How to Read a DMARC XML Report

A beginner-friendly explanation of DMARC aggregate XML report fields and how to use them during policy migration.

DMARC aggregate reports summarize authentication results by source IP, header From domain, policy outcome, SPF result, DKIM result, and alignment. The most useful first question is simple: which IPs are sending mail as your domain?

Look for legitimate services that fail alignment, then fix SPF or DKIM at the service. Unknown sources that fail both SPF and DKIM may be spoofing or abandoned systems.

Do not jump from p=none to p=reject blindly. Use reports to confirm that real mail is passing before enforcing a stricter policy.

Fix checklist