RUA or DMARC Aggregate Reports
What is RUA or DMARC Aggregate Report?
Everything you need to know about RUA and Aggregate Reports
What is RUA?
RUA (report type—aggregate) is a more generalized report type. It provides a comprehensive overview of a domain’s traffic and usage. The outcome of authenticated emails as well as the source that sent them are stored in RUA. Domain name, IP address, and the number of emails sent in a certain time frame can all be found in RUA. The data in an aggregate report is limited to message counts and email authentication attributes; it does not contain any sensitive information from the email itself. Unlike RUF reports, RUA reports are sent to nearly every domain owner.
RUA reports may contain the following information:
- Name of the organization
- Organization sending email address
- Report ID number
- Range of data
- Header domain
- DKIM and SPF alignment
- Domain and subdomain policies
- Percentage of emails to which the DMARC policy is to be applied
- IP information
- SPF and DKIM authentication result
STOP HACKERS FROM SENDING EMAILS USING YOUR DOMAIN!
DMARC Aggregate Reports Overview
In the simplest terms, DMARC aggregate reports are XML files containing aggregate email authentication information regularly sent to recipients selected by domain owners.
The percentage of emails that pass or fail SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC checks can be found in these DMARC aggregate reports. They provide vital information on the health of your email program and help you discover potential authentication issues and/or malicious behavior, despite the fact that they do not reveal much information about individual email messages.
The authentication status of communications delivered on behalf of a domain is included in the DMARC aggregate reports. This information can help an organization figure out who is sending emails on its behalf, if that sender is authorized to do so, and if the messages are properly authenticated. Furthermore, an organization may already know the identity of the sender misusing their domain for fraudulent activity but might not be equipped to take action. By adopting a DMARC reject policy, the organization will eventually be able to ensure that malicious emails do not reach the inboxes of the recipients. These reports:
- Are sent on a daily basis
- Include all IP addresses that send emails using the organization’s domain
- Include SPF and DKIM status with specific details
- Provide an overview of all email traffic
- Have an XML file format
Receiving DMARC Aggregate Reports
To receive an aggregate report, a DMARC record must first be created. A DMARC record invites DMARC reporting organizations to send DMARC aggregate reports back to the sender of an email. The record contains an RUA tag like the one in the following example:
This is the email address to which the DMARC reporting organization will send the DMARC aggregate report. A request must be made to the concerned mailbox provider to send DMARC aggregate reports to the designated email addresses. This process is as simple as putting an email address in a DMARC record’s RUA tag. For example, to request for aggregate reports to be sent to firstname.lastname@example.org, you can publish a DMARC record in the following manner:
v=DMARC1; p=none; rua=mailto:email@example.com;
What does a DMARC Aggregate Report Include?
DMARC aggregated reports consist of the following details:
Information about the ISP
- ID number of the report
- Reporting organization name
- Organization sending email address
- Additional contact information
- Initial and final data range
DMARC record description
- Header domain/from domain
- Alignment settings for both DKIM and SPF
- Domain policy (reject)
- Subdomain policy (reject)
- Percentage of messages to which the DMARC policy is to be applied
Do Aggregate Reports Contain Personally Identifiable Information (PII)?
How Does DMARC Help?
GLOBAL STATISTICS JUSTIFYING THE NEED FOR EMAIL AUTHENTICATION
DMARC has been adopted by the biggest email senders and email receivers globally. This includes Yahoo!, Google, and Microsoft, covering 85% of the consumer inboxes in the world.
The most important reason why DMARC should be used is that it gives an organisation full control on how their domain is being used. The organisation can also instruct the receivers on what actions should be taken if the incoming email is not legitimate and report the incident back to the organisation for further analysis.
It saves consumers from the trouble of identifying whether an email is legitimate or a spam. Sometimes it may happen that regardless of all the knowledge of email spoofing a receiver might fall into the trap. DMARC makes sure that this does not happen.