Why do I receive a DMARC report everyday?

Question

I've setup DMARC policy on my domain.

But every day I recieve an XML report from Google.

I don't understand what the problem is?

The report is:

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>http://support.google.com/a/bin/answer.py?answer=2466580</extra_contact_info>
    <report_id>7241837801886321635</report_id>
    <date_range>
      <begin>1431388800</begin>
      <end>1431475199</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>rigweb.ru</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>144.76.154.188</source_ip>
      <count>2</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>site.ru</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>rigweb.ru</domain>
        <result>pass</result>
      </dkim>
      <spf>
        <domain>site.ru</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

My DMARC Policy:

v=DMARC1; sp=none; aspf=r; p=none; rua=mailto: support@site.ru

How can I solve the problem?

score 165 · Answer 1 · edited Oct 07 '21 at 07:34

165

In short: it's all good.

Here's the explanation for this:

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is in fact a ruleset made for reporting back to you on the quality of the email messages received from your domain.

You are receiving those XML reports because it's what you asked with the rua=mailto:email@example.com; part of your dmarc TXT record. Note you didn't set any processing rule for failing messages: p=none means you only want to see the results of the checks.

As you can read in the specification (RFC 7489), RUA stands for "Reporting URI of Aggregate reports". Using it you are telling every DMARC-compliant recipient server to send you a (daily) aggregate report for the emails it receives by you or sent on your behalf.

Have a look at dmarc.org where you can find a nice overview of the system.

What does this specific report from Google tells you?

<date_range> This is the time range this report refers to (in your case, may 12 - may 13)
<policy_published> It's the parsed content of the dmarc record Google found in your DNS zone
<source_ip> The IP the emails were sent from
<policy_evaluated> The result of the DKIM and SPF checks are good (the two messages passed both tests).

Meaning:

The two messages sent by an email address @yoursite.ru and received by Google mail servers between may12 and may13 were correctly signed (DKIM) and were sent from authorized IPs (SPF). Based on this, we can reasonably say that Google has only received legitimate messages from your domain.

edited Oct 07 '21 at 07:34

Community

1
1

answered May 23 '15 at 13:42

Pierre Prinetti

9,092
6
33
49

Question what are the other options other then none? such as can I tell any domain checking to fail it and reject the message unless it from the correct IP address? – mpop Sep 24 '18 at 21:08
2

Other options are `quarantine` (often means: send to "spam" folder) or `reject` – Nick Urban May 02 '19 at 20:31
2

Clear and interesting. This should be the accepted answer. – Greelings Mar 04 '20 at 16:56
Perfect answer, should be accepted. – Matthew Developer Jun 02 '21 at 14:55
3

I don't want to receive those emails. How to stop that? – Jawaid Aug 24 '21 at 15:46
Change the dmarc text record. https://help.returnpath.com/hc/en-us/articles/222480908-How-to-set-up-a-DMARC-record – Sigex Mar 07 '22 at 13:28
Note that if you except any of your valid email to be tranferred by email forwarding by at least a single recipient and any valid email being tranferred via mailing lists, you should not use `reject` policy because it *will* catch false positives and reject valid email. In theory, you could use SPF+DKIM+DMARC+ARC to fix this situation but ARC is still poorly supported in most software and even then its true security depends on DNS data transmitted in plaintext UDP packages without any security measures. – Mikko Rantalainen Jul 07 '22 at 10:51

score 21 · Answer 2 · answered May 21 '15 at 06:10

21

There's no problem. Aggregate reports (like this one) are sent as a summary (typically daily) of all emails received by that receiver - passing and failing.

The sample report you provided shows that all emails are passing, so there's nothing to fix.

answered May 21 '15 at 06:10

Peter Goldstein

4,479
2
19
17

1

Thanks for the short and sufficient version of an answer. – Siamak Ensafi May 25 '22 at 18:37

Why do I receive a DMARC report everyday?

2 Answers2