RFC 9991 - Domain-Based Message Authentication, Reporting, and Conformance (DMARC) Failure Reporting
- Status: Proposed Standard
- Published: May 2026
- Stream: IETF
- Updates: RFC 6591
- Obsoletes: RFC 7489
Abstract
DMARC failure reports provide details about individual messages that failed to authenticate according to DMARC. This document updates RFC 6591 and obsoletes RFC 7489.
DMARC Document Set
- RFC 9989 - DMARC
- RFC 9990 - DMARC Aggregate Reporting
- RFC 9991 - DMARC Failure Reporting
- RFC 7489 - Original DMARC specification
Contents
- 1. Introduction
- 1.1. Terminology
- 1.2. Document Status
- 2. DMARC Failure Reports
- 3. Other Failure Reports
- 4. Reporting Format Update
- 5. Verifying External Destinations
- 5.1. Transport
- 6. IANA Considerations
- 7. Privacy Considerations
- 7.1. Data Exposure Considerations
- 7.2. Report Recipients
- 7.3. Additional Damage
- 8. Security Considerations
- 8.1. Denial of Service
- 9. References
- Appendix A. Example Failure Report
- Authors' Addresses
Related Resources
- Official Text: RFC 9991
- Official Page: RFC 9991 DataTracker
- Errata: RFC Editor Errata