One of the most useful features DMARC provides is the reporting functionality, which lets receiving email servers send back data regarding the emails that were sent from a domain to the domain owner.
DMARC aggregate reports (RUA) are sent on a daily basis in the XML file format, and they supply several points of information regarding the status of emails sent from your domain:
Break it down and use validity’s approach https://www.validity.com/how-to-read-your-first-dmarc-reports-part-1/
Information on the receiving email server, i.e the organization that sent you the DMARC aggregate report:
Reporting Organization: name of receiving mailbox provider
Reporting email address
Reporting Organization Contact information
Time range of sent report
DMARC policy retrieved for your domain
IP address(es) of the server(s) that sent an email from your domain
DMARC disposition of the email: none, quarantine, reject
SPF and DKIM authentication results
DMARC aggregate reports collate all of the daily email activity in your domain, so they don’t contain much information about individual emails themselves. Rather, their purpose is to provide an overall view of how email is being handled in your domain by various users, which emails are passing or failing authentication, and showing you potential problems that might need to be fixed.
Critically, aggregate reports can be used to discover IP addresses that could be spoofing your domain to send malicious phishing emails. You can even see if the same source has been abusing your domain more than once, at which point you can take action against them.
PowerDMARC also offers DMARC Forensics Reports (RUF), which are sent immediately after an email fails authentication.