DMARC: must rua email match domain?

spam dmarc

First of all, I don't know if there are any issues specific to how Gmail handles this.

Generally, however, while the DMARC spec does allow for reports to be sent to an external address, it also has additional validation steps for this scenario in order to limit abuse.

The report recipient domain should have a special record in place to indicate that it wants to accept DMARC reports regarding this other domain, and before accepting such a report recipient address the presence of this record should be validated.

Example from the DMARC spec:

For example, if a DMARC policy query for blue.example.com contained
rua=mailto:[email protected], the host extracted from the
latter (red.example.net) does not match blue.example.com, so this
procedure is enacted. A TXT query for
blue.example.com._report._dmarc.red.example.net is issued. If a
single reply comes back containing a tag of v=DMARC1, then the
relationship between the two is confirmed. Moreover,
red.example.net has the opportunity to override the report
destination requested by blue.example.com if needed.

See the full section linked above for all the details.

Related

Best practices for backing up to Amazon s3 and a NAS
Should I use 'cards' or 'a card'? [duplicate]
Why does "savior" have an "i"?
What's the term for an unsecured wifi network that requires logging in through a browser? [closed]
"Whether they are congruent"
"A number of programs" vs. "several programs"
"haven't" as negation of possession
Word for a piece of a pie chart? [duplicate]
Past/Present tense in a conditional statement
Can I use an ellipsis before a comma?
The powers that be [duplicate]
Unusual usage of "do" in "do you follow your path", in a sentence that is not a question