When you click on an IP address in the Aggregate report you will see the details parsed from the original XML document. 

Understanding DMARC Aggregate Report Fields

DMARC aggregate reports provide insights into the email flow of your domain, helping you understand authentication results and take action where necessary. Here's a breakdown of common fields in these reports:

Basic Report Information

Report Id: A unique identifier for the report, useful for tracking and referencing specific reports.

Org Name: The organization that generated the report, often the recipient's email provider.

Email: The contact email address for the organization generating the report. Useful for follow-up questions or clarifications.

Extra Contact Info: Additional contact information, which could include URLs or further instructions for responding to the report.

Date Begin: The start date and time of the reporting period.

Date End: The end date and time of the reporting period.

Policy and Alignment

Policy Domain: The domain the DMARC policy applies to.

Domain Policy: The DMARC policy applied to the domain (none, quarantine, reject).

Subdomain Policy: The DMARC policy specifically applied to subdomains, if different from the domain policy.

Percentage: The percentage of messages to which the DMARC policy is applied. Allows for gradual enforcement.

DKIM Alignment: Indicates whether DKIM signatures must be aligned with the header From domain to pass DMARC (strict or relaxed).

SPF Alignment: Similar to DKIM Alignment but for SPF. Determines if the Return-Path domain must match the header From domain (strict or relaxed).

Email Source and Authentication Results

Source IP: The IP address from which the email originated.

Count: The number of emails observed from the Source IP during the report period.

Country: The country associated with the Source IP, helpful for identifying unexpected sources of email.

DMARC Compliance: Indicates whether the emails from the Source IP were DMARC compliant.

Technical Details

Header From: The domain specified in the 'From' header of the email, which is displayed to the end-user.

DKIM Status: The result of DKIM verification (pass, fail) for emails from the source IP.

SPF Status: The result of SPF verification (pass, fail) for emails from the source IP.

PTR: The Pointer Record or reverse DNS of the sending IP, used for verifying the sender's domain.

Analysis and Troubleshooting

  • Reason: Provides an explanation for why an email failed DMARC evaluation, such as failing SPF or DKIM checks or alignment issues. Crucial for identifying and rectifying issues affecting email delivery and authentication.