Skip to main content
What is “External Destination Verification”?

What is “External Destination Verification”?

Technical Guidance

A domain’s DMARC record can tell the world to send DMARC reports to a different domain. For example, the domain might have a DMARC record of:

v=DMARC1; p=none;

This DMARC record tells people to send reports regarding to the email address of Before reports are sent, must tell the world that it is OK to send's reports to Otherwise, reports will not be sent to

Allowing “external” domains to accept DMARC reports is called “External Domain Verification.”

For those who like too much information, the DMARC RFC describes in detail how report generators determine if is allowed to receive reports related to

External Domain Verification is made possible when publishes a special TXT record at a specific location in the DNS. If tells the world to send DMARC reports to the domain, people who are sending reports will look for a TXT record at this location:

…and expect the result to be:


In this way, the operator of can explicitly tell the world that's reports can be sent to

dmarcian processes data for an enormous number of domains and automatically adds the External Domain Verification record as needed. This is how people can use dmarcian to process DMARC data by directly inserting a dmarcian reporting address into a DMARC record.

If you’re seeing warnings that your domain’s DMARC record is “Missing authorization for External Destination,” the fix is to either:

  1. update the DNS to which the reports need to be sent by adding ._report._dmarc in the Name field and v=DMARC1 in the Value field as seen below or
  2. remove the email address and only add the dmarcian reporting address in the DMARC record.

DMARC external destintion

Feel free to contact us with any questions about the arcane topic of External Domain Verification.

We’re Here to Help
With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.

Want to continue the conversation? Head over to the dmarcian Forum.