DMARC Reports
DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that lets domain owners tell receiving mail servers what to do when an email fails SPF or DKIM checks. Aggregate reports give you visibility into who is sending email on behalf of your domain — and how much of it is passing authentication.
Plan Limits
DMARC reporting is available on all plans. The number of monitored domains varies by plan:
| Plan | DMARC Domains |
|---|---|
| Free | 1 |
| Pro | 5 |
| Business | 10 |
| Enterprise | Unlimited |
A "DMARC domain" is any unique sending domain for which you have configured a rua= address pointing at Spamurai. Reports from additional domains beyond your plan limit are silently discarded.
How It Works
When a receiving mail server processes an email claiming to be from your domain, it checks:
- SPF — Does the sending IP match the list of allowed senders in your DNS
TXTrecord? - DKIM — Is there a valid cryptographic signature from your domain in the email headers?
- DMARC alignment — Does the
From:domain align with the domain that passed SPF or DKIM?
If the email passes either SPF or DKIM (with alignment), it is DMARC-compliant. If both fail, the DMARC policy determines what happens: none (monitoring only), quarantine (send to spam), or reject (discard).
Mail servers that support DMARC can send aggregate reports (RUA) to an address you specify in your DNS record. Spamurai receives these reports and presents them as charts and tables.
Setting Up Reporting
Go to DMARC → Setup to get your organisation's RUA address. Add it to your domain's DMARC DNS record:
_dmarc.example.com IN TXT "v=DMARC1; p=none; rua=mailto:your-slug@reports.example.com"
Reports are sent by receiving mail servers daily. You should start seeing data within 24–48 hours of adding the rua= tag.
Policy Progression
Start with p=none while you monitor. Once your compliance rate is consistently high (95%+), move to quarantine, then reject.
| Policy | Effect |
|---|---|
none |
Monitoring only — no messages are blocked |
quarantine |
Non-compliant messages go to the spam/junk folder |
reject |
Non-compliant messages are discarded outright |
Moving too quickly to reject can disrupt legitimate mail from marketing tools, CRMs, or third-party senders. Use the Reports charts to understand all sending sources before tightening the policy.
The Reports Dashboard
The main DMARC dashboard shows:
- Compliance rate over time — Percentage of messages passing DMARC (DKIM or SPF pass) per day.
- Pass rate by domain — Compliance broken down per monitored domain when you have multiple.
- Top failing IPs — Source IPs where both DKIM and SPF are failing. These are the highest-risk senders.
- Geographic distribution — World map of message volume by source country.
- Top sending ASNs — Autonomous system organisations (e.g. Google LLC, Amazon) sending on your behalf. Useful for identifying unexpected cloud or SaaS senders.
- Top senders —
header_fromdomains appearing most frequently in reports. - Reporters — Which mail providers are sending you aggregate reports (Gmail, Outlook, Yahoo, etc.).
Reading a Report
Click any report in the table to open the detail view. Each report covers a 24-hour window from a single reporting organisation.
| Column | Description |
|---|---|
| Source IP | The IP that delivered the message |
| Count | Number of messages from this IP in the period |
| DMARC | Pass (green) if DKIM or SPF passed; Fail (red) if both failed |
| DKIM | Result of the DKIM signature check |
| SPF | Result of the SPF check |
| Disposition | What the reporter did: none, quarantine, or reject |
| PTR / ASN | Reverse DNS and autonomous system organisation for the IP |
The compliance bar at the top of the detail view shows the aggregate pass/fail split for the entire report at a glance.
Compliance Alerts
You can configure Spamurai to send you a notification when the DMARC compliance rate in a report drops below a threshold you set. This catches sudden changes — for example, a domain signing key rotation that broke DKIM, or a new sending source that wasn't set up correctly.
Go to DMARC → Reports and open the Alert Settings card to configure:
| Field | Description |
|---|---|
| Threshold | Compliance percentage below which the alert fires (e.g. 90 means alert if less than 90% of messages pass DMARC) |
| Cooldown | Minimum time in minutes between repeat alerts for the same org. Default 1440 (24 hours) |
| Enabled | Toggle the alert on or off without deleting the rule |
Alerts are sent to all owner members of your organisation via your configured notification channels.
Glossary
| Term | Meaning |
|---|---|
| DMARC | Domain-based Message Authentication, Reporting & Conformance |
| SPF | Sender Policy Framework — DNS record listing IPs allowed to send for your domain |
| DKIM | DomainKeys Identified Mail — cryptographic email signature using a key published in DNS |
| RUA | Reporting URI for Aggregate reports — the address receiving mail servers send reports to |
| Alignment | The From: domain must match the domain that passed SPF or DKIM |
| ASN | Autonomous System Number — identifies the network/ISP owning a block of IP addresses |
| PTR | Reverse DNS — the hostname that resolves back from an IP address |
| Disposition | The action a mail server took on a non-compliant message per DMARC policy |
| Compliance rate | Percentage of messages in a report period where DKIM or SPF (or both) passed |