DMARC reporting shows too much information
search cancel

DMARC reporting shows too much information


Article ID: 175621


Updated On:


Mail Security for Microsoft Exchange Email Messaging Gateway Messaging Gateway for Service Providers


  • I have a DMARC report that shows a full email and I am concerned about data retention
  • I have an email that contains a DMARC report that might be a GDPR violation.


Failure reports that show full emails are called Forensic Reports, known as RUF in DMARC nomenclature.

If a DMARC record includes a statement like "[email protected]", then this gives permission for other domains to send Forensic Reports.


Per, if there is no ruf field in the DMARC record, then no forensic reports should be sent.

For more information, please review and the associated RFCs for DMARC.