DMARC Report Analyzer

DMARC aggregate reports arrive as compressed XML nobody can read. Drop one here and see it as a clear table: who sent as your domain, how much, and whether it passed. The file is parsed in your session and never stored.

The attachment from a report email — sender is usually [email protected], [email protected], or similar.

How to read a DMARC aggregate report

Each row is one sending source the reporter saw using your domain during the window (usually one day). The columns that matter:

  • Source IP — the server that sent the mail. Look it up with our IP lookup to identify the service behind it.
  • DKIM / SPF — the aligned evaluation results. A legitimate sender showing fail on both is the thing to fix before tightening your policy.
  • Disposition — what the receiver actually did under your current policy (none, quarantine or reject).

High-volume rows that pass are your real mail. Low-volume rows failing everything are usually spoofers — exactly what a p=reject policy will stop. Legitimate services failing alignment (a CRM, a newsletter tool) need their SPF include or DKIM key configured before you enforce — that rollout is what the DMARC generator and our guide walk through.

Frequently asked questions

Is my report file uploaded anywhere?

It is parsed in memory to render this page and immediately discarded — never written to disk, never logged, never used for anything else. If you prefer, you can disconnect from the internet after loading the page... but then the upload wouldn't work, so we settle for the promise plus the fact that automatic ingestion (where storage is the whole point) is clearly labeled as such.

Why do I get reports from domains I never emailed?

Anyone can send mail claiming to be you; any receiver with your rua= address then reports what they saw. Reports about traffic you don't recognize are usually evidence of spoofing attempts — the reason DMARC enforcement exists.

One file at a time is tedious. What's the alternative?

Point your DMARC record's rua= at a private ingest address from Deliverability Guard and every report is parsed automatically into a rolling per-source table with a "safe to enforce?" advisor.

Last reviewed: Reviewed by the

How this tool works: This tool runs in your browser and on our server in real time. Depending on the tool, results are computed directly from the input you provide or retrieved from live, authoritative data sources at the moment you run a lookup. We do not sell your data, and your lookups are kept private — any history shown here is stored only on your device.

Related Tools

Explore these related tools to get more insights and complete your analysis:

IP Lookup

Enter any IP address to instantly find its geographic location, ISP, hostname, and organization. Our IP lookup tool provides accurate geolocation data worldw...

DNS Lookup

Check DNS records for any domain instantly. Our free DNS lookup tool queries authoritative nameservers to show A, AAAA, MX, TXT, NS, SOA, and CNAME records.

WHOIS Lookup

Look up WHOIS data for any domain to see registration details, nameservers, registrar information, creation and expiration dates, and contact information.

SSL Certificate Checker

Check any website's SSL/TLS certificate. View expiration date, issuer, certificate chain, supported protocols, and get a security grade with recommendations.

Port Scanner

Scan any host to discover open ports and identify running services. Essential for security audits, firewall testing, and network troubleshooting.