DMARC analytics
Read your DMARC reports as a dashboard, not as XML
Mail providers send daily DMARC aggregate reports as compressed XML. We receive them at your dedicated reporting address, store every record, and turn them into a visual dashboard: sources, alignment rates, failure spikes, forensic samples, and DNS history, across every domain you monitor.
Built by Florian Le Goff & Marc Lelu, ex-Mailjet deliverability engineers. Last updated May 24, 2026.
What you actually see
Every sending source, ranked
Each source IP is resolved to a provider (Gmail, SendGrid, Mailgun, your office WiFi, an unknown), with volume and pass rate.
Alignment trends over 30, 90, 180 days
SPF, DKIM, and DMARC pass rates as time series. The patterns one day of XML cannot show.
Forensic (RUF) samples
When senders publish ruf=, we collect redacted message samples so you can see exactly what failed.
Multi-domain rollups
If you manage 5+ domains, one screen consolidates volume, pass rates, and alerts across all of them.
Inside a DMARC aggregate report
Every aggregate report (RFC 7489 §7.2) contains the following fields:
policy_published:the DMARC record the recipient saw at the timerecord/row/source_ip:the sending IP for each batchrecord/row/count:number of messages from that IPauth_results/dkim:DKIM signing domain and resultauth_results/spf:SPF identifier and resultpolicy_evaluated/disposition:what the recipient actually did (none / quarantine / reject)
What XML hides, and the dashboard surfaces
- Source IP → provider attribution. Raw IPs tell you nothing. We resolve every source to a named provider so "who is sending as me?" stops being a research project.
- Trend over time. One day of XML is one day of data. Real failures appear as multi-day patterns. The dashboard shows 30-, 90-, and 180-day rollups by default.
- Failure spike detection with alerts. A nightly job watches authentication failure rates and emails you when a domain crosses threshold, long before your DMARC dashboard meeting on Thursday.
Retention by plan
| Plan | Detail retention |
|---|---|
| Free | 7 days + 2-day grace |
| Starter | 90 days + 2-day grace |
| Pro | 180 days + 2-day grace |
Retention matters for audit trails, year-over-year comparisons, and post-incident reviews.
Works alongside
Protect inbound transport with hosted MTA-STS
Enforce TLS on inbound mail without managing certificates.
Read more →Verify every campaign your ESPs send
Inbox Inspector evaluates SPF, DKIM, and DMARC for every message from your ESPs.
Read more →Free DMARC Checker
Paste a domain, see its current DMARC posture in 5 seconds.
Read more →Frequently asked questions
- How often do DMARC reports arrive?
- Most providers send daily aggregate reports. A few (notably Mail.ru and some Eastern European ISPs) send several times per day. We process them within minutes of receipt.
- What is the difference between aggregate (RUA) and forensic (RUF) reports?
- RUA reports are statistical: counts of messages and authentication outcomes per source IP, sent on a regular cadence. RUF reports are per-failure: redacted samples of individual messages that failed DMARC. See RFC 7489 §2 for the formal definitions.
- Do I need to give DMARCTrust access to my mailbox?
- No. You publish our reporting address as your DMARC `rua=` tag. Mail providers send reports to us directly. We never touch your existing mailbox.
- How long do you store reports?
- Free: 7 days plus a 2-day grace period. Starter: 90 days plus 2 days. Pro: 180 days plus 2 days. After grace, detail rows are purged; daily aggregates remain for trend continuity.
- Can I export the data?
- Yes. The public JSON API is available on Starter and Pro. You can pull reports, sources, and per-domain stats programmatically.
- How many providers send DMARC reports?
- More than 90, including Gmail, Microsoft 365, Yahoo, Apple, Mail.ru, and the major hosting providers. Coverage grows every year as DMARC adoption expands.
Get your reporting address in five minutes
One DNS record. Daily reports arrive automatically. We do the parsing.