How to set your DMARC to send Reports to addresses Outside Your Domain

Created by Abderrahim Ibnou el kadi, Modified on Fri, 25 Feb, 2022 at 9:43 AM by Abderrahim Ibnou el kadi

Issue:


In some cases, Administrators (theadmin.com) need to receive DMARC reports for their clients (clients.com). Therefore, all of their client’s DMARC records are set to send forensic and aggregate report to an email address(es) that is external to the clients domain. This causes that the DMARC report shows an error similar to this:


DMARC syntax issue for clients.com: theadmin.com does not indicate that it accepts DMARC reports about clients.com - Authorization record not found: clients.com._report._dmarc.theadmin.com IN TXT "v=DMARC1

 

Clients.com DMARC record is :

"v=DMARC1; p=quarantine; pct=100; ri=300; rua=mailto:user@theadmin.com; ruf=mailto:user@theadmin.com "

 

Solution:


To fix this Administrator(s) can perform One of the two solutions provided below:

1- The administrator need to change the rua and ruf email addresses of the client's DMARC record so that the reports can be sent to an email address that belong to the same domain the DMARC record is configured (clients.com)  for i.e.:  rua=mailto: user@clients.com; ruf=mailto:user@clients.com 


2 - if the first solution can't be considered then follow the instructions below:

 In this document we used TWO domains:

Theadmin.com: this is a domain that belongs to the Administrator(s) who manages his clients

Clients.com: this is a domain that belongs to the client that the Administrator is managing

To fix this error, the Administrator need to add an extra TXT record to his DNS records for his domain theadmin.com


TYPEHOSTVALUE
TXTclients.com._report._dmarcv=DMARC1