Skip to main content
New AI-powered DMARC analysis + open REST API See how → →
DMARC Reporting

Turn raw XML into
actionable intelligence

DMARC aggregate and forensic reports decoded, visualized, and prioritized so you know exactly who is sending email as your domain and what to do about it.

Start Free Trial View Pricing
The Basics

Two report types,
one complete picture

DMARC generates two kinds of reports. Aggregate reports (RUA) give you daily summaries of all email activity across your domain. Forensic reports (RUF) give you per-message failure details when something goes wrong.

RUA (Aggregate)

Daily XML summaries from receivers showing every source IP, authentication results, and disposition. The foundation of DMARC visibility.

RUF (Forensic)

Per-message failure reports with full headers, sender IP, and the exact reason authentication failed. Critical for investigating spoofing attempts.

Raw XML
<feedback>
<report_metadata>
<org_name>google</org_name>
<date_range>
<begin>1714521600</begin>
</date_range>
</report_metadata>
<record>
<source_ip>142.250...</source_ip>
<count>847</count>
<policy_evaluated>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</record>
</feedback>
Dashboard
94.2%
Pass Rate
G
Google
Pass
?
Unknown
Fail
Aggregate Report - example.com
94.2%
DMARC Pass
12
Senders
3
Warnings
G
Google Workspace
142.250.x.x · 2,847 msgs
SPF pass DKIM pass
M
Microsoft 365
40.107.x.x · 1,203 msgs
SPF pass DKIM pass
S
SendGrid
168.245.x.x · 456 msgs
SPF pass DKIM pass
M
Mailchimp
205.201.x.x · 89 msgs
SPF pass DKIM fail
?
Unknown sender
91.203.x.x · 14 msgs
SPF fail DKIM fail
Core Feature

Aggregate report
analysis

Raw DMARC XML becomes a visual dashboard showing every sender, their authentication status, and your enforcement readiness. Reports arrive daily from receivers worldwide and are processed automatically.

200+
Vendors auto-classified
Every sending source mapped to a known vendor or flagged for investigation.
94.2%
Avg. pass rate visibility
See DMARC, SPF, and DKIM pass rates across all sources at a glance.
30 days
Trend analysis window
Track authentication rates over time to spot regressions early.
Instant
Actionable recommendations
Prioritized next steps to improve alignment and move toward enforcement.
Forensic Reports

Investigate every
failure in detail

Forensic reports give you per-message failure details. See the exact sender IP, the header mismatch, the mechanism that failed, and what the receiver did with the message. Follow the investigation flow from alert to resolution.

1. Alert received

Authentication failure detected from unrecognized source IP 91.203.145.22

2. Investigate headers

From: ceo@yourdomain.com, Return-Path: bounce@malicious-server.ru - domain mismatch confirmed

3. Confirm rejection

DMARC policy p=reject enforced. Spoofed message blocked before reaching the recipient inbox.

Forensic Report Detail
From
ceo@yourdomain.com
spoofed
Source IP
91.203.145.22
unauthorized
Return-Path
bounce@malicious-server.ru
mismatch
SPF Result
fail (not in SPF record)
fail
DKIM Result
fail (no valid signature)
fail
DMARC Disposition
reject
enforced
Step by Step

How to read a DMARC report

Five steps from raw XML to concrete action. DMARC Report automates every step, but understanding the process helps you make better decisions.

1

Receive XML

Mailbox providers send gzipped XML reports to your rua= address daily. Each report covers a 24-hour window.

2

Parse Tags

Extract key metadata - reporting org, date range, your published policy, and each record row with source IP and auth results.

3

Identify Sources

Map source IPs to known senders. Classify each as authorized (Google, Microsoft, SendGrid) or unknown/suspicious.

4

Check Alignment

Verify SPF and DKIM alignment for each source. Aligned = the authenticated domain matches the From header domain.

5

Take Action

Fix misaligned senders, authorize legitimate sources, and move toward enforcement (p=quarantine or p=reject).

Reference

DMARC record tags explained

Every tag that appears in a DMARC DNS record, with its purpose and an example value. Your DMARC record is a TXT record published at _dmarc.yourdomain.com.

v=
v=DMARC1

Protocol version identifier. Always DMARC1 for current implementations.

p=
p=reject

Domain policy - tells receivers what to do with failing mail: none, quarantine, or reject.

rua=
rua=mailto:dmarc@example.com

Aggregate report URI. Where receivers send daily XML summary reports.

ruf=
ruf=mailto:forensic@example.com

Forensic report URI. Where receivers send per-message failure reports.

sp=
sp=quarantine

Subdomain policy. Overrides the domain policy for subdomains if specified.

adkim=
adkim=s

DKIM alignment mode. Strict (s) requires exact domain match; relaxed (r) allows subdomain match.

aspf=
aspf=r

SPF alignment mode. Strict (s) requires exact domain match; relaxed (r) allows subdomain match.

pct=
pct=100

Percentage of messages subject to the DMARC policy. Useful for gradual rollout.

fo=
fo=1

Forensic report options. Controls when forensic reports are generated (0, 1, d, s).

Start analyzing your DMARC reports today

Free trial - no credit card required. See your first report within 24 hours of setup.

Start Free Trial

What Security Teams Say About Our Reporting

G2 Leader - DMARC

Rated 4.8/5 on G2 · 469 verified reviews

G2 Momentum Leader - DMARC
DG

Dave G.

Owner

5/5

"DMARC Report has been invaluable in fixing email deliverability issues for our clients"

DMARC Report dashboard allows us to see easily what is compliant and what isn't compliant so we can quickly fix issues.

9/27/2022 Verified on G2
ZK

Zunaid K.

Director

5/5

"Essential tool for email delivery"

This tool helps us to implement DMARC reporting for our domains in an easy to use manner.

8/8/2024 Verified on G2
VU

Verified User in Information Technology and Services

5/5

"Best security tool for your own domains"

The weekly reports help me a lot to analyze quickly the emails sent from my domains and that gives me peace of mind.

8/31/2022 Verified on G2
Read all 469 reviews on G2 →