What are the different types of DMARC reports?

There are two main types of DMARC reports:

1. Aggregate reports

Aggregate reports provide a summary of the messages that have been sent from a domain and how they have fared in DMARC evaluation. These reports typically include:

  • Number of Messages: The total number of messages that have passed or failed DMARC evaluation.
  • Disposition of Messages: The action taken on the messages based on the DMARC policy applied. Dispositions can be:
      • None: No specific action is taken on the message.
      • Quarantine: The message is treated as suspicious and may be moved to the spam or junk folder.
      • Reject: The message is rejected outright and not delivered to the recipient's inbox.

EasyDMARC translates the "disposition" into a more user-friendly "Delivery Status", helping domain owners to understand how their emails are being handled. The delivery statuses can include:

    • Delivered: The message has passed DMARC evaluation and was delivered to the recipient's inbox.
    • Delivered to SPAM: The message was marked as suspicious and moved to the recipient's spam or junk folder.
    • Not Delivered: The message failed DMARC evaluation and was not delivered to the recipient.
  • Sending Server IP Addresses: The IP addresses of the servers that sent the messages.
  • SPF Authentication Results: Information about whether the messages passed SPF (Sender Policy Framework) checks. This helps to verify that the messages are sent from authorized IP addresses.
  • DKIM Authentication Results: Information about whether the messages passed DKIM (DomainKeys Identified Mail) checks. This helps to ensure that the messages have not been altered in transit.
  • Alignment Information: Details about whether the SPF and DKIM records align with the domain from which the message is purported to be sent. Alignment is crucial for DMARC to pass, as it ensures that the domain in the "From" header matches the domain used in SPF and DKIM checks.


2. Failure (forensic) reports
Failure (forensic) reports, on the other hand, provide a detailed breakdown of individual messages that have failed DMARC evaluation. They typically include information such as the headers of the message, the SPF and DKIM results, and any other relevant data.


However, most ISPs do not support Failure/Forensic reports due to the sensitive information they contain. As a result, Failure reports may be received randomly, and we suggest focusing primarily on Aggregate reports.