A mail receiver looks at the domain found in the RFC5322/From header of an email and looks up the DMARC reporting requests for that domain. It looks at the rua and ruf tags found and does an authorisation check to see if the domains specified (in the mailto:) as report receivers have authorised ("agreed") to receive reports for this RFC5322/From domain.
Report authorisation is related to when a sending domain specifies a different domain (in its rua and ruf tags) to which reports should be sent to. The destination domain (report receiver) of the reports has to have a record which essentially says “yes” I can receive reports on behalf of the sending domain. If this authorisation record does not exist at the report receiver side then reports should not be sent to that domain.
To learn more about report authorisation please click on the button below: