Skip to tool

DAILY EMAIL AUTHENTICATION EVIDENCE

DMARC Aggregate Report Analyzer & Triage

Drop a batch of daily DMARC reports. See what passed, failed, duplicated or overlapped, review policy-scoped source groups, then export one evidence pack.

Reviewed 2026-07-10

Security
Local file processingRFC 9990 report fieldsDuplicate-safe totalsSHA-256 artifact receipt

ONE CLEAR JOB

Turn a folder of unreadable reports into a sender decision.

InputMultiple XML, XML.GZ, GZ or ZIP aggregate reports.
AnswerWhich observed groups passed or failed, what was duplicated and what still needs classification.
ProofSource CSV, trend SVG, remediation Markdown and a hash-backed JSON receipt.

HOW THE DECISION WORKS

No fake score and no automatic sender accusation.

A material source starts as Unclassified. You explicitly mark it Expected, Unknown or Ignore. A stronger blocker such as a parse failure still forces Hold. Exact duplicates are excluded; same-policy overlaps require review, while differing-policy overlaps are disclosed as possible policy-change splits.

PUBLIC METHOD · REPRODUCIBLE INPUTS

Sources, fixtures, artifacts and correction

Method: reject unsafe XML constructs, separate exact duplicates and overlapping periods, aggregate SPF/DKIM alignment without guessing IP ownership, require explicit source labels, then hash the resulting evidence packet. Input limits and the no-live-DNS boundary are visible beside the workbench.

Official sources: RFC 9989 DMARC policy, RFC 9990 aggregate reporting, and RFC 6376 DKIM.

Reproducible fixtures: valid aggregate report and blocked DOCTYPE report.

Inspect at least two artifacts: source-ledger CSV and trend SVG; the Markdown triage brief and JSON receipt expose assumptions, limits and exact hashes.

QA and accountability: run flagship-editorial-20260713, reviewed 2026-07-13. Exact report hashes are in the quality manifest. FastTool is the accountable publisher. Report a parser, source, fixture or hash error to [email protected].