What are forensic reports?

A forensic report, AKA failure report, provides detail information on the email when it fails to pass DMARC validation. Unlike aggregate reports which are sent periodically, a forensic report is sent almost immediately after the failure. A forensic report allows you to examine the failed email's headers, and therefore, might provide more insight into why it fails.

You can use the ruf tag in the DMARC record to specify the recipient of forensic ports.

For example, the following rua tag requests the ESP to send forensic reports to 5b06a240319ab@fo.dmarcly.com:


Note that only a few ESP's support forensic reports. Therefore it is possible that you might not receive any forensic reports even if you have specified the ruf tag, if the ESP doesn't support forensic reports.

Do you find this article useful?