What Is a DMARC Aggregate Report?
A DMARC aggregate report (RUA report) is an XML file that provides a daily summary of how email receivers handled messages from your domain. It includes authentication results, sending IPs, volumes, and policy actions taken.
What Do DMARC Reports Look Like?
They are XML files sent by mail providers like Gmail, Outlook, Yahoo, etc. You can open them with:
Key Sections of a DMARC Report
1. Report Metadata
<report_metadata>
<org_name>google.com</org_name>
<email>dmarc-support@google.com</email>
<report_id>12345678</report_id>
</report_metadata>
2. Policy Published
<policy_published>
<domain>yourdomain.com</domain>
<p>quarantine</p>
</policy_published>
3. Records (Per Sending IP)
<record>
<row>
<source_ip>192.0.2.1</source_ip>
<count>25</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
</record>
How to Interpret the Report
| DKIM | SPF | Disposition | What It Means |
|---|---|---|---|
| pass | pass | none/quarantine | Email is authenticated |
| fail | fail | reject | Likely spoofed or misconfigured |
| pass | fail | none | SPF misalignment |
| fail | pass | none | DKIM misalignment |
Note: For full DMARC compliance, either SPF or DKIM must pass and align with the “From” domain.
How to Act on DMARC Reports
- ✅ Identify trusted vs. suspicious sending sources
- ✅ Ensure all email providers are properly included in SPF & DKIM
- ✅ Adjust your DMARC policy from
nonetoquarantineand eventuallyreject - ✅ Regularly monitor your reports for anomalies
Best Tools to Analyze DMARC Reports
- DMARCian: dmarcian.com
- EasyDMARC: easydmarc.com
- Postmark DMARC Tool: postmarkapp.com
Final Thoughts
DMARC aggregate reports give you visibility into your email domain activity and protection. Even if you’re not technical, using tools to decode these reports helps you identify spoofing attempts and misconfigurations early — ensuring stronger deliverability and security.
