Skip to main content
New SPF lookups must resolve in milliseconds — why a DMARC tool's add-on isn't enough Learn Why → →

Free DMARC Report Analyzer

Drop a DMARC aggregate report (XML or .gz) and instantly see senders, pass rates, alignment, and per-record details.

Files are parsed in your browser - nothing is uploaded
Built by the AutoSPF Engineering Team | RFC 7489 aggregate report format | Last verified: April 2026

What is a DMARC Aggregate Report?

When you publish a DMARC record with a rua= address, receiving mail servers email you a daily summary of every message claiming to be from your domain. These XML files are how you find out who is sending mail as you - your own infrastructure, your authorized vendors, and anyone trying to spoof your domain.

Each report contains source IPs, message volumes, the SPF and DKIM results, whether each result aligned with the From header, and the policy that was applied. Reading them by hand is painful. This tool gives you a focused, on-demand view of any single report.

How to Read the Results

Pass Rate

Percentage of messages that passed DMARC (SPF or DKIM aligned). Healthy domains sit at 99%+. Anything lower means real legitimate mail is failing - or someone is spoofing you.

Passed but Unaligned

SPF or DKIM passed for a different domain than the From header. Common with third-party senders. Fix it by adding a custom return-path or DKIM signing on your domain.

Top Source IPs

Where your traffic comes from, with reverse-DNS hostnames. If you see IPs you don't recognize sending mail at scale, that is your spoofing problem.

Per-Record Details

Expand any row to see DKIM signing domains, selectors, the SPF return-path domain, and the From header. This is how you trace a failure back to a specific service.

SPF failures showing in your report?

If your DMARC report shows SPF failures or "permerror" results, your SPF record is likely exceeding the RFC 7208 limit of 10 DNS lookups. Each include: mechanism counts toward that limit, and large vendors like Google Workspace, Microsoft 365, and Mailchimp can blow past it on their own.

AutoSPF flattens your SPF chain into a single optimized record that stays under the 10-lookup limit and updates automatically as your senders' IP ranges change. No more PermError. No more manual maintenance.

Fix Your SPF with AutoSPF

One report at a time is fine. Hundreds per day is not.

For continuous DMARC monitoring across all your domains, our sister product DMARC Report ingests every aggregate and forensic report automatically, classifies senders by vendor, and tracks pass rates over time.

Try DMARC Report Free Learn More

Frequently Asked Questions

What is a DMARC aggregate report?

A DMARC aggregate report (RUA) is an XML file sent daily by receiving mail servers like Google, Microsoft, and Yahoo to the address listed in your DMARC record. It contains a summary of every authentication result for messages claiming to be from your domain - source IPs, message counts, SPF and DKIM results, alignment status, and the policy applied.

Is my report uploaded to a server?

No. The DMARC Report Analyzer parses your XML file entirely in your browser using JavaScript. Nothing is sent to a server, stored, or logged. You can verify this by opening your browser DevTools and watching the Network tab while you upload a file.

What file formats are supported?

You can upload uncompressed .xml files or gzipped .xml.gz files. Most mail providers email reports as .xml.gz attachments - drop them in directly without extracting. Encrypted .zip archives are not yet supported; please extract the .xml first.

What does "aligned" vs "not aligned" mean?

DMARC alignment means the domain in the SPF or DKIM check matches the domain in the From header. SPF can pass on its own, but only "aligned" SPF helps DMARC. The same applies to DKIM. A message can pass DMARC if either SPF or DKIM passes AND aligns - so unaligned passes are not protective.

My SPF passes but DMARC still fails. Why?

Most likely your SPF includes are exceeding the 10-lookup limit (PermError) on some queries, or SPF is passing for a different domain than the From header (unaligned). The Authentication Records table will tell you which - if you see "passed but unaligned" SPF, fix the return-path. If you see "fail", AutoSPF can flatten your SPF chain to fit under the lookup limit automatically.

How do I get my own DMARC reports?

Add a DMARC record to your DNS with a rua= tag pointing to a mailbox you own (e.g., v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com). Mail providers will start sending daily aggregate reports to that address within 24-48 hours.

Is the source IP hostname information accurate?

The hostname comes from the IP's reverse DNS (PTR) record, resolved live via Google's public DNS. PTR records are set by the network owner, so they are usually accurate for major senders (mail.google.com, outlook.com, sendgrid.net) but can be missing or misleading for shared hosting and consumer ISPs.

DMARC needs SPF - and SPF needs AutoSPF

DMARC alignment requires a passing SPF check. AutoSPF keeps your SPF record optimized and within the 10-lookup limit automatically.

Start Free TrialView Plans & Pricing