What DNS record is required for DMARC reports to an external domain?
Summary
What email marketers say9Marketer opinions
Email marketer from AuthSMTP explains If your DMARC record is set to send reports to a different domain (i.e. not your own), the destination domain has to specifically allow that reporting. This is done by setting up a specific record in their DNS settings.
Email marketer from URIports shares If you would like to receive aggregate reports at a different domain than your authentication domain, then you must authorize that domain for receiving your reports. This is achieved by publishing a TXT record to the DNS record of the reporting domain.
Email marketer from Valimail shares when DMARC aggregate reports are sent to a domain other than the originating domain, the receiving domain must explicitly authorize the collection of these reports through a DNS TXT record.
Email marketer from Stack Overflow explains a DNS TXT record needs to be added to the domain that will receive the DMARC reports, to authorise receiving from the sending domain. This record confirms that the receiving domain is willing to accept DMARC reports on behalf of the sending domain.
Email marketer from MXToolbox shares if the domain which is receiving the DMARC reports (via the rua/ruf tag) is a separate domain to the domain which is using DMARC, then that receiving domain needs to publish a DNS record which authorises the sending of reports to it.
Email marketer from EasyDMARC explains that if you want to receive DMARC reports from other domains, they need to authorize you to receive those reports. This is done by placing a specific TXT record in your DNS zone.
Email marketer from Reddit responds for DMARC reports to be successfully sent to an external domain, the receiving domain must authorize the sending domain via a DNS TXT record.
Email marketer from Email Geeks explains there must be a DNS TXT record present in the abc.com as shown below: example.com._report._dmarc.abc.com which has the value v=DMARC1
Email marketer from Postmark explains if you're sending DMARC reports to a domain different from your sending domain, you need a special DNS record set up on the reporting domain to authorize this.
What the experts say6Expert opinions
Expert from Email Geeks shares that the rua requirement is mainly there to prevent the use of rua records to mailbomb unwilling recipients, whether intentionally or otherwise.
Expert from Email Geeks explains that the domain receiving DMARC reports needs to announce it's prepared to receive reports about your domain to prevent mailbombing. If using an outsourced service, they'll handle setup; otherwise, you must publish a DNS record.
Expert from Word to the Wise explains that if you are sending your DMARC reports to a domain other than your own, you will need to create a TXT record to authorize the other domain. The TXT record specifies that the receiving domain is authorized to receive DMARC reports for the sending domain.
Expert from Email Geeks shares if the recipient address for DMARC reports is in the same organizational domain as the DMARC record, you don't need the extra TXT record.
Expert from Email Geeks explains DMARC validators shouldn’t be affected by checking if the receiving domain has announced it is prepared to receive reports.
Expert from Email Geeks answers you need to publish a TXT record for the domain receiving reports, indicating it's prepared to receive DMARC reports for the other domain, as described in the RFCs.
What the documentation says4Technical articles
Documentation from Proofpoint explains that when configuring DMARC to send reports to an external domain, the external domain has to explicitly authorise this reporting by publishing a TXT record in its DNS zone.
Documentation from datatracker.ietf.org shares that if the domain listed in the DMARC record's `ruf` or `rua` tag is different from the domain sending the email, a DNS record must be published at the reporting domain to authorize the collection of reports.
Documentation from dmarc.org explains that to receive DMARC reports at a domain other than the one sending the email, the reporting domain must authorize the sending domain by publishing a specific DNS record. This record confirms that the reporting domain is willing to receive reports on behalf of the sending domain.
Documentation from Red Sift shares that to use an external domain to collect DMARC reports, that external domain must have a specific TXT record in its DNS settings that authorizes the other domain to send DMARC reports to it. This prevents unauthorized use of an organization's servers.