3,932 Australian domains analysed. Most fail basic email authentication. [2026 Report]

Free DMARC Report Analyzer

Upload your DMARC aggregate report and turn raw XML into something you can use.

Files are parsed in your browser — nothing is uploaded

What is a DMARC aggregate report?

DMARC aggregate (rua) reports are XML files that mailbox providers like Google, Microsoft, and Yahoo send to you each day. Each report lists the IPs that sent email claiming to be from your domain, how many messages they sent, and whether SPF and DKIM passed and aligned. They're machine-readable, ugly to skim, and the only direct view you get into who's actually sending mail as you.

Successfully parsed messages

Report Summary

Organization

Contact

Date Range

Domain

Report ID:

Volume

Total Messages

Passed

Failed

Pass Rate

Policy Configuration

Domain Policy

Subdomain Policy

DKIM Alignment

SPF Alignment

Coverage

DKIM Authentication

Passed & Aligned
Passed but Unaligned
Failed

SPF Authentication

Passed & Aligned
Passed but Unaligned
Failed

Top Source IPs

Authentication Records

of

One report at a time is fine. Hundreds per day is not.

DMARC Busta ingests every aggregate and forensic report automatically, classifies senders by vendor, tracks pass rates over time, and tells you when something changes. Free plan covers 1 domain.

Start Free — No Credit Card See How Continuous Monitoring Works

How to read the results

Pass Rate

The percentage of messages where DMARC passed (SPF or DKIM aligned and authenticated). Healthy domains sit above 99%. Below 95% means something is sending mail as you that shouldn't be, or a legitimate sender hasn't been authorized yet.

Passed but Unaligned

SPF or DKIM passed authentication, but the authenticated domain doesn't match your From: domain. Common with third-party senders (Mailchimp, SendGrid) before they've been configured to align. DMARC treats unaligned passes as failures.

Top Source IPs

The IPs that sent the most messages claiming to be from your domain. You should recognize each one. An unrecognized IP with high volume is either a forgotten sender or a spoofer.

Per-Record Details

Each row is one IP's batch of messages over the report window. Use the table to drill into specific failure patterns — e.g. an IP that sends 1,000 messages with SPF aligned but DKIM unaligned needs DKIM configured.

Frequently asked questions