Skip to main content
DMARC Analyzer is an open-source tool built by Resend that parses DMARC XML reports and turns them into human-readable dashboards. You can use it directly in your browser or deploy your own instance to receive automated email digests.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that builds on SPF and DKIM. It lets domain owners specify how unauthenticated emails should be handled and receive reports about authentication results. When you set up a DMARC policy, mailbox providers send XML reports to the address you specify. These reports contain valuable data about who is sending email on behalf of your domain and whether those emails pass authentication — but the raw XML is difficult to read. The DMARC Analyzer helps you visualize these reports in a human-readable format.

Features

  • Parse and visualize DMARC XML reports instantly
  • View SPF and DKIM alignment results per source
  • Identify unauthorized senders using your domain
  • Self-host with automated report ingestion via Resend Receiving
  • Receive email digests summarizing your DMARC reports
For more details on understanding DMARC reports, see our guide on how to read a DMARC report.

How to use

Web interface

The quickest way to get started — no setup required.
  1. Go to checkdmarc.email
  2. Paste your DMARC XML report (or upload the XML file)
  3. View the parsed results instantly

Self-hosted with automated reports

For ongoing monitoring, deploy your own instance. This connects to Resend Receiving webhooks so DMARC reports sent to your domain are automatically ingested and analyzed, with email digests delivered via Resend.

Getting started (self-hosted)

1

Clone the repository

git clone https://github.com/resend/resend-dmarc-analyzer.git
cd resend-dmarc-analyzer
2

Install dependencies

bash pnpm install
3

Configure environment variables

Copy the example environment file and fill in the required values:
cp .env.example .env.local
VariableDescription
RESEND_API_KEYYour Resend API key
RESEND_WEBHOOK_SECRETSigning secret from your Resend webhook endpoint set up below
EMAIL_FROMSender address for digest emails (must be from a verified domain)
EMAIL_TORecipient address for digest emails
4

Test the application

Start the development server:
bash pnpm run dev
Register your publicly accessible HTTPS URL in the Resend dashboard and enable the email.received event.
  • For rua reports: https://example123.ngrok.io/api/webhooks/dmarc/rua
  • For ruf report: https://example123.ngrok.io/api/webhooks/dmarc/ruf
Copy the signing secret from the webhook details page to the RESEND_WEBHOOK_SECRET environment variable.
For development, you can create a tunnel to your localhost server using a tool like ngrok or VS Code Port Forwarding. These tools serve your local dev environment at a public URL you can use to test your local webhook endpoint.Example: https://example123.ngrok.io/api/webhook
5

Deploy

Deploy the application to your preferred hosting platform and update the webhook endpoint(s) in the Resend dashboard.
  • For rua reports: https://your-domain.com/api/webhooks/dmarc/rua
  • For ruf reports: https://your-domain.com/api/webhooks/dmarc/ruf
The project is built with Next.js so it works with any platform that supports it (e.g., Vercel).

Tech stack

DMARC Analyzer is built with Next.js, React Email, and Resend. The full source code is available on GitHub.