Umesh, The RUA reports show both pass and fails for (aligned) SPF and DKIM for IP addresses that claim to send email for your domain under DMARC (aligned From field).
For the IP Addresses you send mail from, any fails indicate some sort of problem with either your SPF record or with your DKIM signing. That is, your practices don't match your policy. For IP addresses which you do not send mail from, there are two basic cases. The first would be forwarding or mailing lists where SPF fails and/or DKIM signing breaks. The other case would be (as you indicated) spam or phishing. What triggers these reports is your publication of a DMARC record designating an email address for the reports to be sent to. If you have deliverability issues, the only thing these reports can really help you understand is whether your deliverability issues might involve authentication failures. Receivers will still apply local policy (spam filters, high bounce rates or user unknowns, spam traps, etc) in determining how they will deal with your mail streams. Mike From: [email protected] [mailto:[email protected]] On Behalf Of Umesh Ratnayake Sent: Wednesday, July 10, 2013 5:27 AM To: [email protected] Subject: [dmarc-discuss] RUA : Field Reports Hi There! First of all, apologies, if I'm in the wrong section. I have a quick question, and need some clarification about this please. Or anyone can guide me to the correct area to get help, that would be fantastic. Problem: Very recently I implemented DMARC for one of my clients DNS Record. And set the rua field to mailto:[email protected]. And since that, I'm getting mails from google and hotmail with subject lines "Report domain: xxxxxx.co.uk Submitter: google.com Report-ID: 6472627502258170xxx , Report Domain: xxxxx.co.uk Submitter: hotmail.com Report-ID: <[email protected]<mailto:[email protected]>> respectively. When go into the Email, it contains a XML file which includes basically a report which says, where the Email was from, does the DKIM,SPF is passed etc. My problem is are these reports are generated when some one tries a phishing attack or spam issue with our Email ? and what triggers these reports ? I need some more details about this please, like how we can use this report to improve our Email Deliverability in future. Thank you very much for the Support. Kind Regards U Ratnayake
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
