DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a tool that helps protect email domains from being used for spam or phishing. One of the key parts of DMARC is the feedback it provides to domain owners in the form of aggregate reports. But how are these reports sent via email? Here’s a simple explanation.

How Are Aggregate Reports Sent via Email?

When a mail receiver (like an email service) prepares an aggregate report, it creates an email message. The report is included as one part of the message. There might also be a part of the message that’s easy for humans to read.

The report itself is an XML file. This is a type of file that’s easy for computers to read and write. The receiver should compress this file using a method called GZIP. This makes the file smaller, which makes it easier to send and receive. The compressed file is then labeled as “application/gzip”. If it’s not compressed, it’s labeled as “text/xml”.

The file is given a name that includes information like the receiver’s domain, the domain the report is about, and the start and end times of the report. There might also be a unique ID to help tell different reports apart. The file name ends with “.xml” for an uncompressed file, or “.xml.gz” for a compressed file.

For example, a report about the domain “” from the receiver “mail.receiver.example” might have a file name like this:


The email message doesn’t have to be structured in any particular way. It’s assumed that the receiver can extract the report from the message.

The email message itself should pass the DMARC check. This helps make sure that the report isn’t fraudulent.

The subject line of the email should include the domain the report is about, the domain of the receiver, and a report ID. This helps the domain owner identify and ignore duplicate reports.

For example, the subject line might look like this:

Subject: Report Domain:
    Submitter: mail.receiver.example
    Report-ID: <2002.02.15.1>

What If the Report Is Too Big?

Sometimes, the report might be too big to send as an email attachment. If this happens, the receiver should send a short report to say that a full report is available but couldn’t be sent.

Can Other Methods Be Used to Send Reports?

Yes, the DMARC specification allows for other methods to be used to send reports. These methods would be based on registered URI schemes, which are ways of identifying resources on the internet.

Remember, this is a simplified explanation. In reality, sending DMARC aggregate reports involves a lot of complex processes and technologies. But hopefully, this gives you a basic understanding of how it works.

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *