AcuityScan

DMARC Report Analyzer

Paste a DMARC aggregate XML report and get a human-readable summary — who's sending email as your domain, pass/fail rates, and top sources.

XML parsingPass/fail ratesTop sendersHuman-readable

Parses DMARC aggregate XML reports (the files you receive from Google, Microsoft, Yahoo, etc.) and summarizes pass/fail rates per sending IP.

What you get

Here's a sample of what the analyzer returns from a typical DMARC aggregate report.

1,247
Total Messages
98.2%
Pass Rate
1,225
Passed
22
Failed
Sample: Top Sending IPs
209.85.220.41
892 msgs
209.85.220.42
333 msgs
198.51.100.25
15 msgs
203.0.113.10
7 msgs

What this tool analyzes

XML Parsing

Parses the raw DMARC aggregate XML format used by Google, Microsoft, Yahoo, and other mailbox providers. Extracts metadata, policy info, and individual authentication records.

Pass/Fail Rates

Calculates overall DMARC compliance rates across all messages in the report. Shows what percentage of email sent as your domain actually passes SPF and DKIM checks.

Top Sending IPs

Identifies which IP addresses are sending the most email using your domain. Legitimate senders (Google Workspace, Microsoft 365) should appear at the top — unknown IPs may indicate spoofing.

SPF Alignment

Checks whether each sending IP passed SPF authentication. Failing IPs are either not included in your SPF record or are spoofing your domain.

DKIM Alignment

Checks whether each message had a valid DKIM signature. DKIM failures may mean a sender isn't signing emails properly or someone is forging messages.

Per-Record Breakdown

Shows every individual record from the report with source IP, message count, and DKIM/SPF results — so you can trace exactly which senders are passing or failing.

Common questions

What is a DMARC aggregate report?
DMARC aggregate reports are XML files sent to you by mailbox providers (Google, Microsoft, Yahoo, etc.) that summarize how email sent using your domain performed against SPF and DKIM checks. They're sent daily to the address specified in your DMARC record's rua= tag.
Where do I find my DMARC reports?
Check the email address specified in your DMARC DNS record's rua= tag. For example, if your DMARC record says rua=mailto:dmarc@yourcompany.com, reports will arrive at that inbox as .xml.gz or .zip attachments from providers like Google (noreply-dmarc-support@google.com) and Microsoft.
What does a low pass rate mean?
A pass rate below 95% means a significant number of emails sent using your domain are failing authentication. This could mean: (1) legitimate senders aren't in your SPF record, (2) DKIM isn't configured for all sending services, or (3) someone is spoofing your domain. Check the failing IPs to determine which.
How often should I check my DMARC reports?
At minimum, monthly. When first setting up DMARC (especially with a 'none' policy), check weekly to identify all legitimate senders before moving to 'quarantine' or 'reject'. Once your pass rate is consistently above 99%, monthly reviews are sufficient.
Is my data stored anywhere?
No. The XML is parsed entirely in-memory on our server and the results are returned to your browser. We don't store, log, or retain any of your DMARC report data.
Do I need an account?
No account required. For unlimited analyses, monitoring, white-label reports, and the full Site+ Scan, see our Pro and Agency plans starting at $29/month.

Related tools

SPF GeneratorDMARC GeneratorDNS LookupEmail Deliverability

Want the full picture?

The checks email deliverability plus 7 other categories — DNS, SSL, performance, SEO, accessibility, privacy, and mobile.

Run