DMARC Report Analyzer
What is DMARC? (Click to expand)
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps protect your domain from email spoofing, phishing, and other fraudulent activities.
Key DMARC Concepts:
- Authentication: DMARC works with SPF and DKIM to verify if an email is legitimate.
- SPF (Sender Policy Framework): Checks if the sending server is authorized to send emails for your domain.
- DKIM (DomainKeys Identified Mail): Adds a digital signature to emails that can be verified by receiving servers.
- Alignment: Ensures the domain in the From address matches the domain validated by SPF or DKIM.
- Policy: Tells receiving servers what to do with emails that fail authentication (none, quarantine, or reject).
- Reporting: Provides feedback about emails sent using your domain, helping you identify legitimate and fraudulent uses.
The XML reports you receive contain detailed information about emails claiming to be from your domain. This tool helps you understand these reports and take appropriate action.
Upload or Paste DMARC XML Report
Processing your DMARC report...
Analysis & Recommendations
Report Metadata
Policy Summary
Detailed Records
This table shows each IP address that sent emails using your domain during the reporting period.
| Source IP | Count | Disposition | SPF | DKIM |
|---|
Visual Summary
Message Disposition
Authentication Results
Common DMARC Issues & Solutions
SPF Failures
When emails fail SPF authentication, it means the server sending emails is not listed in your SPF record.
How to fix:
- Identify legitimate sending services (email providers, marketing tools, etc.)
- Update your domain's SPF record to include these legitimate services
- Example SPF record:
v=spf1 include:_spf.google.com include:sendgrid.net ~all
DKIM Failures
When emails fail DKIM authentication, they either lack a digital signature or have an invalid signature.
How to fix:
- Enable DKIM signing for all your email services
- Follow your email provider's instructions to set up DKIM
- Add the DKIM public key to your domain's DNS records
- Ensure DKIM selectors are correctly configured
Alignment Issues
Alignment fails when the domain in the From address doesn't match the domain authenticated by SPF or DKIM.
How to fix:
- Ensure From addresses use your main domain
- For third-party services, use their DKIM authentication options
- Consider changing strict alignment (s) to relaxed (r) in your DMARC record
Implementing DMARC Gradually
It's best to implement DMARC in phases to avoid disrupting legitimate email.
Recommended approach:
- Start with a monitoring policy:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; - Analyze reports and fix authentication issues for legitimate senders
- Gradually increase enforcement by setting percentage:
v=DMARC1; p=quarantine; pct=25; rua=mailto:dmarc@yourdomain.com; - Move to full quarantine:
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; - Finally, move to reject policy:
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com;
