DMARC Aggregate (RUA) Reports

One of the most useful features DMARC provides is the reporting functionality, which lets receiving email servers send data back to the domain owner about the emails sent from their domain. With the publication of RFC 9990 in May 2026, aggregate reporting now has its own dedicated specification, separate from the core DMARC protocol.

What are DMARC Aggregate Reports (RUA)?

As a domain owner, when you have DMARC implemented for your domain, what you need is an extensive reporting mechanism that gives you complete visibility into your email ecosystem. That is exactly what DMARC RUA aggregate reports do. They provide information on the sending source, sending domain, the sender's IP address, the volume of emails sent, the proportion of DMARC-compliant emails, and the DKIM and SPF authentication results.

How often are DMARC Aggregate Reports generated?

DMARC aggregate reports are typically generated once per day, though the exact cadence is left to each receiver rather than fixed by the specification. While a typical aggregate report is generated in the XML file format, which can be quite complex to read for a non-technical person, PowerDMARC simplifies these reports into a simple, readable tabular format for ease of understanding.

What information do DMARC Aggregate Reports contain?

A raw DMARC aggregate report contains the following information:

• Information on the reporting organization (the email receiver that generated and sent the report),such as the report ID, the reporting organization's name, its sending address, additional contact information, and the beginning and ending of the date range (in epoch format)
• A description of the published DMARC DNS record: the sending domain, the SPF and DKIM alignment settings, and the domain, subdomain, and non-existent subdomain policy modes (p, sp, and np). Under RFC 9990, this section also includes a discovery_method element showing whether the receiver located your policy using the legacy Public Suffix List (psl) or the new DNS Tree Walk (treewalk)
• The DKIM and SPF authentication results summary. Note that under RFC 9990, when DKIM results are reported, the DKIM selector is now required, which gives you more precise visibility into which signing keys are in use

Summary of Information Provided in DMARC RUA Reports

DMARC aggregate reports are sent in the XML file format, and they supply several points of information about the status of emails sent from your domain:

• Information on the receiving email server, i.e. the organization that sent you the report:
  • Reporting organization: the name of the receiving mailbox provider
  • Reporting email address
  • Reporting organization contact information
  • Time range of the report
• The DMARC policy retrieved for your domain
• The IP address(es) of the server(s) that sent email from your domain
• The DMARC disposition of the email: none, quarantine, or reject
• The SPF and DKIM authentication results

Each aggregate report now covers a single DMARC Policy Domain, which makes reports more consistent and easier to attribute correctly.

DMARC aggregate reports collate all of the daily email activity for your domain, so they do not contain much information about individual emails themselves. Rather, their purpose is to provide an overall view of how email from your domain is being handled across various sources, which messages are passing or failing authentication, and to surface potential problems that might need fixing.

Critically, aggregate reports can be used to discover IP addresses that could be spoofing your domain to send malicious phishing emails. You can even see whether the same source has abused your domain more than once, at which point you can take action against it.