What's inside your DMARC report?
Those daily XML attachments from google.com and outlook.com are answers to one question: who is sending email as your domain, and is it passing authentication? Drop one here and read it as a table instead of XML. Nothing is uploaded to storage.
Drop a report here: .zip, .xml.gz or .xml straight from the report email
Or paste raw XML
Frequently asked questions
- What are these XML report emails I keep getting?
- They're DMARC aggregate reports. Once your domain publishes a DMARC record with a rua tag, every major mailbox provider sends you a daily summary of the mail they saw claiming to come from your domain, as a compressed XML attachment. They're meant for machines, which is why they're unreadable.
- How do I read a DMARC report?
- Each <record> block is one sending IP: how many messages it sent, whether SPF and DKIM passed, and what the receiver did with the mail. This analyzer turns those blocks into a table with the sending service identified by reverse DNS, so you can see at a glance who's legitimate and who isn't.
- Is my report data stored anywhere?
- No. This tool parses the report in memory, shows you the result, and discards it. If you want reports collected, stored, and monitored over time, that's what a DMARCPath account does.
- Why do some legitimate senders fail SPF in my report?
- Usually forwarding: when someone auto-forwards your mail, the forwarding server isn't in your SPF record, so SPF fails. DKIM survives forwarding, so DMARC still passes. Rows that fail SPF but pass DKIM are typically nothing to worry about.