Aggregated report contain all information, including SPF/DKIM/DMARC failures, but it doesn't contain forensic information (e.g. failed message Subject). Aggregated reports are supported by almost all large ESPs, so, if you have some troubles you will probably see it in aggregated report.
Forensic report contains information about individual message failing SPF/DKIM/DMARC with some details (forensic information) regarding this message, e.g. message headers. The problem is there are very few peers sending forensic reports, so you may receive some reports, but should not expect to receive forensic reports in the case of failure. If you do not receive aggregated reports there is a very high chance to have configuration problem without noticing it. 27.05.2018 17:43, Al Iverson via dmarc-discuss пишет: > In a DMARC record, I see that rua= specifies the address to which aggregate > feedback is to be sent, and ruf= specifies the address to which > message-specific forensic information is to be reported. > > I'm just a tiny bit confused about terminology-- could somebody confirm for > me that I'm thinking of this correctly? I prefer only to receive failure > reports at this time. I don't want to receive summary reports telling me > that everything is AOK. That suggests to me that I should remove the rua > field but leave the ruf field. > > Have I got that right? > > Thanks, > Al Iverson > -- Vladimir Dubrovin @Mail.Ru _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)