DMARC Failure Reporting Options(fo)
The destination(s) and nature of failure reports are defined by the “ruf” and “fo” tags. The "ruf" tag deals with where the failure reports should be sent and the "fo" tag, which stands for failure reporting options, determines the type of reports that are sent out. The fo tag is an optional DMARC tag and dictates what type of authentication and/or alignment issues are reported back to the outbound domain’s owner.
There are four types of DMARC failure reports that can be sent using the "fo" tag:
- fo=0: Generate a DMARC failure report if all underlying authentication mechanisms (SPF and DKIM) fail to produce an aligned “pass” result. (Default)
- fo=1: Generate a DMARC failure report if any underlying authentication mechanism (SPF or DKIM) produced something other than an aligned “pass” result. (Recommended)
- fo=d: Generate a DKIM failure report if the message had a signature that failed evaluation, regardless of its alignment.
- fo=s: Generate an SPF failure report if the message failed SPF evaluation, regardless of its alignment.
If you would like to receive multiple types of reports you can specify them by using a colon between each type. For example, if you wanted reports for 0,1,s; you would add a "fo" tag to your DMARC record like the one below:
v=DMARC1; p=quarantine; pct=25 ; rua=mailto:dmarcreports@mxtoolbox.com; fo=0:1:s; |