• I have a DMARC report that shows a full email and I am concerned about data retention
• I have an email that contains a DMARC report that might be a GDPR violation.

Failure reports that show full emails are called Forensic Reports, known as RUF in DMARC nomenclature.

If a DMARC record includes a statement like "[email protected]", then this gives permission for other domains to send Forensic Reports.

Per dmarc.org, if there is no ruf field in the DMARC record, then no forensic reports should be sent.

For more information, please review dmarc.org and the associated RFCs for DMARC.