Summary
The overwhelming consensus is that using the plus sign (+) in the RUA email address of a DMARC record is valid, acceptable, and a common practice for filtering and managing DMARC reports. It's supported by modern email systems and Gmail specifically allows for easy filtering using this method. RFC 5322 defines the plus sign as a valid character in email addresses. While some older systems might not support it, the benefits generally outweigh the risks. Experts recommend considering dedicated DMARC reporting services for better analysis and to avoid potential issues like Google blocking reports due to volume. For optimal tracking and filtering, it's advised to use unique subaddresses for each DMARC record.
Key findings
- Validity and Acceptability: Using '+' in the RUA email address is valid according to RFC 5322 and is an accepted practice for DMARC reports.
- Gmail Filtering Benefit: Gmail ignores characters after '+', enabling easy filtering of DMARC reports.
- Industry Use: Companies like Klaviyo implement the '+' trick, demonstrating its adoption.
- Simplified Management: Plus addressing simplifies DMARC report management and segregation from other emails.
Key considerations
- Older Systems Compatibility: Be aware that some older email systems may not fully support plus addressing.
- Dedicated Reporting Systems: Consider using dedicated DMARC reporting services for enhanced analysis and easier management, particularly for high report volumes.
- Google Blocking Risk: Be mindful that Google might block DMARC reports due to volume, warranting the exploration of alternatives.
- Domain Alignment Requirement: The RUA email address must be in the same domain or a third-party domain with authorization records for Google Apps to work correctly.
- Unique Subaddressing: For optimal filtering and tracking, utilize unique subaddresses for each DMARC record and regularly monitor the report receiving system.
What email marketers say
9 marketer opinions
The consensus is that using the plus sign (+) in the RUA email address of a DMARC record is generally acceptable and a common practice for filtering and managing DMARC reports. Most modern email systems support plus addressing, but older systems might not. It's recommended to use a dedicated mailbox or filter to handle the reports effectively.
Key opinions
- Plus Addressing Validity: Plus addressing (using '+') is a valid character in email addresses according to internet standards and is supported by most modern email systems.
- Report Management: Using plus addressing allows for easy filtering and management of DMARC reports, directing them into specific folders for better organization.
- Industry Adoption: Companies like Klaviyo utilize plus addressing in their DMARC records, indicating its acceptance within the industry.
- RUA Tag Importance: Proper configuration of the RUA tag in the DMARC record is crucial for receiving reports from various mail service providers.
Key considerations
- Older Systems: Some older email systems might not fully support plus addressing, potentially causing issues with report delivery.
- Report Volume: Depending on the volume of emails, a dedicated DMARC reporting service may be more effective for analysis and aggregation than manual filtering.
- Monitoring: Regularly monitor the designated mailbox or reporting system to ensure DMARC reports are being received and analyzed.
- Alternative Solutions: Consider using dedicated DMARC reporting services if manual filtering becomes too cumbersome.
Marketer view
Email marketer from Email Geeks shares that the plus sign is a valid character for email addresses and that sophisticated sites sending DMARC reports likely won't have issues with it. They recommend a dedicated mailbox for aggregate reports as best practice for machine parsing.
13 Dec 2021 - Email Geeks
Marketer view
Email marketer from DMARC Analyzer shares the advantage of using a DMARC RUA tag is that it provides a method to collect feedback on your email authentication setup. They don't discuss the usage of '+' and instead share advice about setting up the record itself and understanding its impact.
29 Apr 2024 - DMARC Analyzer
What the experts say
5 expert opinions
The consensus is that using the plus sign (+) in a DMARC record's RUA email address is generally acceptable for identifying and segregating reports. Experts suggest considering dedicated reporting systems due to potential limitations, such as Google's volume blocking and the need for the email address to be within the same domain. While subaddressing offers benefits for filtering, unique subaddresses for each DMARC record are recommended for easier tracking.
Key opinions
- Plus Sign Acceptability: Using the plus sign (+) in the RUA email address is a valid method for identifying DMARC reports.
- Domain Alignment: The RUA email address must be in the same domain as the DMARC record, or a third-party domain with authorization records, for Google Apps to work out-of-the-box.
- Dedicated Systems Benefit: Dedicated DMARC reporting systems offer more value than simply using a mailbox for non-human-readable reports.
Key considerations
- Reporting System Choice: Consider dedicated reporting services like dmarc.postmarkapp.com, as they provide more features and require less effort than Google Apps.
- Google Blocking: Be aware that Google might block DMARC reports due to high volume, which is another reason to consider alternative reporting solutions.
- Unique Subaddresses: Use unique subaddresses for each DMARC record for easier filtering and tracking.
- Potential Issues: Be aware of potential issues such as the risk of missing reports by relying on subaddressing.
Expert view
Expert from Email Geeks explains that using the plus sign in a DMARC record should be fine, but suggests considering using a reporting system instead of just a mailbox for non-human-readable DMARC reports.
25 Mar 2025 - Email Geeks
Expert view
Expert from Email Geeks explains that the email address in the DMARC record must either be in the same domain as the DMARC record or a third-party domain with authorization records. Google Apps will only work out-of-the-box if the email addresses are in the same domain.
11 Jan 2023 - Email Geeks
What the documentation says
5 technical articles
Documentation indicates that using a plus sign (+) in the RUA email address is valid. Gmail ignores everything after the + for filtering. RFC 5322 defines the plus sign as a valid character in email addresses. While DMARC relies on SPF for authorization, the use of '+' specifically in the RUA tag is not directly addressed in some documentation, but implied as a valid email address for report delivery.
Key findings
- Gmail Filtering: Gmail ignores characters after '+' allowing for filtering.
- RFC 5322 Validity: RFC 5322 specifies '+' as valid email address character.
- SPF and DMARC: DMARC utilizes SPF to verify authorized domains, which helps to prevent phishing attacks.
Key considerations
- Address Validity: Ensure that the email address is valid for receiving reports.
- Implicit Approval: Although not explicitly stated, using '+' is implied to be compatible with the RUA tag.
- DMARC Effectiveness: Understanding SPF and DMARC is crucial for preventing phishing attacks and email spoofing.
Technical article
Documentation from Agari answers the question about DMARC by describing how it can stop phishing attacks. DMARC uses SPF to verify that the email originated from the domain that it claims to be from and gives instructions if it fails the SPF policy.
10 Nov 2023 - Agari by Proofpoint
Technical article
Documentation from Microsoft explains DMARC uses SPF to determine if your server is authorized to send on behalf of your domain. Does not discuss the use of '+' but helps provide a background for DMARC.
4 Feb 2025 - Microsoft
What are the requirements for RUA and RUF in DMARC policies?
Can DMARC reports be sent without RUA or RUF addresses?
Are DMARC RUA and RUF tags mandatory for compliance and what are their benefits?
How do I properly set up DMARC records and reporting for email authentication?
How should DMARC, SPF, and DKIM records be configured for domains that do not send email?
How can DMARC reports be enriched with user-level data for better domain enforcement?
