There are two types of DMARC reports: aggregate and failure (or forensic).

DMARC aggregate reports (RUA) provide daily (every 24 hours), summarized data on all email authentication results for a group of emails, while failure reports (RUF) offer real-time detailed, message-level copies of individual emails that failed DMARC authentication.

Aggregate reports are safer, more widely used, and recommended for overall email monitoring. Failure reports offer details on specific delivery failures, but they often contain sensitive, complex information and aren't supported by many major email providers, such as Google and Yahoo. Therefore, forensic reports might not be the best option to oversee your email deliverability concerns.

Which DMARC Report Should You Choose?

MxToolbox recommends that you start with aggregate reports due to their usefulness, even in XML format. First, set up RUA reporting because it's the standard and much safer way to monitor your email traffic and is essential for implementing a DMARC policy.

Click here for more information about DMARC aggregate reports.

Consider forensic reports for advanced troubleshooting. Only enable RUF reporting if you need to analyze specific, failed messages and are prepared to handle the privacy demands and lack of support from top email providers.

Click here for more details regarding DMARC failure reports.