Is my report uploaded to a server?

No. Files are parsed entirely in your browser using JavaScript. Nothing is uploaded to DMARC Busta or any third party.

What file formats are supported?

Plain XML (.xml), gzipped XML (.xml.gz or .gz), and ZIP archives (.zip) containing one or more XML files. Maximum file size is 10 MB.

What does aligned vs not aligned mean?

DMARC alignment means the authenticated domain (from SPF or DKIM) matches the visible From: domain. SPF or DKIM can pass authentication but still fail DMARC if the authenticated domain belongs to someone else (a third-party sender).

Why does an SPF result show passed but unaligned?

The sending IP was authorized by SPF for some domain, just not yours. Most third-party email senders need to be configured to use your domain for SPF alignment, otherwise their messages count as DMARC failures even though SPF technically passed.

How do I get my own DMARC reports?

Add a rua=mailto:you@example.com tag to your domain's DMARC TXT record. Mailbox providers will start sending reports within 24 hours.

What if I receive hundreds of reports per day?

Reading them manually stops scaling fast. DMARC Busta ingests every report automatically, deduplicates senders, classifies them by known vendor, tracks pass rates over time, and alerts you when something changes.

Is the source IP information accurate?

The source IP is what the receiving mail server actually saw connect. It is the most reliable signal in the report. Reverse DNS may not match because many legitimate senders use shared IP pools.

Free DMARC Report Analyzer

Q: What is a DMARC aggregate report?

An XML report sent daily by mailbox providers (Google, Microsoft, Yahoo, etc.) listing every IP that tried to send mail as your domain, with counts and SPF/DKIM results. They are configured by adding a rua= tag to your DMARC record.

Upload your DMARC aggregate report and turn raw XML into something you can use.

Files are parsed in your browser — nothing is uploaded

Drop your DMARC report here

or click to browse

Supports .xml, .xml.gz, .gz, .zip · Max 10 MB

What is a DMARC aggregate report?

DMARC aggregate (rua) reports are XML files that mailbox providers like Google, Microsoft, and Yahoo send to you each day. Each report lists the IPs that sent email claiming to be from your domain, how many messages they sent, and whether SPF and DKIM passed and aligned. They're machine-readable, ugly to skim, and the only direct view you get into who's actually sending mail as you.

Successfully parsed — messages

Report Summary

Organization

Contact

Date Range

Domain

Report ID:

Volume

Total Messages

Passed

Failed

Pass Rate

Policy Configuration

Domain Policy

Subdomain Policy

DKIM Alignment

SPF Alignment

Coverage

DKIM Authentication

Passed & Aligned

Passed but Unaligned

Failed

SPF Authentication

Passed & Aligned

Passed but Unaligned

Failed

Top Source IPs

Authentication Records

One report at a time is fine. Hundreds per day is not.

DMARC Busta ingests every aggregate and forensic report automatically, classifies senders by vendor, tracks pass rates over time, and tells you when something changes. Free plan covers 1 domain.

Start Free — No Credit Card See How Continuous Monitoring Works

How to read the results

Pass Rate

The percentage of messages where DMARC passed (SPF or DKIM aligned and authenticated). Healthy domains sit above 99%. Below 95% means something is sending mail as you that shouldn't be, or a legitimate sender hasn't been authorized yet.

Passed but Unaligned

SPF or DKIM passed authentication, but the authenticated domain doesn't match your From: domain. Common with third-party senders (Mailchimp, SendGrid) before they've been configured to align. DMARC treats unaligned passes as failures.

Top Source IPs

The IPs that sent the most messages claiming to be from your domain. You should recognize each one. An unrecognized IP with high volume is either a forgotten sender or a spoofer.

Per-Record Details

Each row is one IP's batch of messages over the report window. Use the table to drill into specific failure patterns — e.g. an IP that sends 1,000 messages with SPF aligned but DKIM unaligned needs DKIM configured.

Frequently asked questions

What's Inside a DMARC Aggregate Report?

A look at the XML structure mailbox providers send you every day — and what each field actually means

DMARC aggregate (rua) reports are XML files that mailbox providers like Google, Microsoft, Yahoo, Apple, and AOL send to the address listed in your DMARC record's rua= tag. Each report covers a single 24-hour window and lists every IP address that sent mail claiming to be from your domain, how many messages came from each IP, and whether SPF and DKIM passed and aligned.

The XML schema is simple but verbose. The <report_metadata> block names the sender (e.g. Google), the date range, and a unique report ID. <policy_published> echoes the DMARC policy your DNS published at the time. Then <record> blocks — one per source IP — show the message count, authentication results (spf and dkim pass/fail), and the policy disposition (delivered, quarantined, or rejected).

The information is gold — it is the only direct view you get into who is actually sending email as your domain. The format is just hostile to read by hand. This analyzer parses the XML in your browser (nothing is uploaded), groups the records by sender, calculates pass rates, and surfaces alignment failures so you can see at a glance whether legitimate sending services are misconfigured or whether someone is actually trying to spoof you.

Report XML Snippet

<record>
  <row>
    <source_ip>209.85.220.41</source_ip>
    <count>142</count>
    <policy_evaluated>
      <disposition>none</disposition>
      <dkim>pass</dkim>
      <spf>pass</spf>
    </policy_evaluated>
  </row>
</record>

Related Tools

Once you understand your DMARC reports, fix the underlying records

DMARC Checker

Look up and validate your domain's DMARC record.

DMARC Generator

Build a DMARC record with policy and reporting.

SPF Checker

Validate SPF when reports show alignment failures.

DKIM Checker

Validate DKIM keys when alignment fails.

Hundreds of Reports? Stop Parsing Manually.

DMARC Busta ingests every aggregate report automatically, deduplicates senders across reports, classifies them by known vendor, and tracks pass rates over time — so you only see the things that actually changed.

Get Started Free