Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. DMARC: Invalid external reporting endpoint

Author: Government Digital Service

DMARC: Invalid external reporting endpoint

What this means

A configuration or validation issue is present with the DMARC reporting address specified in your DMARC record.

Why this is a problem

This issue will result in DMARC aggregate reports not being delivered as intended, which could hinder DMARC analysis.

How to check if the problem is there

This issue usually occurs if you are sending DMARC reports to a different domain.

Check your DMARC record to determine where your aggregate and forensic reports are being sent to. If they are being sent to a third party DMARC monitoring service, you will need to contact the provider of the service to alert them to this issue.

If you are sending the reports to another domain that you own, follow the steps outlined below.

You might want to use the following online tools to check for this issue:

How to fix this

In the report-receiving domain, you must publish a DNS record which validates that you wish to receive DMARC reports from a given external domain.

You must follow the steps as outlined in section 7.1 of RFC7489 

For example, if the DMARC policy for primarydomain.gov.uk is as follows:

v=DMARC1; p=reject; rua=mailto:reports@secondarydomain.gov.uk

You will need to publish the following TXT record in secondarydomain.gov.uk

primarydomain.gov.uk._report._dmarc.secondarydomain.gov.uk.

With a value of:

v=DMARC1

This will validate that the secondarydomain.gov.uk will accept DMARC reports from primarydomain.gov.uk.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now