Submit a ticket My Tickets
Login  Sign up

What are DMARC Aggregate Report?

One of the most useful features DMARC provides is the reporting functionality, which lets receiving email servers send back data regarding the emails that were sent from a domain to the domain owner. 

DMARC aggregate reports (RUA) are sent on a daily basis in the XML file format, and they supply several points of information regarding the status of emails sent from your domain:

  • Information on the receiving email server, i.e the organization that sent you the DMARC aggregate report:

    • Reporting Organization: name of receiving mailbox provider 

    • Reporting email address

    • Reporting Organization Contact information

    • Time range of sent report 

  • DMARC policy retrieved for your domain 

  • IP address(es) of the server(s) that sent an email from your domain

  • DMARC disposition of the email: none, quarantine, reject

  • SPF and DKIM authentication results

DMARC aggregate reports collate all of the daily email activity in your domain, so they don’t contain much information about individual emails themselves. Rather, their purpose is to provide an overall view of how email is being handled in your domain by various users, which emails are passing or failing authentication, and showing you potential problems that might need to be fixed.

Critically, aggregate reports can be used to discover IP addresses that could be spoofing your domain to send malicious phishing emails. You can even see if the same source has been abusing your domain more than once, at which point you can take action against them.

PowerDMARC also offers DMARC Forensics Reports (RUF), which are sent immediately after an email fails authentication. 

PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.