If you want to send your DMARC reports to a domain other than the one that the record is for, then the recieving domain needs to configure a DNS record so that Email Serivce Providers know that the recipient is authorizing the the reports.
Verifying External Destinations
It is possible to specify destinations for the different reports that are outside the authority of the Domain Owner making the request. This allows domains that do not operate mail servers to request reports and have them go someplace that is able to receive and process them. Without checks, this would allow a bad actor to publish a DMARC policy record that requests that reports be sent to a victim address, and then send a large volume of mail that will fail both DKIM and SPF checks to a wide variety of destinations; the victim will in turn be flooded with unwanted reports. Therefore, a verification mechanism is included.
For example: If your domain is domain.com and you want to send your reports to mxtoolbox.dmarc-report.com, then their needs to be a TXT DNS record domain.com._report._dmarc.mxtoolbox.dmarc-report.com which has the content v=DMARC1 in place to authorize your reports. When you configure MxToolbox to receive your DMARC reports, we configure this record automatically.
DMARC is the key to improving Email Deliverability!
Email is the key to your customer communication strategy. But, what is your email reputation?
Setting up and managing your DMARC configuration is the key to getting insight into your email delivery. MxToolbox is the key to understanding DMARC.
MxToolbox Delivery Center gives you:
- Who is sending phishing email purporting to be from your domain
- What is the reputation of your domains and delegated IPs
- Where other senders are and What their reputations are
- How your SPF, DKIM and DMARC setup is performing