What are DMARC aggregate reports?
DMARC aggregate reports are files in the xml format containing aggregate email authentication information sent by Email Service Providers (ESP) like Gmail, Office 365, Yahoo Mail, etc. periodically to recipients designated by domain owners.
DMARC aggregate reports provide information about percentages of email passing/failing SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC checks.
Although they do not provide much information about individual email messages, DMARC aggregate reports can provide valuable visibility into the health of your email program, and help you identify potential authentication issues and/or malicious activity.
How to parse a DMARC aggregate report
DMARC aggregate reports are encoded in XML format, which is a data format easy for machines to parse, while time-consuming for humans to read.
Here is an example DMARC aggregate report:
Receiving DMARC aggregate reports
Receiving DMARC aggregate reports is a matter of publishing a DMARC record in the DNS with the
rua tag pointing to the recipient's email.
For example, the following rua tag requests ESPs to send DMARC aggregate reports to email@example.com:
When you sign up with DMARCLY, a mailbox is created for you in our system to receive DMARC aggregate reports. After you have published the DMARC record with the rua tag set to that mailbox, DMARCLY will start receiving DMARC aggregate reports on your behalf. These reports are usually sent daily, therefore DMARCLY should have them ready after you have published the DMARC record after a couple of days.
Each time DMARCLY receives these reports, it processes them and saves the parsed data in the database. Next time you log in to the DMARCLY dashboard, the data is rendered into beautiful charts and give you insights into the health of your email streams.
Viewing DMARC aggregate data charts
DMARCLY's aggregate data charts are rendered using DMARC aggregate reports. These charts give you an overview of email authentication status, as well as information about percentages of email passing/failing SPF, DKIM and DMARC checks.
Here is what it looks like:
You can view DMARC aggregate data from any of the following dimensions:
- Domain: the subject domain of reports;
- Domain Group: all the subject domains in the group;
- Source: from where emails are sent;
- Result: DMARC alignment results, i.e., aligned and unaligned;
- Organization: organizations (ESPs) who sent the reports;
- Unaligned Sources: unaligned emails by source;
- Unaligned Map: unaligned emails by country.
You can also view how unauthenticated and total volumes change over time in the Series tab:
Protect Your Business Email
Get a 14 day trial. No credit card required.Create Account