Free tool
DMARC Report Analyzer
Paste a DMARC aggregate XML report and turn it into a readable summary of who sends mail as you.
Turning a DMARC report into something you can act on
Once you publish a DMARC record with an rua= tag, mailbox providers start emailing you aggregate reports — one XML file per provider, per day. Each file is a goldmine: it lists every IP address that sent mail using your domain and whether it passed authentication. The problem is the format. Raw DMARC XML is built for machines, not people. This DMARC report analyzer reads that file and gives you the summary you actually wanted.
What the summary tells you
The headline numbers are your pass rates: what percentage of mail passed DMARC overall, and how SPF and DKIM alignment contributed. A healthy domain trends toward 100% — anything lower means either a legitimate service you haven't authorized yet, or someone spoofing you.
Reading the source table
Every row is a sending source. Legitimate sources you recognize (your mail provider, your newsletter tool, your helpdesk) should be aligned and passing — if one isn't, add it to your SPF record or enable DKIM for it. Sources you don't recognize that are failing are exactly why DMARC exists: with a policy of p=reject, that mail gets blocked before it reaches anyone.
From monitoring to enforcement
The point of reading reports is to safely move your policy from p=none (monitor) to p=quarantine and finally p=reject (enforce) — once the reports confirm every legitimate sender is aligned. Start by confirming your records with the Email Protection Checker, then use this analyzer each week to watch your pass rate climb before you tighten the policy.
Frequently asked questions
What is a DMARC aggregate report?
A DMARC aggregate report (also called a RUA report) is an XML file that mailbox providers like Google and Microsoft send you daily. It summarizes every source that sent email using your domain and whether each one passed SPF and DKIM alignment — so you can see exactly who is sending mail as you.
Why are DMARC reports in XML?
The DMARC standard (RFC 7489) defines reports as XML so they can be processed automatically. That makes them precise but hard to read by eye. This analyzer parses the XML and turns it into a plain summary with pass rates and a per-source table.
What does SPF or DKIM 'aligned' mean?
Alignment means the domain that passed SPF or DKIM matches the domain in the visible From address. For a message to pass DMARC, at least one of SPF or DKIM has to do two things at once: pass its own check and be aligned with that From domain. So a source can pass raw SPF and still fail DMARC if the pass isn't aligned.
How do I get DMARC reports for my domain?
Publish a DMARC record at _dmarc.yourdomain.com with an rua= tag pointing to a mailbox you control, for example v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. Reports begin arriving within a day or two. Use our Email Protection Checker to confirm your record is set up.
Is this DMARC tool free and private?
Yes. The analyzer is free and the report you submit is parsed in memory to generate the summary — it is not stored on our servers. It's part of Confidanti's free security toolkit.
Keep going
Email Protection Checker →
Check your domain's MX, SPF, and DMARC records and confirm reporting is on.
Who can send email as you? →
The plain-English guide to SPF, DKIM, and DMARC and why they matter.
All free tools →
Browse Confidanti's free DNS and email-security utilities.
Get ongoing protection →
Continuous monitoring, phishing defense, and incident response in one plan.