No, DMARC aggregate reports do not contain personally identifiable information (PII). The reports only contain information related to email authentication and do not include the contents of the emails themselves. This means that no message body or subject line information is included, and the reports do not include any information that could be used to identify individual recipients or senders of emails.
Furthermore, the reports are sent in an encrypted XML format and are typically delivered to a designated email address within the organization that owns the domain being monitored. As such, the reports are only accessible to authorized personnel within the organization and are not publicly accessible.
Overall, DMARC aggregate reports provide valuable information to help organizations monitor and improve their email authentication practices without compromising the privacy and security of their users' personal information.