The 32KB limit in DMARC reports: What it means and why it matters
This typically occurs due to technical constraints on report size limits imposed by mailbox providers. Many email service providers, such as Gmail and Yahoo, impose a limit of 32 kilobytes on DMARC aggregate reports (RUA). Even though there is no such restriction in DMARC RFC 7489, ESPs and mailbox providers enforce this cap for operational reasons, like keeping the attachment size small, reducing server load, and avoiding delays or errors in report delivery.
If the DMARC report crosses this threshold, the mail providers sometimes just truncate the report or send you a partial report, which defies the very purpose of DMARC reporting.
In this article, we will understand everything about the 32KB limit of DMARC aggregate report— what it entails, why it matters, and what happens if you don’t stay within this limit.
What makes DMARC aggregate reports so heavy?
Basically, every time an email is sent from your domain, the report logs details like the IP address it came from, whether it passed SPF and DKIM checks, and how many messages were sent. Now, if you’re only sending a small number of emails from one or two services, the report will remain under the recommended limit.
But if you have a large database or use various platforms that send emails on your behalf, it might then become a problem. All these factors add up— different sending IPs, different DKIM signatures, different domains or subdomains, every detail of every outgoing email from your domain gets logged in the report, which inevitably makes it heavy.
What happens when you cross the 32KB limit?
If your DMARC aggregate report is too large for the mail servers to handle, it starts impacting your visibility without you even realizing it. The primary purpose of obtaining a DMARC report is to monitor all activities related to your domain. But if you don’t have full visibility, you’re left to guess.
Here’s what can happen when that size limit is crossed:
The report might get truncated
If a DMARC report becomes too large for the mail servers, they will still send it to you, but only up to a 32KB limit; they just remove everything else beyond that. So, you might receive a file that looks fine at first glance, but in reality, it might be missing some records. Chances are, it won’t include some IP addresses or entire subdomain activity. The worst part is, the XML won’t even tell you that anything’s wrong; you will just receive a file that appears complete but is cut off abruptly.
The report might not be sent at all
Sometimes, if the DMARC report crosses the recommended limit, the mailbox provider may decide not to send it at all. You may especially experience this issue if you are using Gmail. The report is still generated, but instead of being delivered to you, it’s simply dropped.
Again, you don’t receive any warning or error message indicating that it was too big. From your end, it may seem like there was no email activity that day, when in reality, the report was created but quietly discarded. This makes it easy to miss important issues, like emails failing authentication or someone trying to spoof your domain.
The report might be split (but not consistently)
The email service provider might even try to split the report into smaller parts to stay under the 32KB limit. In theory, there’s nothing wrong with this, but in practice, it doesn’t always work well.
The problem is, there’s no standard way of splitting these reports. So, you may get two or three different files, and it’s not always clear that they belong to the same report. To make things worse, some DMARC tools don’t know how to handle these split reports properly. They might treat each one as a separate report or ignore some parts altogether.
Technically, yes, you did get the DMARC reports from your ESP, but with split files, you may not see the complete picture of what is happening on your domain.
What to do when you hit the limit?
Now that you know, there exists a limit on DMARC report size, the next step is figuring out how to work around it, so that you don’t miss out on important information about your domain activity.
Since there are no error messages or warnings from the ESP’s end, you will have to keep an eye out for signs that you might be hitting the limit. For instance, if a report goes missing, or you see fewer records than expected, or it seems incomplete, then consider it a red flag. To spot such inconsistencies, compare the volume of emails sent with what’s actually being reported. If the numbers don’t align, you’d know something is wrong.
You can also try to simplify your email ecosystem to keep your DMARC reports under 32KB. Removing any third-party services that you no longer use or consolidating them can help reduce the number of unique IPs, DKIM signatures, and domains that appear in the report. The fewer the variations, the smaller the report will be.
Moreover, another way to manage report size is by assigning separate DMARC policies to subdomains that send a high volume of emails. This way, the entire load will not be concentrated on your primary domain’s report.
For example, if you have subdomains like “info.example.com” or “support.example.com” handling different types of traffic, it’s a good idea to assign different DMARC records for each of them. This helps distribute the data and keep each report lighter and easier to manage.
Incomplete or inconsistent DMARC reports can be just as damaging to your email security as having none at all. So, it’s better that you fix such issues before they expose your domain to email spoofing, authentication gaps, and other security vulnerabilities. If you need help managing your DMARC reports, get in touch with us today!