Page MenuHomePhabricator DMARC "rua" and "ruf" email addresses need verification
Open, MediumPublic


The DMARC entry for now looks like this: v=DMARC1; p=none; sp=none;;;.

Since "rua" and "ruf" addresses use an external domain (not, this domain ( must confirm that it can be used for this purpose. Otherwise, many mail servers will not send messages to these addresses.

As I understand it, this can be done by adding TXT DNS record with value v=DMARC1.

Event Timeline

herron triaged this task as Medium priority.Jan 4 2019, 4:42 PM

The issue is still present and as such the dmarc record for is pretty much redundant.
The dmarc policy is set to none so the benefit to be gained would be the reporting ie the R in DMARC. Without the corresponding change in there will be no reporting.

Please refer to RFC 7489, Section 7.1, for instructions how to correct this problem.
Expected permission record location:

You can see some idea of the systems sending emails from with this link

Is anyone sending email with a domain? For a while, that was assumed not to happen.

The data from Senderscore shows that there are systems sending email from

The Senderscore data however will only show the most egregious senders of these emails. If you fix the dmarc reporting you will be able to see who the senders are in more detail. Then decide on the action to take. If you believe that there are no legitimate senders of emails from then the dmarc policy should almost certainly be to reject unauthenticated emails using the domain.

If you look a little further in the Senderscore data you can see the subdomain is sending email

Some of the associated senders have low reputations and could well be broadband connections

If the dmarc record for is fixed then you will receive dmarc data for the subdomains too.