DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a protocol designed to enhance email security by preventing domain misuse. It can generate two types of reports: Aggregate (RUA) reports and Forensic (RUF) reports. This guide focuses on the practical aspects of RUA reports, their importance for DMARC compliance, and the challenges and solutions associated with their analysis. We'll also touch on RUF reports and why they're less commonly used.
RUA reports provide aggregated data on how emails from your domain are being authenticated across the internet, individual reports are from the perspective of a recipient mail service. Recipient mail services send RUA reports periodically if a rua= tag exists in the domain’s DMARC DNS record. The report details what mail it received from the domain, the success of SPF and DKIM checks, if these checks aligned with the ‘From’ domain and what action it took (none, quarantine or reject). Alignment is key to passing DMARC and ensuring your emails are considered compliant, without it mail will be subjected to the policy set in the domain’s DMARC record (none, quarantine or reject).
RUA reports, delivered in XML format, can be dense and complex, posing several challenges:
To address the limitations of raw RUA reports, sending source enrichment is crucial. This process involves mapping IP addresses to known entities, making it easier to identify which services are sending emails on your domain's behalf. This step is vital for distinguishing between authorised and unauthorised email senders and fine-tuning your DMARC policy.
Aside from RUA reports, DMARC also generates RUF (Forensic) reports, which provide information about specific email failures. However, due to concerns about privacy and the handling of Personally Identifiable Information (PII), many organizations opt not to send or request RUF reports. RUA reports, when aggregated and analysed effectively, provide ample data to ensure your mail sending sources are correctly configured for you to enforce DMARC compliance to prevent your domain being abused, without the privacy risks of collecting RUF reports.
RUA reports stand as a critical pillar in ensuring email security through DMARC, providing essential insights for organisations aiming to safeguard their domains. Using DMARC enforcement policy without using RUA reports leaves an organisation blind to their domain’s email security posture and deliverability. However, it's important to recognise that the raw RUA reports, while comprehensive, require sophisticated analysis. This is where tools like VerifyDMARC become indispensable. They transform complex report data into actionable insights, allowing you to confidently increase DMARC enforcement policy, enhance email deliverability, and fortify your defence against email fraud. Utilising such a tool ensures that organisations not only meet their email security needs but exceed them, effectively navigating the complexities of DMARC with ease and confidence.
As we move through 2024, the landscape of cyber security continues to evolve, with email authentication standing out as a critical defence mechanism against the increasing sophistication of attacks.
Protecting your email communications shouldn’t come at the expense of privacy and security for your organisation, employees, customers and suppliers.
Microsoft issued an advisory (EX765789) notifying admins some Exchange Online mail to third-party email accounts is failing, we go through the steps to fix this if you are affected.