DMARC glossary

What does the ri tag mean in a DMARC record?

Samuel Chenard

By Samuel Chenard · CEO & Co-Founder, Palisade · Reviewed July 15, 2026

The ri tag is the requested interval between DMARC aggregate reports, in seconds. The default is 86400 — one report per day. In practice, receivers send daily reports regardless of what you request, and DMARCbis (the upcoming DMARC revision) drops the tag entirely. You can safely leave it out.

ri at a glance
Tagri (report interval)
Valid valuesInterval in seconds, e.g. 86400 (24 hours)
DefaultDefaults to 86400 — daily aggregate reports.
Where it goesAfter the reporting tags, e.g. v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; ri=86400;

How ri works

ri lets you ask receivers to send [aggregate reports](/learning/what-is-a-rua) more or less often than the daily default. The operative word is *ask*: RFC 7489 treats it as a request receivers may honor, and in practice the major ones batch and send daily no matter what value you publish. ri=3600 will not get you hourly reports from Gmail.

That makes ri a tag people paste from record generators rather than a lever that does anything. DMARCbis drops it from the spec entirely. Omit it — and if you inherit a record that sets ri=86400 explicitly, know that removing it changes nothing.

Correct record vs common mistake

Correct

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com

No ri tag — you'll get daily aggregate reports, which is what receivers send anyway.

Common mistake

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; ri=3600

Requests hourly reports; nearly all receivers ignore it and send daily. Harmless, but it signals a copy-pasted record rather than a considered one.

Generate your DMARC record

Build the exact TXT record to publish — pick a policy, add a reporting address, copy. Free, no signup.

Used to show the exact host name to publish — the record itself doesn't contain it.

Start at none to observe, then tighten once reports look clean.

Where daily XML summaries are sent. Comma-separate multiple addresses.

Advanced options (sp, alignment, pct, ruf)

Subdomains inherit p unless you set this. Attackers love unused subdomains — reject is a strong choice once you're at enforcement.

Relaxed allows subdomain matches (mail.yourdomain.com signs for yourdomain.com). Strict requires an exact match — most domains should stay relaxed.

Same idea for the SPF (Return-Path) domain.

Applies quarantine/reject to a percentage of failing mail during rollout. Retired in DMARCbis — use briefly if at all.

Per-message failure samples. Rarely sent by large providers; contains message data.

Your DMARC record

Publish this as a TXT record in your DNS.

Host / Name

_dmarc.yourdomain.com

Value (TXT)

v=DMARC1; p=none;

Record type: TXT · TTL: your provider's default (e.g. 3600) is fine.

No rua address set — you'll get no aggregate reports, which means no visibility into who is sending as your domain. Add one before publishing.
p=none is monitoring mode: receivers report but deliver everything, including spoofed mail. It's the right starting point — plan to move to quarantine, then reject, once your reports show all legitimate senders passing.

After you publish

  1. Add the TXT record at your DNS host and allow up to an hour for propagation.
  2. Verify it with the free DMARC checker.
  3. Watch your aggregate reports, fix SPF and DKIM for every legitimate sender, then step up to quarantine and reject.

Troubleshooting ri

IssueLikely causeFix
Reports arrive daily despite ri=3600Receivers treat ri as a request and batch daily anywayExpected behavior — remove the tag and work with the daily cycle
No reports arriving at allThe problem is the rua= address, not ri — missing, mistyped, or a mailbox rejecting XML attachmentsFix the rua= address; ri has no bearing on whether reports are sent
Record generator inserted ri=86400 automaticallyGenerators often emit every tag with its default valueSafe to remove — an explicit default changes nothing

See this on your own domain

Enter your domain — the check runs instantly on the next page. Free, no signup.

Why it matters for MSPs

ri itself breaks nothing — the risk is what it signals. Records across a client base padded with inert tags usually mean they were generated once and never reviewed. If ri=3600 survived an audit, so did whatever actually matters, like a pct stuck at 25 or an sp=none.

Trusted by MSPs

Their responsive support, agent task lists, white-label reporting, and centralized dashboard make managing our customer domains, effortless.
Bobby GhoshalBobby Ghoshal CEO, dupe.com
Partner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner LogoPartner Logo

Enforce it — don't just monitor it

Palisade doesn't wait on report cadence tricks — it continuously processes each client domain's aggregate reports as they arrive and advances the policy on the evidence, whatever interval the receivers chose.

Free 15-day trial · No credit card · Your own domain free forever (NFR)

Frequently asked questions

Not reliably. ri is a request, and the major receivers batch daily regardless. Plan your process around a daily report cycle.

No — the default (86400, daily) is what you get with or without it, and DMARCbis removes the tag. Leave it out.

No. Receivers that don't honor it simply ignore it; your policy and reporting still work. It's inert, not dangerous.

Related terms

What is DMARC? Email authentication explained