DMARC Report Analyzer
Turn cryptic DMARC aggregate XML into a clear view of who sends mail as your domain.
Upload or paste a DMARC aggregate report
Drop the XML file your reports mailbox receives (also accepts .xml.gz), or paste the XML below. Everything is parsed locally in your browser — nothing is uploaded.
What is a DMARC aggregate report?
Once you publish a DMARC record with a rua address, mailbox providers (Google, Microsoft, Yahoo and others) send you daily aggregate reports — XML files summarizing every source that sent mail claiming to be from your domain, and whether each passed SPF and DKIM alignment. They're the single most useful tool for finding spoofers and fixing your own misconfigured senders.
How to read the results
- DMARC PASS — the message aligned on SPF or DKIM. Good.
- DMARC FAIL on a familiar IP — a legitimate sender you haven't authorized yet (fix your SPF/DKIM).
- DMARC FAIL on an unknown IP — likely spoofing. This is exactly what DMARC enforcement blocks.
This analyzer runs entirely client-side, so you can safely paste reports without sending your mail data to anyone.
Frequently asked questions
No. The XML is parsed entirely in your browser using JavaScript. Nothing is sent to our servers — the site has no servers that receive your data.
This tool decompresses .gz files automatically in modern browsers. For .zip archives, extract the .xml (or .xml.gz) first and upload that.
Typically once per day per reporting provider, starting a day or two after you publish a DMARC record with a rua address. Volume depends on how much mail uses your domain.