DMARC Report Analyzer

Paste or upload a DMARC aggregate (RUA) report and read it in plain English — who's sending as your domain, what's passing, and which failing mail is spoofing vs your own senders. Free, no signup.

🔒 Parsed entirely in your browser — your report is never uploaded to us.

How to read a DMARC aggregate report

A DMARC aggregate report answers one question: who is sending email as your domain, and does it pass authentication? Every report has a policy_published block (the DMARC policy you have live — p=none, quarantine or reject) and a list of record entries, one per sending source.

For each source you get a source IP, a message count, and the DMARC result — whether SPF and DKIM aligned with your domain. A message passes DMARC if SPF or DKIM aligns. The trap most people fall into: they see failing messages, panic, and assume their setup is broken. But most failing traffic is either a legitimate service that isn't aligned yet, or someone spoofing you — and those need completely different responses.

The analyzer above sorts every source into those buckets automatically, so you can tell at a glance whether you're safe to move to p=reject without blocking your own mail. New to DMARC? Start with the DMARC guide, or check your DMARC record.

Frequently asked questions

What is a DMARC aggregate (RUA) report?
It's a daily XML file that mailbox providers (Google, Microsoft, Yahoo and others) send to the rua= address in your DMARC record. Each report lists every IP that sent mail using your domain in the From address, how many messages, and whether they passed SPF, DKIM and DMARC alignment. It's how you discover who is really sending as you.
Why are the reports unreadable XML?
DMARC reports were designed for machines, not people — they arrive as gzipped XML attachments. This tool decompresses and parses them in your browser and turns them into a readable table so you can actually see what's going on.
Some of my mail is failing DMARC — is my domain misconfigured?
Not necessarily. Failing mail from your own sending services (an ESP that isn't aligned yet) is a real fix. But failing mail from random, unknown IPs is usually someone spoofing you — and that's exactly what DMARC is meant to catch. This analyzer separates the two so a spoofing attempt doesn't look like a broken setup.
Is my report uploaded anywhere?
No. Parsing happens entirely in your browser using JavaScript — the report never leaves your device and we never store it. For continuous, automated analysis across many domains, our paid monitoring ingests reports server-side on your behalf.
How do I get these reports automatically?
Add a rua= address to your DMARC record. DomainHealthPro can generate one per domain, ingest the reports for you daily, resolve each source IP to a real ESP, track trends over time, and alert you when your own senders start failing — all white-labeled for agencies and MSPs.