DMARC Aggregate Report

What is this report ? I get a bunch of emails in a day with the subject line as below:

Report Domain: Followed by domain name and then the word ‘Submitter’ followed by a series of alpha character.

Then the email says ‘DMARC Aggregate Report.’ attached.

I have not opened these attachments as yet.

What is this email and why is it sent? And what do the attachments contain?

Please clarify.


It’ll be sent to whatever email address you specified in your DMARC record, likely provided by whoever runs your emails.

1 Like

Thank you for the quick reply.

Why do the emails say “[email protected]________” and is it safe to open the attachments?


someone somewhere tried to put your domain name as the “From” on unauthorized e-mails (spam) and the mail server they tried to send it through is reporting it to you, that’s all it is. it happens to everybody and there’s not really anything that can be done about it. assuming your DMARC policy is “p=reject” then the e-mails are being rejected and the system is working as intended. but if you’re not using a “reject” policy then the spam e-mails might actually be making it through and you should consider tightening up your policy.

the attachment should just be XML data, likely gzipped, although the contents are unlikely to be very interesting

Thank you very much.

You normally don’t want to send those to a user mailbox. DMARC reports are meant to be sent to a dedicated email address that automatically parses the data in the reports for aggregation.

If the DMARC record has your email address in it, you should swap it out for the email assigned to you by your preferred reporting service.

The dmarcian forums are good resource for learning more about DMARC.

Thank you. Will fix the email.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.