DMARC has no ruf= forensic reporting

Your DMARC record sends aggregate reports (rua=) that show which servers sent email on behalf of your domain — but it does not include a forensic reporting address (ruf=). Forensic reports provide per-email detail when a message fails authentication. Aggregate reports show patterns, but forensic reports show you the actual failing messages — useful when troubleshooting a specific spoofing attempt or diagnosing why a legitimate email is failing. Without them, you are working with less information if something goes wrong. Add a ruf= address to your DMARC DNS record pointing to an email address or reporting service you control. Be aware that some mail providers limit or do not send forensic reports for privacy reasons, but having the address in place captures reports from those that do.