DMARC Report Parser
Paste a DMARC aggregate XML report and read it as a table: who sends as you, pass or fail, aligned or not.
This DMARC report parser turns the daily aggregate XML that Google, Microsoft and other receivers email you into a table you can actually read, entirely in your browser. Paste the contents of an aggregate (rua) report and it lists every IP that sent mail as your domain, how many messages each sent, whether DKIM and SPF passed, and the part most tools blur over: whether they aligned to your From domain. It separates a real pass from the common case of SPF passing for a forwarder while still failing DMARC, so you can spot the legitimate services that need a DKIM signature and the unknown senders worth investigating. Nothing is uploaded, so a production report is safe to paste.
100% in your browser. Nothing you type ever leaves this page.
| Source IP | Messages | DMARC | DKIM | SPF | Receiver did |
|---|
aligned + pass passed but not aligned fail DMARC passes when DKIM or SPF passes and aligns to your From domain.
Self-test passed: parsed a known report and computed the DMARC verdicts on load.
What a DMARC aggregate report actually is
Once you publish a DMARC record with a rua tag, mailbox providers start
sending you a daily XML file: the aggregate report. It is a census, not a sample. Every
IP that sent mail claiming to be your domain shows up, with a message count and the verdict
the receiver reached on DKIM and SPF. The catch is that the raw XML is dense and repetitive,
which is why most people paste it somewhere to read it. That somewhere is usually a website
that uploads your data. This one does the parsing in your browser instead. If the fields
themselves are new to you, our guide
how to read a DMARC report explains each
one with examples.
Reading the table: pass, fail, and the alignment trap
The column that fools people is alignment. A message can pass SPF and still fail DMARC, because SPF passed for the bounce address rather than the From address your readers see. The parser separates the two: it shows the raw DKIM and SPF result and, next to it, whether that result aligned to your domain. A green badge means passed and aligned, which is what you want. An amber badge means it authenticated, but for the wrong domain, the classic signature of a forwarding service or a marketing platform sending on your behalf without a custom DKIM key. A red badge is a plain fail. The DMARC column is the bottom line: it passes when either DKIM or SPF passes and aligns.
What to do with what you find
Work top down by volume. The high-count sources are your real mail streams, and every one
of them should be green. If a service you recognise sits on amber, give it a custom DKIM
signature for your domain and it will align. If an unknown IP is sending in volume and
failing, that is either a forgotten service or someone spoofing you, and it is the reason
DMARC exists. Once every legitimate source passes, you can safely tighten your policy from
p=none to quarantine, then to reject. To check the records that drive all of
this, the SPF, DKIM and DMARC checker audits
your live DNS, and the SPF, DKIM and DMARC
explained guide covers how the three fit together.
Why this runs in your browser
A DMARC report names the servers that send as you and, by extension, sketches your mail setup. That is not something to hand to a random web service to read back to you. Parsing happens entirely on your device with the same XML engine your browser already uses for the web, so you can paste a production report, learn what you need, and close the tab knowing nothing was transmitted. Tools marked as browser-based on this site work the same way.
Frequently asked questions
Is it safe to paste a DMARC report here?
Yes, because the report never leaves your browser. The XML is parsed locally with the built-in DOMParser, no upload, no request, and you can verify nothing fires on the network. Aggregate reports hold sending IPs and your own domain, not message bodies, but local parsing means even that stays on your machine.
What is a DMARC aggregate report?
It is the daily XML summary, the rua report, that receivers like Google and Microsoft send to the address in your DMARC record. It lists every IP that sent mail using your domain that day, how many messages, and whether DKIM and SPF passed and aligned. Our guide on how to read a DMARC report walks through every field.
My report is a .gz or .zip file. What do I paste?
Unzip it first. Aggregate reports arrive as compressed XML, usually .xml.gz or .zip attached to an email. Extract the .xml, open it, and paste the whole thing. The parser reads raw DMARC XML, so the contents of the .xml file are exactly what it wants.
What does aligned mean, and why does it matter?
Alignment is whether the domain that passed DKIM or SPF matches the From domain your readers actually see. A message can pass SPF for a different domain and still fail DMARC because it is not aligned to your From. The parser shows the raw result and the alignment separately, so you can tell real authentication from a technicality.
It says SPF passed but DMARC failed. Is that a problem?
Often not. SPF can pass for the envelope sender, the bounce address, while not aligning with your From domain, which is the exact case DMARC exists to catch. If the source is a service you use, fix alignment, usually by adding a DKIM signature for your domain. If the source is unknown, investigate it before you do anything else.