-button in the 'security' section (2) and you are able to paste your key. We'll check if the key is correct and save it to your account. New failure reports will automatically be encrypted from now on.

Thank you for using URIports.