Home / Security / Set up DMARC reporting and review your first report
Email Deliverability · Security Ring

Set up DMARC reporting and review your first report

30 min to set up, then ongoing review Impact: medium Effort: medium ✓ Manual completion

DMARC reporting sends you regular data showing every source sending email as your domain, including anything spoofing you, giving real visibility into your email ecosystem instead of relying on assumptions about what is actually happening.

You cannot safely tighten DMARC enforcement without first seeing what would actually be affected, reports are how you confirm every legitimate sender is accounted for before blocking anything.

How to do it

  1. 1
    Add a rua reporting address to your DMARC record
    rua=mailto:[email protected] collects aggregate reports from receiving mail servers.
  2. 2
    Wait for the first reports to arrive
    Reports typically start arriving within a day or two and continue on a regular cadence.
  3. 3
    Review what shows up
    Confirm every sending source in the report is genuinely one you recognize and authorized.
  4. 4
    Use a report parsing tool if volume is high
    Raw DMARC reports are XML and can be hard to read manually at scale, dedicated tools make this practical.

Common mistakes

How you will know it is done

DMARC reporting is active and you have reviewed at least one real report confirming all sending sources are legitimate.

Tools that help

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →