Skip to main content
All CollectionsEmail Authentication Protocols
Fixing the “External Verification Failure” in Your DMARC

Fixing the “External Verification Failure” in Your DMARC

Learn how to fix the "External Verification Failure" error in Your DMARC by properly configuring your DNS records.

Updated over 3 months ago

Understanding the Issue:

The “External Verification Failure” warning in Your DMARC occurs when the email addresses specified in your DMARC record’s RUA (Reporting URI for Aggregate reports) and RUF (Reporting URI for Forensic/Failure reports) tags have not been authorized to receive DMARC reports for your domain.

Proper DMARC configuration requires these tags to direct DMARC reports to authorized inboxes, helping you monitor your domain’s email traffic and prevent issues like spoofing and phishing attacks.

What Does This Error Mean?

When you publish a DMARC record for your domain, such as:

plaintextCopyEditv=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1:s

If the domain example2.com hasn't explicitly authorized receiving DMARC reports for example.com, the reports will fail to deliver to the specified email addresses ([email protected]).

How External Verification Works:

When an email is sent from example.com, the receiving server verifies whether the external domain (example2.com) has consented to receive DMARC reports.

The server checks the DNS zone of the external domain for a specific TXT record. If the record exists and is correctly configured, DMARC reports are sent to the designated email addresses. If not, the External Verification Failure warning is triggered, and reports won't be delivered.

How to Fix the “External Verification Failure” Error:

To resolve this issue, you need to publish a TXT record in the external domain's DNS (example2.com) authorizing the delivery of DMARC reports.

Steps to Authorize the External Domain in Your DMARC:

  1. Access the DNS Zone of the External Domain:
    Log into the DNS management system for example2.com.

  2. Create a New TXT Record:

    • Record Type: TXT

    • Host/Name: example.com._report._dmarc.example2.com

    • Value: v=DMARC1

  3. Publish the Record:
    Ensure the TXT record is published on the external domain’s DNS settings (example2.com), not on your own domain (example.com).

Verification Process:

Once the TXT record is added:

  • The external domain (example2.com) will be authorized to receive DMARC reports for example.com.

  • DMARC aggregate (RUA) and forensic (RUF) reports will begin to deliver successfully to the specified email addresses ([email protected]).

Key Takeaways:

  • The External Verification Failure in Your DMARC occurs when a third-party domain has not authorized receiving DMARC reports.

  • Resolve it by publishing a TXT record in the DNS of the external domain.

  • Confirm the correct record format and test using the Your DMARC Record Checker.

By properly authorizing external domains, you can ensure smooth DMARC report delivery, strengthen your domain’s compliance, and protect your brand from email threats.

Check your Domain Now

Related Articles
Implementing SPF, DKIM, and DMARC Programmatically for Email Security
Step-by-Step Guide to Setting Up DMARC for the First Time
What to Do If Your DMARC Record Fails Verification
How to Validate and Fix Errors in Your TXT Records
How to Troubleshoot DMARC Policy Enforcement Failures
Did this answer your question?