DMARC Report Analyzer

Upload your DMARC aggregate XML report and instantly convert it into a clear, human-readable breakdown of SPF/DKIM results, sender IPs, and policy dispositions.

Drop your DMARC XML report here, or click to browse

Supports .xml DMARC aggregate reports — parsed entirely in your browser. Nothing is uploaded to our servers.

Your XML data is analyzed entirely in your browser and never sent to our servers.

What is DMARC?

Domain-based Message Authentication, Reporting and Conformance (DMARC) is a type of DNS TXT record that tells receiving mail servers how to handle emails that fail SPF or DKIM authentication checks. DMARC policies protect your domain from email spoofing by ensuring that only authorized servers can send mail on your behalf. SPF, DKIM, and DMARC work together as a layered authentication system that acts as a background check for every email sent from your domain.

How does a DMARC report work?

When an email is sent from your domain, the receiving mail server runs authentication checks to validate whether the message is legitimate. If the email fails these checks, the server applies your DMARC policy to determine the appropriate action — whether to deliver it, quarantine it, or reject it entirely. The server then generates a DMARC report summarizing the results. Your DMARC record's tags control when reports are created, how frequently they are sent, and in what format.

DMARC report types

DMARC reports are XML-based files that document the authentication status of emails sent from your domain. There are two types.

Aggregate reports contain a summary of authentication results across all emails received from your domain during a given period. They include the sender IP address, number of emails sent, date range, SPF and DKIM results, and the email service provider used. These reports are sent to the email address specified in the rua tag of your DMARC record.

Forensic reports are generated only when an individual email fails authentication. They contain detailed information about the failed message including the sender address, recipient address, source IP, timestamp, email headers, and subject line. These reports are sent to the address in the ruf tag.

How nameindia.tech's DMARC Report Analyzer works

DMARC aggregate reports are delivered as XML files which are difficult to read in their raw form. Our analyzer converts them into a clear, structured layout showing report metadata, published policy settings, a summary of total emails and pass rates, and a full breakdown of each authentication record by source IP. Simply upload your XML file or paste the content directly — everything is processed in your browser with no data sent to our servers.

Frequently Asked Questions

What happens when an email fails the authentication process?

The action taken depends on the policy defined in your DMARC record using the p= tag. Setting p=none means the email is delivered with no action taken, which is useful during initial monitoring. Setting p=quarantine moves the email to the recipient's spam folder. Setting p=reject causes the receiving server to drop the message entirely. You can also apply a separate policy to subdomains using the sp= tag.

When is a DMARC report generated?

Report generation is controlled by the fo= tag in your DMARC record. Setting fo=0 generates a report only when both SPF and DKIM checks fail. Setting fo=1 generates a report when either SPF or DKIM fails. Setting fo=s generates a report specifically when the SPF check fails. Reports are sent at the frequency configured in your record, typically once per day.

How often should DMARC reports be generated?

This depends entirely on your email volume. Every mail server that receives an email from your domain can send you a report in return. For most domains, a daily aggregate report is standard. It is strongly recommended to use a dedicated mailbox or group email address for receiving DMARC reports rather than a personal inbox, as high-volume sending domains can receive a significant number of reports.

What do the SPF and DKIM alignment settings mean?

Alignment controls how strictly the domain in the authentication result must match the domain in the email's From header. Relaxed alignment (r) allows the root domain to match, while strict alignment (s) requires an exact match. The adkim= tag controls DKIM alignment and aspf= controls SPF alignment.

What does the pct= tag do?

The pct= tag specifies the percentage of emails to which the DMARC policy is applied. Setting pct=100 (the default) applies the policy to all emails. Setting a lower value, such as pct=10, is a common way to gradually roll out a stricter policy while monitoring its impact before full enforcement.

Is my DMARC XML data safe to upload here?

Yes. nameindia.tech's DMARC Report Analyzer parses your XML file entirely within your browser. No data is transmitted to our servers at any point, so your report content remains completely private on your own device.