What is DMARC Forensic Reporting (RUF)?

DMARC forensic reports (RUF) provide details about individual messages failing **DMARC**. Unlike aggregate reports summarizing statistics, forensic reports include message headers and sometimes content, enabling specific failure investigation.

Forensic reports help diagnose: specific authentication failures (why did this message fail?), forwarding scenarios breaking alignment, legitimate senders with configuration problems, and **phishing** attempts using your domain.

Limitations: not all receivers send forensic reports, privacy concerns limit content inclusion, and high-volume sending generates overwhelming report volume. Many organizations rely on aggregate reports for overview, requesting forensic only for specific investigation needs.