You published a DMARC record with a rua= address weeks ago, but no aggregate reports ever arrive — the monitoring you set up is silent.
If your rua= (or ruf=) points to a mailbox on a different domain than the one being reported on, receivers won't send reports until the destination domain authorizes it — otherwise anyone could aim your reports at a victim. RFC 7489 §7.1 requires a TXT record named <your-domain>._report._dmarc.<destination-domain> containing v=DMARC1, published on the destination domain; without it, compliant receivers refuse to send. (Same-domain rua needs no such record.) A missing authorization record is the most common reason a correct-looking DMARC setup produces zero reports. Source: RFC 7489 §7.1 · verified 2026-07-15
<your-domain>._report._dmarc.<destination-domain> as a TXT record set to v=DMARC1 on the destination domain.DNS changes propagate within minutes to 48 hours. Mailbox providers pick up the new records on their next check — most senders see bounces stop within a day of correct configuration.
Formal enforcement targets bulk senders, but partial authentication already costs you inbox placement at every volume — and spoofing protection matters regardless of how much you send.
Hosting support can add DNS records for you, but they don't know which services send as your domain. You (or a monitoring tool reading your DMARC reports) have to provide that list — that's the actual hard part.