Skip to main content
DMARC

DMARC Report Analyzer

Free DMARC report analyzer — upload aggregate XML to visualize authentication results, identify your senders, and spot failures. Runs in your browser; no data leaves your device.

Drag & drop a DMARC report file here

Supports .xml and .xml.gz files

What Are DMARC Aggregate Reports?

DMARC aggregate reports are XML files sent daily by receiving mail servers to the address specified in your DMARC record's rua tag. Defined in RFC 9990 Section 3.1, these reports summarize how receivers handled messages claiming to come from your domain, including SPF and DKIM authentication results and the policy action taken.

Reports arrive as XML files (often gzip-compressed) and can be difficult to read manually. This tool parses the XML structure and presents the data in a human-readable format, helping you identify unauthorized senders, authentication failures, and alignment issues.

XML Report Structure

Every DMARC aggregate report contains three main sections: report metadata (who generated it and the time period), the published policy for your domain at the time, and individual record rows grouping messages by source IP and authentication outcome.

Section Key Fields Purpose
<report_metadata> org_name, report_id, date_range Identifies who generated the report and the reporting period.
<policy_published> domain, p, sp, adkim, aspf, pct Your DMARC policy as seen by the receiver during that period.
<record> source_ip, count, disposition, auth_results Per-source authentication results and actions taken.

How to Read Report Results

Each record row shows a source IP, the number of messages from that IP, and the authentication verdicts. The disposition field tells you what the receiver did: none means delivered normally, quarantine means sent to spam, and reject means the message was refused. Look for rows where DKIM or SPF shows fail to identify unauthorized senders or misconfigured services. For a field-by-field walkthrough with annotated examples, see our guide on how to read a DMARC report.

Where Reports Come From

Reports are sent to the email address in your DMARC record's rua=mailto: tag. Major providers like Google, Microsoft, Yahoo, and others send reports daily. If you are not receiving reports, check that your rua address is correct and that the receiving domain has authorized report delivery (via a DNS record at <domain>._report._dmarc.<rua-domain>).

Frequently asked questions

How do I read a DMARC aggregate report?

Upload the XML (or .gz) file. The analyzer parses each <record>, groups results by sending source, and shows SPF and DKIM pass/fail plus alignment for every IP — turning raw XML into a readable table of who sends mail as your domain and whether it authenticates.

Is my report data uploaded anywhere?

No. The analyzer parses the report entirely in your browser with client-side JavaScript. The XML never leaves your device and is never sent to our servers, so you can analyze sensitive reports without privacy concerns.

Where do I get DMARC aggregate reports?

Receivers send them to the rua= address in your DMARC record, typically once daily per reporting domain, as a gzipped XML attachment. If you receive none, publish a rua=mailto:... tag and confirm the destination authorizes external reports for your domain.

Get the full picture with DMARCguard

Continuous monitoring, aggregate report parsing, and actionable insights for all your email authentication protocols.

Start Free

or compare plans