Reporting URI (RUA/RUF)
Learn how DMARC Reporting URIs (RUA/RUF) collect authentication data and how DMARCeye processes these reports to monitor and protect your email domain.
What is Reporting URI (RUA/RUF)?
A Reporting URI (RUA or RUF) is an address defined in a DMARC record that tells mailbox providers where to send authentication reports. RUA (Reporting URI for Aggregate Data) collects summary reports about SPF, DKIM, and DMARC results, while RUF (Reporting URI for Forensic Data) receives detailed failure samples for in-depth analysis.
These URIs are essential for domain monitoring and enforcement because they provide visibility into how messages from your domain are being authenticated across the internet. Each URI typically specifies an email address or HTTPS endpoint.
How Reporting URIs Work
Example DMARC record with both RUA and RUF values:
v=DMARC1; p=reject; rua=mailto:dmarc-aggregate@example.com; ruf=mailto:dmarc-forensic@example.com;When a mailbox provider processes emails from your domain, it compiles data about authentication results and sends it to the specified RUA or RUF address. RUA reports summarize daily activity, while RUF reports deliver detailed samples of messages that failed DMARC checks.
RUA vs. RUF
- RUA: Aggregate data for overall visibility and trend tracking
- RUF: Individual forensic samples for investigating specific failures
Both types of reporting URIs enable domain owners to identify misconfigurations, unauthorized senders, and domain abuse in real time. However, RUF reports are sometimes limited by mailbox providers due to privacy regulations.
Best Practices
- Use dedicated mailboxes or managed services for report collection
- Ensure RUA/RUF addresses are protected against spam and abuse
- Monitor reports regularly to detect unauthorized sending sources
- Validate syntax carefully, because an invalid URI may block all reports
Reporting URIs and DMARCeye
DMARCeye automates the collection and processing of all DMARC RUA and RUF reports. Its analytics engine converts complex XML data into visual insights that reveal authentication trends, unauthorized senders, and policy compliance.
By correlating report data across multiple mail providers, DMARCeye ensures no message goes untracked. It also validates that RUA and RUF endpoints are correctly configured, operational, and receiving complete data sets. This guarantees full visibility into domain performance and protection.
For large organizations, DMARCeye’s unified reporting platform centralizes monitoring across dozens of domains and subdomains, giving teams actionable intelligence to enforce authentication policies confidently and efficiently.
Sign up for a free trial of DMARCeye today and secure your email domain.
To learn more about DMARC and DMARC-related terms, explore the DMARCeye Glossary.