The Skysnag Blog

DMARC “External Destination Verification” defined.

October 11, 2023  |  2 min read

You may get DMARC reports from domains other than your own, did you know that? It is possible to use DMARC External Destination Verification to send your DMARC reports to an email address that is not part of your own domain. If you are the domain owner of company.com, you can send your reports to an address like rua@mailreports.net since those two domains are totally independent of one another and company.com has no control over either.

To do this, however, the report receiving domain (mailreports.net) must confirm that it is okay with receiving reports that include the DMARC data of your domain (company.com).

In this article we will talk about External Domain Verification, a technique that enables this, and how it may support you in your authentication journey today but before we dive in let’s first understand what DMARC records are:

What is a DMARC record?

A DMARC record is a DNS TXT record that allows you to control how your email is handled if it fails DMARC authentication. DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

Create a Skysnag account to generate your DMARC record.

How do I register my domain with DMARC?

To register your domain with DMARC, you will need to add a DNS record to your domain’s DNS configuration. The record that you need to add is a TXT record with the following value:

v=DMARC1; p=none; rua=mailto:dmarc_reports@sample.net

According to this DMARC record, complaints about example.org should be sent to the email address reports@sample.net. Before reports are transmitted, sample.net must publicly announce that it is acceptable to receive reports from example.org at sample.net. Otherwise, sample.net won’t receive any reports.

Now that we have this out of the way let us now analyze External Destination Verification.

What is “External Destination Verification”?

External Destination Verification is the process of allowing “external” domains to accept DMARC reports.

When sample.net publishes a customized TXT record at a certain position in the DNS, External Domain Verification is made available. If example.org instructs everyone to send DMARC reports to the sample.net domain people sending reports will look for a TXT record at this address:

example.org._report._dmarc.sample.net

..and anticipate the outcome to be:

v=DMARC1;

By doing this, the owner of sample.net can clearly state to everyone that reports from example.org can be transmitted to sample.net.

How does External Domain Verification work?

External Domain Verification is a method of verifying that you own the domain that you are attempting to add to your account. This is done by adding a DNS record to your domain’s DNS configuration. Once you have added this record, our system will periodically check for the existence of the record. When our system detects the record, the domain will be verified and you will be able to continue using it with your account.

Get started with Skysnag and Sign up for a free trial today to make your external destination validation and DMARC implementation process effortless with our automated DMARC solution that provides 100% DMARC enforcement.

Check your domain’s DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.