DMARC Aggregate Report Viewer
Upload a DMARC aggregate report (XML, gzip, or ZIP) from your mail server to see SPF/DKIM authentication and policy results by source IP in a readable table. Parsing happens 100% in your browser — the file is never uploaded to a server.
Tips
- DMARC aggregate reports are normally emailed daily (as gzip or ZIP-compressed XML) to the address you specified in the "rua" tag of your DMARC record. You can upload that attachment directly to this tool.
- A low "SPF & DKIM pass rate" often means a legitimate sender — your marketing platform, CRM, or an outsourced mail vendor — isn't configured correctly for SPF/DKIM. Note the source IP and investigate it.
- While your policy (p) is still "none", messages that fail authentication are still delivered. Only tighten it to quarantine or reject once your pass rate is consistently high.
- An unfamiliar source IP sending a large volume of messages under your domain can be a sign of phishing or spam abusing your brand. Check the Header From value and reverse-lookup the source IP.
- When comparing multiple days of reports, jot down the date range (begin/end) embedded in each file so you can track how the pass rate changes over time.
Frequently Asked Questions
Side Note — How DMARC reports turned an invisible problem visible
DMARC (Domain-based Message Authentication, Reporting & Conformance), standardized in 2012, ties together two existing authentication mechanisms — SPF and DKIM — and lets a domain publish, via DNS, exactly how mail that fails authentication should be handled. But for most administrators, the real value isn't the policy enforcement itself — it's the aggregate reporting ("rua") feature.
Before DMARC, there was almost no way to know how much mail was being sent claiming to be from your domain, or how much of it was legitimate versus spoofed. Abuse of your domain's reputation could go on indefinitely — an invisible threat you'd only learn about from angry recipients, if at all.
A DMARC aggregate report makes that traffic visible: which IPs sent how many messages claiming your domain, and how each one fared against SPF and DKIM. Major providers (Gmail, Yahoo, Microsoft, and others) faithfully report back on the mail they receive, letting you discover senders you didn't even know about — a cloud service, a salesperson's personal mail tool, or an outright impersonator.
When Google and Yahoo effectively made DMARC mandatory for bulk senders in 2024, demand for parsing aggregate reports surged among developers and mail administrators. Many organizations adopt a paid monitoring SaaS, but for a quick, one-off look at a single report, a free, fully client-side tool like this one is often all you need.