See exactly who is sending email from your domain.
DMARC reports are sent in raw XML that most organisations never read. IP Four collects, parses, and analyses your reports to reveal every sending source, identify spoofing attempts, and track your progress towards full enforcement.
Turn raw DMARC data into actionable intelligence.
DMARC reports contain everything you need to understand your email authentication posture. The challenge is making sense of them. We do that work for you.
Aggregate Report Collection and Parsing
DMARC aggregate reports (RUA) collected from all major receiving mail providers including Google, Microsoft, and Yahoo. Raw XML reports parsed and consolidated into a single view showing authentication pass and fail rates by sending source.
Forensic Report Analysis
DMARC forensic reports (RUF) collected and analysed to investigate individual authentication failures. Detailed header information used to identify the exact cause of each failure and whether it represents a spoofing attempt or a legitimate source needing authentication.
Sending Source Discovery
Aggregate reports reveal every IP address and sending service sending email on behalf of your domain. Unknown sending sources identified and investigated. Legitimate sources authenticated. Spoofing sources documented and reported.
Human-Readable Dashboards
Raw DMARC report data presented in clear dashboards showing authentication pass rates, sending source breakdown, geographic distribution, and policy compliance trends. Monthly reports delivered to your team in plain English.
Authentication Failure Alerting
Automated alerts triggered when authentication failure rates exceed defined thresholds. New unknown sending sources flagged for investigation. Sudden changes in sending patterns that may indicate a spoofing campaign identified and reported immediately.
Policy Progression Reporting
Progress towards full DMARC enforcement tracked and reported. Pass rate trends show when it is safe to move from monitoring to quarantine to reject. Confidence metrics calculated from aggregate data to support policy decisions.
From raw reports to clear insight.
Reporting Infrastructure Setup
DMARC record configured with RUA and RUF reporting addresses. Dedicated mailboxes or reporting service configured to receive reports from all major mail providers. Report collection verified within 24 hours of deployment.
Report Collection and Parsing
Aggregate reports collected from all providers sending reports to your domain. Raw XML parsed and normalised into a consistent format. Data consolidated across all providers to give a complete picture of your email authentication status.
Source Analysis and Classification
Every sending source identified in reports classified as legitimate, unknown, or spoofing. Legitimate sources cross-referenced with your known sending services. Unknown sources investigated to determine whether they require authentication or blocking.
Monthly Reporting Delivery
Monthly report delivered to your team covering authentication pass rates, sending source breakdown, policy compliance, and any notable events. Written in plain English with clear recommendations for any action required.
Failure Investigation
Authentication failures investigated using forensic reports and header analysis. Root cause identified for each failure type. Recommendations made for resolving legitimate source failures. Spoofing attempts documented and reported.
Policy Advancement Recommendations
Data from aggregate reports used to recommend when policy can safely advance from monitoring to quarantine to reject. Confidence thresholds defined and tracked. Policy changes made only when data supports safe advancement.
How DMARC reports have protected UK businesses.
Unknown Sending Sources Discovered
A Liverpool property management company deployed DMARC monitoring and discovered 3 services sending email from their domain that their IT team had no knowledge of. One was a legacy CRM from a previous provider still sending automated emails.
All 3 unknown sources investigated. Legacy CRM decommissioned. Two legitimate services authenticated. Spoofing attempts from unrelated IP ranges identified and documented. Policy advanced to reject within 6 weeks.
Active Spoofing Campaign Detected
A London financial services firm's DMARC reports showed a sudden spike in authentication failures from IP addresses in Eastern Europe. The pattern matched a targeted spoofing campaign against their clients.
Spoofing campaign identified from aggregate report data before any clients reported receiving fraudulent emails. DMARC policy advanced to quarantine immediately. Clients alerted proactively. Full reject enforcement achieved within 2 weeks.
Deliverability Investigation Using Reports
A Bristol recruitment agency was receiving complaints from candidates that their emails were not arriving. DMARC forensic reports showed authentication failures for emails sent from their ATS platform.
Forensic reports identified the exact failure cause as a missing DKIM selector for the ATS platform. DKIM configured for the ATS within 24 hours. Deliverability issues resolved. No further candidate complaints received.
Find out who is sending email from your domain today.
DMARC monitoring can be deployed in under 48 hours. Within 4 weeks you will have a complete picture of every source sending email on behalf of your domain.