We want ruf= forensic DMARC reports but worry about privacy
ruf= delivers a sample per failing message including headers and sometimes body snippets. That can contain sender and recipient PII. Many large receivers (Google, Microsoft) don't send ruf reports at all. For SMBs ruf rarely beats aggregate rua reports.
Try this first
- 1Start with rua= only (aggregate). That gives a daily report per IP and domain and covers 95 percent of cases.
- 2If you still want ruf, document who reads the reports, how long they're kept, and how they're shielded. This is GDPR processing.
- 3Use a dedicated inbox or a service like dmarcian that anonymises ruf data and doesn't forward to general support.
- 4Restrict the fo= tag to what you really need. fo=1 is everything, fo=d is DKIM-fail only, fo=s is SPF-fail only.
- 5Re-evaluate after three months whether ruf shows you anything rua doesn't. Usually not.
When to bring us in
If you handle sensitive sectors (healthcare, legal, finance), have your DPO review before enabling ruf. Forensic bodies can contain customer PII.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.