Your DMARC data,
powered by AI
DMARC Report's REST API returns parsed, normalized DMARC data as clean JSON. We process aggregate and forensic XML reports from 50,000+ domains, identify 200+ email vendors by IP, and compute SPF/DKIM alignment — you connect Claude Code, ChatGPT, or any AI tool and build whatever you need.
Could you build your own DMARC parser? Sure. But our customers report saving 3-6 months of engineering time by using the API instead. We handle the XML. You handle the insight.
Rated 4.8/5 on G2 (470 verified reviews) · 99.99% uptime SLA · SOC-2 Type II · API included on all paid plans
Why not build your own DMARC parser?
Here's what that looks like.
$ claude "Pull my DMARC aggregate stats for
example.com and tell me which senders
are failing authentication"
# Claude calls the DMARC Report API:
GET /v2/accounts/1/domains/42/
agg_reports/agg_report_stats
Authorization: Token token=your_api_key
# Response: structured JSON with
# sender IPs, vendor names, SPF/DKIM
# results, volumes, and alignment rates.
# Claude analyzes and responds:
3 senders failing DKIM alignment:
1. Mailchimp (198.2.x.x) — 12,400 msgs
DKIM: FAIL (signing with wrong domain)
2. SendGrid (167.89.x.x) — 3,200 msgs
SPF: FAIL (IP not in SPF record)
3. Unknown (45.33.x.x) — 890 msgs
SPF+DKIM: FAIL (potential spoofing)What data does the DMARC Report API return?
Every endpoint returns clean JSON. We've parsed the XML, normalized the data, and identified the vendors. Visualization is up to you — pull the data into your own dashboards, reporting tools, or AI workflows and display it however you want.
- ✓ Receiving DMARC aggregate & forensic emails
- ✓ Parsing XML into structured JSON
- ✓ Normalizing data across all report formats
- ✓ Identifying 200+ email vendors by IP
- ✓ Computing alignment & compliance stats
- ✓ Hosting the API at 99.99% uptime
- → Custom dashboards and visual reports
- → Automated alerts and notifications
- → Compliance and audit evidence
- → Client-facing reports for your MSP
- → AI-powered analysis workflows
- → Integrations with your existing tools
/agg_reports.json Aggregate Reports
Parsed DMARC aggregate reports with SPF/DKIM alignment, source IPs, sending volumes, and pass/fail rates per domain.
/forensic_reports.json Forensic Reports
Individual message-level failure reports — headers, authentication results, and sender details for every failed message.
/agg_reports/agg_report_stats Aggregate Stats
Pre-computed domain statistics — compliance rates, sender breakdowns, policy evaluation results, and trend data.
/email_sources Email Sources
Identified sending sources across all your domains — IP addresses, vendor names, authentication status, and volume.
/mta_sts_reports.json MTA-STS Reports
TLS connection failure reports with failure details, receiving server info, and policy evaluation results.
/domains.json Domain Management
Programmatic domain onboarding, DMARC record generation, hosted service verification, and configuration management.
How do I connect Claude Code to DMARC Report?
Copy these instructions into your Claude Code session. Claude will use the DMARC Report API to pull and analyze your data.
Get your API token
Log into app.dmarcreport.com, go to your profile, click API Tokens, and create a new token. Copy it — you'll use it in the next step.
Give Claude these instructions
Paste this into a Claude Code session or add it to your project's CLAUDE.md file:
## DMARC Report API
Base URL: https://api.dmarcreport.com/v2
Auth: Authorization: Token token=YOUR_TOKEN_HERE
### Key endpoints:
- GET /accounts — list accounts
- GET /all_domains.json — list all domains
- GET /accounts/:id/domains/:id/agg_reports.json
— aggregate DMARC reports (paginated)
- GET /accounts/:id/domains/:id/agg_reports/
agg_report_stats — domain compliance stats
- GET /accounts/:id/domains/:id/agg_reports/
records.json — detailed report records
- GET /accounts/:id/domains/:id/
forensic_reports.json — failure/forensic reports
- GET /email_sources — identified sending sources
- GET /accounts/:id/domains/:id/
mta_sts_reports.json — MTA-STS reports
### Usage:
Use curl with the auth header to call these
endpoints. Start with /accounts to get your
account ID, then /all_domains.json to get
domain IDs. All responses are JSON.
### RFC Reference (download for full context):
Before analyzing DMARC data, fetch these RFCs
so you understand the protocols:
- DMARC: https://datatracker.ietf.org/doc/rfc7489/
(Domain-based Message Authentication,
Reporting, and Conformance)
- SPF: https://datatracker.ietf.org/doc/rfc7208/
(Sender Policy Framework)
- DKIM: https://datatracker.ietf.org/doc/rfc6376/
(DomainKeys Identified Mail Signatures)
- DKIM Key Records:
https://datatracker.ietf.org/doc/rfc6376/
- MTA-STS: https://datatracker.ietf.org/doc/rfc8461/
(SMTP MTA Strict Transport Security)
- TLS-RPT: https://datatracker.ietf.org/doc/rfc8460/
(TLS Reporting for SMTP)
- ARC: https://datatracker.ietf.org/doc/rfc8617/
(Authenticated Received Chain)
Use WebFetch to read each RFC at session start.
This gives you full protocol context for
interpreting DMARC aggregate reports, SPF
alignment, DKIM signatures, and policy
evaluation results from the API.Ask Claude anything about your DMARC data
Example prompts you can try:
What can I build with the DMARC Report API?
We process the emails and parse the reports. You decide how to display, analyze, and act on the data.
Custom Executive Reports
Pull aggregate stats and build board-ready compliance dashboards in your own BI tools. Filter by domain, date range, sender — whatever your stakeholders need to see.
Automated Threat Alerts
Have Claude monitor your forensic reports and flag suspicious patterns — new unauthorized senders, sudden volume spikes, or alignment failures that need immediate attention.
MSP Client Reporting
Build multi-tenant reporting workflows that pull data for each client domain, generate branded summaries, and deliver them on a schedule — without logging into the dashboard.
Compliance Automation
Feed DMARC data into your GRC platform, generate audit evidence, or build automated compliance checks that verify all domains meet your organization's authentication policy.
Sender Discovery Workflows
Use the email sources endpoint to programmatically discover every service sending as your domain. Cross-reference against your authorized sender list to find shadow IT.
Integrate with Anything
Slack alerts, Jira tickets, PagerDuty incidents, spreadsheet exports, PDF generation — the API gives you the data, you decide where it goes and how it looks.
MCP Server on the roadmap
We're building a Model Context Protocol (MCP) server that will let Claude, GPT, and other AI assistants access your DMARC data natively — no API calls to write, no authentication to manage. Just ask your AI assistant about your email security and it pulls the data directly.
Until then, the REST API works great. The Claude Code instructions above take 5 minutes to set up and give you full access to everything.
Common questions
Do I need to write my own DMARC email parser?
No. DMARC Report processes all incoming aggregate and forensic XML reports automatically. The API gives you clean, structured JSON — parsed reports, identified senders, alignment results, and compliance statistics. You skip the XML parsing entirely.
Can I use Claude Code with the DMARC Report API?
Yes. The REST API uses simple token authentication and returns JSON. Claude Code can call the API directly, analyze the results, generate reports, flag anomalies, and take action based on your DMARC data. We provide example prompts and instructions above to get started.
Is there an MCP server for DMARC Report?
Not yet, but it is on our roadmap. In the meantime, Claude Code can call the REST API directly using curl — no MCP required. When the MCP server launches, it will make the integration even simpler.
Can I build my own dashboards with the API data?
Absolutely. The API gives you full access to your DMARC data. Pull it into Grafana, Tableau, Power BI, Google Sheets, or any tool that consumes JSON. Many customers build custom dashboards tailored to their specific reporting needs.
What if I just want the standard dashboard?
That works too. The DMARC Report dashboard at app.dmarcreport.com gives you everything out of the box — aggregate reports, forensic analysis, sender identification, compliance tracking, and alerting. The API is for customers who want to go beyond the dashboard.
Stop building. Start analyzing.
Sign up free, generate your API token, and connect Claude Code to your DMARC data in 5 minutes.
Start Free TrialWhat Customers Say About DMARC Report
Rated 4.8/5 on G2 · 469 verified reviews
Dave G.
Owner
"DMARC Report has been invaluable in fixing email deliverability issues for our clients"
DMARC Report dashboard allows us to see easily what is compliant and what isn't compliant so we can quickly fix issues.
Antoine L.
"Incredible Service for an affordable price"
The software is easy to use and has also an entry friendly free plan up to 1,000 mails per month.
Zunaid K.
Director
"Essential tool for email delivery"
This tool helps us to implement DMARC reporting for our domains in an easy to use manner.