Turn raw DMARC reports into safe, step-by-step changes — locally in your browser.
1) Safety Gate — DMARC record & external report authorization
—
—
If your DMARC sends reports to other domains, those domains must authorize receiving your data via a TXT record at <yourdomain>._report._dmarc.<their-domain>.
Why this matters
Prevents accidental data leakage to un-authorized external mailboxes.
Gives you a clean foundation before you start enforcing DMARC.
2) Drop your DMARC aggregate reports (.xml or .xml.gz)
Drag & drop files here or
We parse locally. For .gz, your browser needs DecompressionStream (Chromium-based). Otherwise, upload the uncompressed .xml.
—
3) Source clusters & alignment
Cluster
Volume
Aligned DKIM
Aligned SPF
DMARC pass
Top d=/SPF domain
Fix (smallest step)
No reports loaded yet.
4) Step-up plan
—
Runs fully in your browser. No data leaves your machine. MIT-licensed — you may use, modify, and redistribute. Created by ChatGPT for Aglish Labs (2025).