What’s The Difference between RUA and RUF DMARC Reports

DKIM, DKIM record, DMARC, DMARC benefits, DMARC Record, DMARC Reject Policy, Email authentication

What’s The Difference between RUA and RUF DMARC Reports

If you're just starting out with your DMARC project, it's critical to grasp the distinctions between the two related report types—aggregate (RUA) and forensic (RUF). Once you've published DMARC records, DMARC data should start generating within a day or two in the form of these reports, which you may modify to offer insight into how your domains handle email.


RUA reports give a thorough picture of a domain's traffic, whereas RUF reports contain redacted copies of individual emails that are not fully DMARC compliant. Organizations should at the very least configure their DMARC record to receive RUA reports.If you're concerned about the kind and sensitivity of data, this article will go over all you need to know about Personally Identifiable Information (PII).



The most essential reports are aggregate reports as they provide information on the authentication status for SPF, DKIM, and DMARC. The data in an aggregate report is limited to message counts and email authentication characteristics and does not include any sensitive information from the email itself.

Almost every domain owner registers to get RUA reports.


·       RUA reports include the following information

·       Date and time range of the report

·       The domain

·       The IP address that sent the message

·       Whether SPF and DKIM have passed or failed

·       The DMARC policy applied

·       The domain associated with SPF and DKIM



RUF data was created with the intention of providing domain owners with redacted versions of emails that did not pass DMARC compliance. When seeking to establish the real origin of lawful email streams that require repair, domain owners can use the additional facts supplied in forensic reports. Most DMARC reporters do not provide RUF Forensic reporting due to privacy issues including incomplete or insufficient redaction.


Due to privacy issues, if you control a domain in a sensitive area (healthcare, finance, government, or education), you should carefully evaluate whether to enable forensic reporting. Because of its near real-time capacity to extract harmful URLs, RUF reporting was first employed in power-specific threat intelligence efforts. These malicious URLs might then be processed and distributed to takedown services. As DMARC reporters seldom give RUF reporting, effective takedown intelligence based on RUF reporting must be supplemented with specific data feeds from the wider threat intelligence community.


RUF Data and Its Use


RUF data can help you understand why some legal traffic fails DMARC and perhaps get additional insight on how messages originating from your domain are created. Due to the limited number of DMARC report generators that allow RUF reporting, RUF data should be complemented with other data streams (for example, submissions to abuse@ mailboxes and/or reviewing mail logs to track the origins of email streams).



By approving your genuine sending sources, the DMARC framework was established to safeguard your outgoing emails and protect you from getting false impersonated emails. This safeguards your business from BEC fraud and harmful faked emails.The domain owner is responsible for implementing this framework. For example, as emailauth, we must ensure that we have completed the necessary analysis and authorized our legitimate email sending sources to ensure that no one gets an email impersonating our domain EmailAuth.io.


DMARC enables the email sender and recipient to work together to apply the framework. The email sender can define rules for the receiver to follow when they receive potentially spoofed emails. In turn, the receiver can send back reports containing details about where the sender's emails originated, as well as the results of SPF and DKIM when validating the authenticity of the emails.


Published by Ariya Rathi

Comment here...

Login / Sign up for adding comments.