DMARC aggregate reports are typically sent on a daily basis and provide an overview of email traffic for a particular domain. They are sent in an XML file format, and can be used to determine who is sending email on behalf of your organization, if a sender is allowed to send email on your behalf, and whether messages are being authenticated correctly.


DMARC aggregate reports are received by setting up a DMARC record, which includes a RUA tag that specifies the email address where reports should be sent. The reports themselves contain detailed information about the authentication status of messages sent on behalf of your domain, including ISP information, report ID number, reporting organization name and contact information, and a description of the DMARC record itself.


By analyzing DMARC aggregate reports, organizations can gain valuable insights into their email traffic, and can take steps to prevent malicious emails from reaching their intended recipients. This might include enforcing a DMARC reject policy to prevent unauthorized senders from using your domain in their email messages. By doing so, you can help protect your organization from phishing attacks and other forms of email-based fraud.


  • The source that sent the message: This refers to the IP address or domain that sent the message on behalf of your domain.
  • The domain that was used to send these messages: This is the domain that was displayed to the recipient as the sender of the message.
  • The sending IP: This is the IP address of the server that sent the message on behalf of your domain.
  • The volume of messages sent on a specific date: This is the total number of messages that were sent on a specific date.
  • The DKIM/SPF sending domain: This refers to the domain used in the DKIM/SPF authentication check.
  • The DKIM/SPF authentication result: This shows whether the DKIM/SPF check was passed or failed.
  • The DMARC result: This shows whether the message passed or failed DMARC authentication, and what action was taken by the recipient's email system.

In summary, a DMARC aggregate report provides an overview of email traffic and the authentication status of messages sent on behalf of a domain. It includes information such as the source that sent the message, the domain used to send the messages, the sending IP, the amount of messages sent on a specific date, the DKIM/SPF sending domain, the DKIM/SPF authentication result, and the DMARC result. This information is useful for organizations to determine who is sending email on their behalf, if a sender is allowed to send email on their behalf, and if the messages are authenticated correctly. By receiving DMARC aggregate reports, organizations can also identify and stop malicious emails that are being sent on their behalf.