The issue can be described in the following or similar symptoms by the client:

• I have a DMARC report that shows a full email and I am concerned about data retention
• I have an email that contains a DMARC report that might be a GDPR violation.

Mail Security for MS Exchange

Email Security Cloud

Messaging Gateway

Failure reports that show full emails are called Forensic Reports, known as RUF in DMARC nomenclature.

If a DMARC record includes a statement like "[email protected]", then this gives permission for other domains to send Forensic Reports.

Per dmarc.org, if there is no ruf field in the DMARC record, then no forensic reports should be sent.

For more information, please review dmarc.org and the associated RFCs for DMARC.