DMARC Report Viewer
Read DMARC aggregate XML reports in your browser. Upload the .xml, .gz, or .zip attachment and see who passes and fails.
About the DMARC Report Viewer
Once you publish a DMARC record with an rua address, mailbox providers start mailing you aggregate reports. Google, Microsoft, and Yahoo each send one per day per domain, summarizing every source that sent mail claiming to be you: the sending IP, how many messages arrived, and whether SPF and DKIM passed with aligned domains. The data is valuable. The format is not. Reports arrive as XML, usually compressed as .zip or .gz, and reading them raw means scrolling through nested tags to mentally join policy results to IP addresses.
This viewer does that work in your browser. Upload the attachment exactly as it arrived, or paste the XML, and you get the published policy, a pass rate, and a table of sources sorted by volume with a plain verdict for each. Decompression and parsing happen locally; the report is never uploaded anywhere.
Alignment is the detail that trips people up. A message can pass SPF for a bulk sender domain yet still fail DMARC because that domain does not match the visible From address. The verdict column makes this explicit, so you can spot forwarders, misconfigured services, and outright spoofing at a glance.
The usual rollout is p=none to observe, then quarantine, then reject once every legitimate source passes. Use this viewer to watch the reports at each stage, and the DMARC Generator, SPF Generator, and DKIM Generator to fix what the reports reveal.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
Where do these reports come from?
Any mailbox provider that supports DMARC sends them to the rua address in your DMARC record. Google, Microsoft, and Yahoo are the most common senders. Each report covers roughly one day of mail that used your domain, whether it was legitimate or spoofed.
Does this tool upload my report?
No. The file is read, decompressed, and parsed entirely in your browser using built in browser APIs. Nothing is sent to any server, and the tool works offline once the page is loaded.
What does alignment mean?
DMARC requires the domain that passed SPF or DKIM to match the domain in the visible From header. SPF checks the envelope sender and DKIM checks the signing domain, and either can pass for a domain the user never sees. Alignment closes that gap, which is why a raw SPF pass can still be a DMARC fail.
Why do some of my legitimate sources fail?
Usually a third party service sends on your behalf without being in your SPF record or without signing with your DKIM domain, or a forwarder breaks SPF by changing the sending IP. The records table shows which IPs fail and how, so you can add the service to SPF or enable DKIM signing for it.
What is the difference between aggregate and forensic reports?
Aggregate reports (rua) are daily summaries with counts per source IP and no message content, which is what this tool reads. Forensic or failure reports (ruf) are per message samples of failures. Few providers send them because of privacy concerns, so aggregate reports are the data you can rely on.