What do DMARC Reports (Aggregate XML) Look Like?
By default, DMARC aggregate reports are delivered to the address you speficied in the rua tag daily (every 24 hours). This setup provides the biggest value to your company because you can compare DMARC trends day over day for issues and also to track compliance. A significant perk of collecting DMARC reports is that you’ll be provided information from all inboxes you sent mail to, which directly gives insight into how your email and your email system is performing. The reports also provide insight into malicious actors that maybe spoofing your domain and attempting to phish your customers. These reports provide great insights into your email environment and are well worth the investment to take action on the data.
There is a caveat though. These reports are difficult tackle on your own. If your initial plan is to decipher them all yourself, you will likely become overwhelmed quickly for several reasons.
1. DMARC reports filling up your inbox
With DMARC setup to send reports to the address you specified, the number of reports you receive will vary by how much email you send. For many senders this can quickly become overwhelming, to the point where the inbox is getting hundreds or even thousands of reports every day, an excessive amount of data to sift through. This process can be daunting, especially if you’re the administrator responsible for interpreting the data and making required changes.
2. Issues deciphering report data from XML
Beyond the problem of the volume of reports that can inundate your business every day, once you open one of the reports in XML you will quickly notice it is very hard to make sense of it all. The DMARC reports you receive from various providers will all include XML (Extensible Markup Language). Unless you’re privy to this form of coding, you’ll need help reviewing and understanding the data sent. Each report contains one or more records, which each record containing SPF & DKIM authentication details and pass/fail statuses along with an array of other details. To make sense of this you will need to tie all of those reports together before you can understand/take any action on the data. The below image is of a DMARC aggregate XML report:
As you can see by the above image, these XML reports are not something most are familiar with. These XML reports are aspect of DMARC that you will likely require assistance for.
3. DMARC reports are not actionable until they are aggregated together
The biggest with these XML reports is taking action on the data they provide. Each taken separately, they don't offer a full enough picture of DMARC compliance and email delivery, but when combined, problems will become identifiable and it will be easier to understand where your DMARC compliance is.
To solve this problem for businesses, MxToolbox has created two solutions to this problem:
Allow MxToolbox to automatically process your reports for you
We take email delivery and DMARC seriously and remove the three (3) hurdles to getting actionable insight on your DMARC XML reports for you. We process and aggregate all those reports for you to build you a view of where your email is being sent from and to along with alerts and insights into problems the data is indicating.
Learn More about our DMARC solution
Use our Free DMARC XML Report Analyzer to review individual reports
If your not ready yet, we offer a free tool to upload XML files that builds a human readable/understandable report from the unreadable XML. Now, you won't be getting the same insights and alerts as you would by having us automatically process your reports.