I receive DMARC reports but cannot make sense of them
Those XML files from Google, Microsoft and others list who sent on your domain and whether SPF and DKIM passed. Unreadable raw, fine through a free viewer.
Try this first
- 1Collect a week of reports in a separate folder or mailbox. One day says too little.
- 2Upload them to a free DMARC report viewer. You get a table of senders with pass/fail per row.
- 3Mark what you recognise (your mail provider, your invoicing tool) as legitimate and check it is in your SPF and DKIM.
- 4What is left and does not belong is spoofing or forgotten shadow-IT. Do not ignore it, but no need to panic.
When to bring us in
If you only see pass/fail and cannot tell which sender belongs to whom, drop us a line; we will sort which rows are legitimate and which to block.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.