The importance of DMARC reports

DMARC reports: what they are, where they go, and why they help protect your domain

When people talk about email security, acronyms like SPF, DKIM and DMARC often appear together, but their practical role is not always clear.
DMARC, in particular, is a standard designed to protect email domains from one of the most widespread scams: spoofing.

In simple terms, spoofing happens when someone sends emails using a sender domain they do not own, with the goal of appearing trustworthy to the recipient. Attackers commonly use this technique in phishing campaigns and email fraud. DMARC manages these scenarios and tells receiving mail servers how to handle suspicious messages that claim to come from your domain.

What happens when an email fails authentication checks?

When an email reaches its destination, the receiving server checks whether the message passes several authentication controls, including SPF and DKIM.
When both checks fail, the email usually does not come from a system authorised by the declared domain. In this scenario, DMARC comes into play.

The legitimate domain owner must define policies in advance. These rules specify how servers should handle these problematic messages.
The standard provides three options:

• none: the server delivers the message but marks it as suspicious;
• quarantine: the server places the message in quarantine;
• reject: the server rejects the message and does not deliver it.

Many attacks target domains without a configured DMARC policy or domains that still use the none mode. In these cases, attackers can send fraudulent emails using the attacked domain in the From header, while the envelope-from header, which the sending system actually uses, belongs to a completely different domain.

A reject DMARC policy allows receiving servers to block these messages outright. This approach prevents delivery and significantly reduces the risk of fraud, abuse and phishing campaigns based on domain impersonation. It requires care and awareness, but it represents one of the most effective steps to protect an email domain.

DMARC reports

In addition to defining policies, DMARC allows domain owners to receive daily reports on the email traffic associated with their domain. These reports play a crucial role because, in most spoofing cases, neither the sender nor the recipient receives any direct notification of the attack.

Beyond spoofing protection, DMARC helps identify misconfigured setups or legitimate services that send emails without respecting the domain’s authentication policies.
For example, devices or applications may send emails directly, bypass authorised servers and without applying a valid DKIM signature. In these situations, messages fail DMARC checks even though internal and legitimate systems generate them.

DMARC reports make it possible to intercept this type of traffic and verify its origin, preventing configuration issues from remaining hidden.
This approach makes it possible to:

• notice when someone abuses your domain;
• identify unauthorised email sending;
• detect incorrect configurations or forgotten services that send emails without respecting policies.

Without reports, many abusive activities remain invisible.

Who sends and who receives DMARC reports

Providers that receive emails sent with your domain as the sender generate DMARC reports, usually once per day. They send these reports to the addresses specified in the rua field of the DMARC record configured in your DNS.
It is advisable to use an address provided by your email provider or by the security service that handles report analysis. This choice ensures that qualified personnel can correctly read and interpret the data.
If you have not yet configured a DMARC record, you can refer to the official Qboxmail documentation for proper setup.

How Qboxmail handles DMARC report delivery

We recently updated our Email Security infrastructure and improved the generation and delivery of DMARC reports for all domains that specify a valid record with a reachable rua address.
Every day, Qboxmail systems receive and analyse millions of messages from thousands of domains.
For each domain, the systems collect message data, verify the outcome against the configured DMARC policy, generate standard-compliant XML reports and send them to the addresses listed in the rua record. This process creates and delivers tens of thousands of reports every day and actively contributes to improving the security of the entire email ecosystem.
Email Providers that want to correctly identify reports sent by Qboxmail receive these messages from the sender report@dmarc.qboxmail.com via the server dmarcreport.qboxmail.com.

DMARC report delivery is voluntary, but it represents a fundamental practice for providing a more secure email service for everyone. Proper policy configuration and report analysis give greater visibility and control, even when issues do not appear immediately.
If you want stronger security for business email or you are a reseller aiming to offer a more solid and reliable email service to your customers, Qboxmail services include tools and expertise designed specifically for these needs.