1

I would like to receive reports only for DMARC quarantined mail and failures, but I still receive mails for every successful e-mail that has been sent from my server.

Configuration in dns looks like this

v=DMARC1; p=quarantine; rua=mailto:XXXXXXX

Is there any way to stop receiving reports without quarantine ?

Hynek Bernard
  • 202
  • 1
  • 6

2 Answers2

2

No, such configuration is only available for the (now mostly defunct) forensic reports, for the agggregate reports (rua) you can only take what you can get.

Instead of looking for a way for people to send you less data, consider using one of the commercially available DMARC processing software or services to have your data parsed & visualized to better showcase the interesting data.

XML was never that good for human consumptions anyway. And after some short implementation phase where you look at aggregated tables, you should prefer to only receive a notification when something important was reported, likely not even on most reports referring to quarantine decisions.

anx
  • 6,875
  • 4
  • 22
  • 45
  • examples of DMARC processing services in no particular order: [dmarcian](https://dmarcian.com/dmarc-saas-platform/), [report-uri](https://report-uri.com/products/dmarc_monitoring), [uriports](https://www.uriports.com/dmarc) – anx Jun 15 '21 at 00:41
  • oh and if you want to dispute my *"not good for human consumption"* claim, there is also a really neat XSLT file to view dmarc reports floating around somewhere. – anx Jun 15 '21 at 03:23
1

I think what you want is "failure reports." Failure reports are not the aggregate reports, rua, but are the ruf=mailto:dmarc-ruf@example.com reports, often referred to as the forensic reports.

Here's an excerpt from https://dmarc.org/wiki/FAQ#Do_I_want_to_receive_Failure_Reports_.28ruf.3D.29.3F

Failure reports are very useful for forensic analysis to help identify both bugs in your own mail sending software and some kinds of phishing or other impersonation attacks, but... a failure report is sent immediately, every time a receiver rejects a message due to your DMARC policy. The receiver may even send a report if the mail is accepted but one of the authentication mechanism does not pass the alignement test. A forensic report can be a complete copy of the rejected email in Abuse Reporting Format (ARF). You may think your sending practices are good, and there should be few emails rejected, but every email that spoofs your domain will be rejected too and you are asking to get a copy. This could be several times the volume of your legitimate emails. So no, you do not want to receive Failure Reports until you are well prepared for them.

Neil Anuskiewicz
  • 431
  • 1
  • 3
  • 15