DMARC Report Analyzer
Paste the contents of a DMARC aggregate report (the XML inside the .xml.gz / .zip attachment your rua= mailbox receives daily). We parse it locally and render the per-source-IP details: volume, SPF/DKIM result, alignment, disposition, and the receiver's failure reason when present. Same parser that powers PhishFence's ingest pipeline.
How to get a DMARC report
If you've published a DMARC record with a rua=mailto:... tag, mailbox providers (Google, Microsoft, Yahoo, etc.) send you daily aggregate reports as gzipped XML attachments. Open the .gz file, paste the inner XML here.
Don't have DMARC published yet? Start with the DMARC Record Generator (publishes a record at p=none so you collect data without affecting delivery), then come back here once your first reports arrive.
Want this automatic? PhishFence ingests aggregate reports for monitored domains, parses them, surfaces the same per-source breakdown plus IP enrichment (PTR, ASN, country) and LLM-driven root-cause analysis Beta. Scan your domain to get your exact records and a guided path to enforcement, then monitor one domain free.
Frequently asked questions
How do I read a DMARC report?▾
A DMARC aggregate (rua) report is XML that lists every source IP that sent mail claiming to be your domain, with the SPF and DKIM result, alignment, and the disposition the receiver applied. Paste the XML above and this analyzer renders it row by row in plain English so you can spot which senders are failing.
What is in a DMARC aggregate (rua) report?▾
Report metadata (which receiver sent it and the date range), your published policy, and one row per sending source: the IP, message count, SPF result and domain, DKIM result and domain, alignment, and the disposition (none, quarantine, or reject). Forensic (ruf) reports are different: they carry per-message samples, not aggregate counts.
Where do I get a DMARC report?▾
Publish a DMARC record with a rua=mailto: tag and receivers (Google, Microsoft, Yahoo, and others) send you daily aggregate reports as gzipped XML attachments. Open the .gz file and paste the inner XML here. No DMARC yet? Generate a starter record at p=none first.
Is the report processed in my browser or uploaded?▾
The XML you paste is parsed to render the table and is not stored. For ongoing, automatic parsing across all your domains with IP enrichment and root-cause analysis, PhishFence ingests reports for monitored domains.