Step by step

Your DMARC Journey

From a folder full of report files to a clear picture of your email security. Follow these steps and you will know exactly who is sending as your domain, and what to do about it.

Collectsave your files
Selectchoose what to include
Openlaunch the app
Configureset your options
Generaterun the report
Readunderstand the output
Actfix, share, enforce
1
Save your DMARC report attachments into a folder

DMARC aggregate reports arrive as email attachments, usually compressed files with names like google.com!yourdomain.com!1234567890.xml.gz. Use your preferred mail client to save all DMARC report email attachments into a single folder on your computer.

TrustedMARC accepts .zip, .gz, and .xml files and scans subfolders automatically, so you can drop everything in without sorting first.

Tip: The more reports you include, the more accurate your dataset. Fewer reports increases the chance of missing periodic senders — a monthly invoicing system or quarterly newsletter tool may only appear in certain weeks of data. Aim for at least two to four weeks where possible.
2
Be aware of compiled DMARC summary reports

The reports you want are the raw aggregate XML files sent directly by receiving mail servers — Google, Microsoft, Yahoo, and others. Each receiving server sends its own report covering the emails it processed from your domain during that period.

If you use a third-party DMARC monitoring service, they may also send you their own compiled summary emails containing processed versions of those reports. Including these alongside the originals can inflate message counts and skew your results. Some share the same filename, which causes overwrite conflicts when saving to the same folder.

If you have both, the easiest approach is to filter the monitoring service emails into a separate mailbox folder before exporting, then move them back afterwards. This is not essential. If you include everything, the results will still be useful — just treat the message volume numbers as approximate.

Not essential: If separating them is too much hassle, include everything. The report will still give you a clear picture. Just treat the message volume numbers as approximate rather than exact.
3
Open TrustedMARC and select your folder

Launch the TrustedMARC application. On first launch you will be prompted to enter your licence key — enter it exactly as shown in your purchase confirmation email. Copy and paste is recommended to avoid errors. Once activated, the main window opens and your licence is stored. You will not be asked again.

Click Browse next to Reports Folder and select the folder you saved your attachments into. The output report path is set automatically with a timestamped filename in the same folder. Change it if you prefer a specific location.

First time only: Make sure you have an internet connection when activating your licence for the first time. After activation the app will work offline for up to three days before requiring a connection to revalidate.
4
Set a domain filter

If your folder contains reports for multiple domains, enter the specific domain you want to analyse in the Domain filter field — for example yourdomain.com. This focuses the report and allows the DNS record check to fetch the right records.

Leave the field blank to include all domains found across your files in a single combined report.

Important: If you enter a domain that has no matching records in your report files, the app will show an error. This is expected and means none of your saved files contain reports for that domain. Check the spelling matches exactly, or leave the filter blank to see all available domains first.
5
Choose your options

Geolocation — looks up the country, city, and ISP for each sending IP. Makes it much easier to identify unknown senders and spot suspicious traffic. Recommended on, though it adds a few seconds for large report folders.

Reverse DNS — resolves each IP to a hostname, helping confirm whether traffic originates from a known provider's infrastructure. Recommended on.

DNS Records — fetches your current live SPF and DMARC records and includes them in the Health tab alongside recommendations. Requires a domain filter to be set and an internet connection.

6
Generate your report

Click Generate Report. The log area shows real-time progress — files being parsed, IPs geolocated, senders identified. For a typical folder of a few weeks of reports this takes between ten seconds and a couple of minutes, depending on the number of unique IPs to look up.

When complete, the report opens automatically in your default browser. You can reopen it at any time using the Open Report ↗ button in the status bar at the bottom of the app.

7
Read the report — start with Health & Actions

The report has three main tabs. Start with Health & Actions. This shows your current DMARC policy level, your live SPF and DMARC records, and a prioritised list of specific recommendations in plain English. This is the most important tab — it tells you what to fix and in what order.

Move to Senders next. This groups all traffic by identified sending service. Google Workspace, Microsoft 365, SendGrid, Amazon SES, Mailchimp and others appear by name with their pass rates. Any unrecognised sender appears as Unknown with ISP and location detail. This is where shadow IT and potential spoofing show up.

Finally, IP Detail gives the full breakdown of every sending IP. Sortable and filterable by date, with a drilldown for each one showing identity, network, geolocation, and authentication detail.

The key question: Do you recognise every sender in the list? Any Unknown sender with significant volume or a high failure rate warrants investigation — it could be shadow IT, a misconfigured legitimate service, or an active spoofing attempt.
8
Save, share, and act on your findings

The report is a single self-contained HTML file. Email it to a colleague, share it with your security team, or keep it as a dated record of your domain's authentication posture. Use Export CSV in the report header to download a full spreadsheet of all IP data.

Use Print / Save as PDF from your browser to generate a clean PDF for management reporting or client handoff.

Follow the recommendations in the Health tab to fix authentication gaps: misconfigured senders, missing DKIM signing, and SPF alignment issues. Once all legitimate senders are passing cleanly, you have the evidence to move to a stricter DMARC policy without disrupting legitimate mail.

The goal: Identify every legitimate sender, fix their authentication, then move from p=none → p=quarantine → p=reject. TrustedMARC gives you the visibility to do each step with confidence rather than guesswork.

Ready to start your DMARC journey?

TrustedMARC is available now for macOS and Windows. One-time purchase, no subscription.

View pricing — from £39 Why it matters