Yes, the ri tag in a DMARC record is specifically designed to control the interval for aggregate reports, and it is specified in seconds. This tag allows domain owners to request that email receivers send them summary reports on email authentication results at a preferred frequency.
These aggregate reports, also known as RUA reports, are incredibly valuable. They provide a high-level overview of all the emails sent using your domain, detailing which ones passed or failed SPF and DKIM checks and their DMARC alignment. Understanding how often you receive this data is key to managing your email security posture effectively.
Understanding the 'ri' tag and its default value
The ri tag stands for "reporting interval". It's an optional tag within a DMARC record. If you don't include it, receivers will default to a standard interval.
As noted in the DMARC practical guide by NsLookup.io, the default value is 86,400 seconds, which equates to exactly 24 hours. This means that, by default, you will receive one aggregate report per day from each reporting organization. For many domain owners, a daily cadence is perfectly sufficient for monitoring.
How to customize your reporting interval
If you need more frequent feedback, you can set the ri tag to a smaller value. For instance, if you're in the middle of a complex email migration or troubleshooting a deliverability issue, you might want reports more often. To receive reports every hour, you would set the interval to 3600 seconds. Your DMARC record tag would look like this: ri=3600. It's a simple change that can significantly speed up your feedback loop.
When might you want to adjust your reporting interval?
- Initial DMARC setup: During the initial rollout of DMARC, more frequent reports can help you quickly identify authentication issues with legitimate email sources.
- Troubleshooting: If you notice sudden dips in deliverability or suspect a spoofing attack, shortening the interval can provide faster insights.
- New service integration: When adding a new email service provider or a third-party tool that sends email on your behalf, hourly reports can help confirm its configuration is correct almost immediately.
The future of the 'ri' tag: a shift with DMARCbis
While the ri tag has been a standard part of DMARC for years, its role is changing. The internet standards community is always working to improve protocols, and the next version of DMARC, known as DMARCbis, introduces some significant updates. One of the most notable changes is the deprecation of the ri tag.
This means that while many receivers still respect the ri tag today, you cannot rely on it for future DMARC compliance. The new standard essentially tells receivers to send reports at least once a day, or more frequently if they are able. This shift reflects a move towards a more standardized and predictable reporting schedule across all mailbox providers. As TechTarget notes, email receivers are expected "to be able to generate the reports hourly" even under the original specification. The new standard solidifies this expectation, making the ri tag redundant. So, while you can still use the tag, it's wise to build your monitoring processes around the expectation of daily reports as the baseline.
