Comment by mmsc
>I assume that putting a 'rua=' into your DMARC record makes it look more legitimate to (some) receiving systems.
Yes, Gmail for example will drop emails from mass-senders that don't implement both SPF and DKIM.
>I assume that putting a 'rua=' into your DMARC record makes it look more legitimate to (some) receiving systems.
Yes, Gmail for example will drop emails from mass-senders that don't implement both SPF and DKIM.
Still the 'r' parameters (reporting) in the DMARC record are optional, and there is no indication their presence bestows additional legitimacy to a sender.
(For me, it's sort-of the opposite: there are fun spam patterns to be found in DMARC records with reporting addresses!)