Contact Us

The Skysnag Blog

DMARC Reports: RUA VS RUF in Email Deliverability Tracking

October 11, 2023  |  2 min read

If you’re just beginning your DMARC project it’s crucial to comprehend the distinctions between the two linked reports, aggregate (RUA) and forensic (RUF). These DMARC reports, which you customize to give you information about how your domains are handling email, will usually start to generate within a day or two after you publish DMARC entries.

RUF reports are censored versions of the specific emails that are not fully DMARC compliant, while RUA reports give a thorough overview of all of a domain’s traffic. Skysnag automatically handles your DMARC record setup to receive RUA reports.

Create a Skysnag account to generate your DMARC record.

However, let’s look at the two reports (RUA vs RUF) closely.

What is the difference between RUA vs RUF?

RUA (Aggregate Reports)RUF (Forensic Reports)
Combined data on a group of emailsDetails of an individual email
Sent every day by defaultReal-time response after failures
Sent in XML formatPlain text format
No Personal Identifiable Information (PII)Contains Personal Identifiable Information (PII)
DMARC-compliant mailbox providers supportedSupported in only a handful of mailbox providers

What is a DMARC RUA Report?

The most crucial reports are aggregate ones that detail SPF, DKIM, and DMARC authentication status.

Data in an aggregate report is limited to message counts and email authentication attributes; it does not include any sensitive information from the email itself. For RUA reports, almost every domain owner registers; this is not the case for RUF reports.

Data from RUA shows the following:

  • DMARC policy detected and implemented if any
  • Selected message disposition
  • Identifier examined by SPF and the SPF result
  • Identifier evaluated by DKIM and the DKIM result
  • DKIM and SPF alignment
  • DMARC policy detected and implemented if any
  • From: the sender’s corporate domain, data for each sender subdomain separately (even if there is no explicit subdomain policy)
  • Domains for sending and receiving
  • Domain owner requested a policy, and the requested policy was implemented
  • Success rate of authentications
  • Message counts based on all messages received, even if other filtering mechanisms ultimately prevent their delivery.

What is a DMARC RUF Report?

DMARC Forensic Report (RUF), is a feature that allows users to view the status of an email that they sent to a specific destination that failed DKIM, SPF, or DMARC authentication. Detailed diagnostic findings on what went wrong and how the issue could be fixed are included in the report sent to the sender.

Why should I use DMARC Failure RUF reports?

Immediate advisories of DMARC failure

As soon as an email fails DMARC, you are informed about it in a RUF report.

Information based per-email

Each RUF report includes information regarding a single email, allowing you to examine it in further detail.

Faster unauthorized IPS identification

Finding an unauthorized IP among fewer but more thorough reports is much simpler.

Describe earlier, improve earlier

Instant reports allow you to be informed of a problem more quickly and remedy it more quickly.

What does Skysnag bring to RUF?

Automated translations of reports

You can avoid reading lengthy, confusing reports by using simpler views to convey complicated reports.

Forensic reports that are encrypted

We offer forensic report encryption, both automatically and on-demand, if you’re concerned about sensitive information in your emails.


Never ever be surprised by your own emails. Skysnag provides you with automated translations of reports that save you time from reading lengthy, perplexing reports while encrypting sensitive information in your emails. Control everything with Skysnag. Get started with Skysnag and sign up for a free trial today.

Check your domain’s DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.