Back to Course
Լight modeDark mode

DMARC Aggregate (RUA) Reports

One of the most useful features DMARC provides is the reporting functionality, which lets receiving email servers send back data regarding the emails that were sent from a domain to the domain owner. 


What are DMARC Aggregate Reports (RUA)? 

As a domain owner, when you have DMARC implemented for your domain, what you need is an extensive reporting mechanism that will help you gain complete visibility into your email ecosystem. That is exactly what DMARC RUA Aggregate Reports do. They provide information on the sending source, sending domain, the sender’s IP address, the volume of emails sent, the percentage of DMARC-compliant emails, and the DKIM and SPF authentication results.  

How often are DMARC Aggregate Reports generated?

DMARC aggregate reports are generated once a day, on a daily basis. While a typical DMARC aggregate report is generated in the XML file format that can be quite complex to read for a non-technical person, PowerDMARC simplifies these aggregate reports in simple, readable tabular format for ease of understanding.

What information do DMARC Aggregate Reports contain? 

A raw DMARC aggregate report contains the following information: 


  • Information on the Reporting organization (i.e the email receiver that generated and sent this report),such as the Report ID number, the Reporting Organisational Name, the reporting organization’s sending address, additional contact information, and the beginning and ending date range (in an epoch format)

  • Published DMARC DNS record description: the sending domain, SPF and DKIM alignment settings, the domain and subdomain policy mode, and the percentage of failing emails to which the policy is to  be applied (pct) 


  • the DKIM/SPF authentication results summary

Summary of Information Provided in DMARC RUA Reports

DMARC aggregate reports (RUA) are sent on a daily basis in the XML file format, and they supply several points of information regarding the status of emails sent from your domain:

  • Information on the receiving email server, i.e the organization that sent you the DMARC aggregate report:
    • Reporting Organization: name of receiving mailbox provider 
    • Reporting email address
    • Reporting Organization Contact information
    • Time range of sent report 

  • DMARC policy retrieved for your domain 
  • IP address(es) of the server(s) that sent an email from your domain
  • DMARC disposition of the email: none, quarantine, reject
  • SPF and DKIM authentication results

DMARC aggregate reports collate all of the daily email activity in your domain, so they don’t contain much information about individual emails themselves. Rather, their purpose is to provide an overall view of how email is being handled in your domain by various users, which emails are passing or failing authentication, and show you potential problems that might need to be fixed.


Critically, aggregate reports can be used to discover IP addresses that could be spoofing your domain to send malicious phishing emails. You can even see if the same source has been abusing your domain more than once, at which point you can take action against them.

Course content
Email Authentication Fundamentals