Turn off DMARC report for pass

Hynek Bernard

10/14/22, 9:48 AM

I would like to receive reports only for DMARC quarantined mail and failures, but I still receive mails for every successful e-mail that has been sent from my server.

Configuration in dns looks like this

v=DMARC1; p=quarantine; rua=mailto:XXXXXXX

Is there any way to stop receiving reports without quarantine ?

335

2 + 0

dmarc

Score:2

Server

anx

10/15/22, 12:39 AM

No, such configuration is only available for the (now mostly defunct) forensic reports, for the agggregate reports (rua) you can only take what you can get.

Instead of looking for a way for people to send you less data, consider using one of the commercially available DMARC processing software or services to have your data parsed & visualized to better showcase the interesting data.

XML was never that good for human consumptions anyway. And after some short implementation phase where you look at aggregated tables, you should prefer to only receive a notification when something important was reported, likely not even on most reports referring to quarantine decisions.

0 + 2

anx

10/15/22, 12:41 AM

examples of DMARC processing services in no particular order: [dmarcian](https://dmarcian.com/dmarc-saas-platform/), [report-uri](https://report-uri.com/products/dmarc_monitoring), [uriports](https://www.uriports.com/dmarc)

anx

10/15/22, 3:23 AM

oh and if you want to dispute my *"not good for human consumption"* claim, there is also a really neat XSLT file to view dmarc reports floating around somewhere.

Score:1

Server

Neil Anuskiewicz

10/28/22, 12:18 PM

I think what you want is "failure reports." Failure reports are not the aggregate reports, rua, but are the ruf=mailto:[email protected] reports, often referred to as the forensic reports.

Here's an excerpt from https://dmarc.org/wiki/FAQ#Do_I_want_to_receive_Failure_Reports_.28ruf.3D.29.3F

Failure reports are very useful for forensic analysis to help identify both bugs in your own mail sending software and some kinds of phishing or other impersonation attacks, but... a failure report is sent immediately, every time a receiver rejects a message due to your DMARC policy. The receiver may even send a report if the mail is accepted but one of the authentication mechanism does not pass the alignement test. A forensic report can be a complete copy of the rejected email in Abuse Reporting Format (ARF). You may think your sending practices are good, and there should be few emails rejected, but every email that spoofs your domain will be rejected too and you are asking to get a copy. This could be several times the volume of your legitimate emails. So no, you do not want to receive Failure Reports until you are well prepared for them.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Turn off DMARC report for pass

TH: ปิดรายงาน DMARC สำหรับบัตรผ่าน

RO: Dezactivați raportul DMARC pentru trecere

RU: Отключить отчет DMARC для прохода

VI: Tắt báo cáo DMARC cho vượt qua

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.