What do DMARC Reports Look Like?


DMARC Reports Explained

By default, DMARC aggregate reports are delivered to the address you speficied in the rua tag daily (every 24 hours). This setup provides the biggest value to your company because you can compare DMARC trends day over day for issues and also to track compliance. A significant perk of collecting DMARC reports is that you will be provided information from all inboxes you sent mail to, which directly gives insight into how your email and your email system is performing. The reports also provide insight into malicious actors that might be spoofing your domain and attempting to phish your customers. These reports provide great insights into your email environment and are well worth the investment to take action on the data.

There is a caveat, though. These reports are difficult to tackle on your own. If your initial plan is to decipher them yourself, you will likely become overwhelmed quickly for several reasons.

1. DMARC reports filling up your inbox

With DMARC set up to send reports to the address you specified, the number of reports you receive will vary by how much email you send. For many senders this can quickly become overwhelming, to the point where the inbox is getting hundreds or even thousands of reports every day, an excessive amount of data to sift through. This process can be daunting, especially if you are the administrator responsible for interpreting the data and making required changes.

2. Issues deciphering report data from XML

Beyond the problem of the volume of reports that can inundate your business every day, once you open one of the reports in XML, you will quickly notice it is difficult to make sense of it all. The DMARC reports you receive from various providers will all include XML (Extensible Markup Language). Unless you are privy to this form of coding, you will need help reviewing and understanding the data sent. Each report contains one or more records, with each record containing SPF and DKIM authentication details and pass/fail statuses, along with an array of other details. To make sense of this, you will need to tie all of those reports together before you can understand/take any action on the data. The below image is of a DMARC aggregate XML report:


As you can see by the above image, these XML reports are not something most are familiar with. These XML reports are an aspect of DMARC that you will likely require assistance for.

3. DMARC reports are not actionable until they are aggregated together

The biggest issue with these XML reports is taking action on the data they provide. Each taken separately, they do not offer a full enough picture of DMARC compliance and email delivery, but when combined, problems will become identifiable and it will be easier to understand where your DMARC compliance is.

So, How Do I Take Action?

To solve this problem for businesses, MxToolbox has created two solutions to this problem:

Allow MxToolbox to Automatically Process Your Reports for You

We take email delivery and DMARC seriously and remove the three (3) hurdles to getting actionable insight on your DMARC XML reports for you. We process and aggregate all of those reports for you to build you a view of where your email is being sent from/to, along with alerts and insights into problems the data is indicating.

Learn More about our DMARC solution

Use Our Free DMARC XML Report Analyzer to Review Individual Reports

If you are not ready yet, we offer a free tool to upload XML files that builds a human readable/understandable report from the unreadable XML. Now, you will not be getting the same insights and alerts as you would by having us automatically process your reports.

XML Tool

burritos@banana-pancakes.com braunstrowman@banana-pancakes.com finnbalor@banana-pancakes.com ricflair@banana-pancakes.com randysavage@banana-pancakes.com