Forensic Viewer
The Forensic Viewer allows you to access individual failure reports for precise analysis of DMARC-failing email. Enabling Forensic reports (RUF) is not a requirement to adopt DMARC. In fact, fewer than 50% of dmarcian customers do. Adoption trends are largely the result of two key factors:
- Forensic reports can potentially include Personally Identifiable Information (PII), as they are effectively partially redacted emails (headers and body).
- The number of reporters who send Forensic reports are quite small. You should not expect to see a comprehensive list of Forensic reports, regardless of how large of a sender you may be.
General Filters or IP-based filters can be used to search for emails which are failing DMARC, for which reporters may have sent in Failure Reports. If results are found, more complete header information can be viewed by clicking the details button of the Mail Body column.
People often configure DMARC records and use the “RUF” tag to ask for Forensic/Failure reports. However, they’re often slow to arrive. If you just added the RUF tag to your DMARC record, be aware that it might take up to 24 hours for your change to be picked up by some receiving hosts, and then it could take a further day or two for them to begin sending reports.