DMARC Labs
Free • No signup • Your data is never stored

Stop Guessing Who's Sending From Your Domain.

Stop drowning in XML reports and WHOIS lookups. DMARC Labs gives you verified sender intelligence in seconds — no signup, no credit card.

<5s average analysis time
100% private
Forever free up to 200 MB
Data deleted after analysisExport results as CSVTypical: <5s for 50 MB

Drag and drop your DMARC XML report

or click to browse from device

XML — up to 200 MB

Privacy-first. Files are never stored on our servers.How your privacy is protectedWhen you upload a file, it is written to the server's ephemeral RAM — never to any disk, database, or object storage. The file buffer is passed directly to the XML parser in memory, and the raw bytes are discarded immediately after parsing completes. Parsed results are stored in a Node.js Map keyed to a randomly generated session ID, and are evicted automatically after 30 minutes via a TTL timer. No file content, IP address, or personal data is logged or persisted. When you click "Delete data", or when the session expires, the entry is removed from the Map and becomes unreachable — there is no recovery path, no backup, and no third-party service that received the data.

The Problem

Your domain is being impersonated. Right now. Probably.

DMARC reports contain everything you need to know. But nobody reads them because nobody built a tool that makes it easy — until now.

01

XML reports are unreadable

DMARC aggregate reports are raw XML files. Opening one reveals hundreds of nested records, IP addresses, and authentication codes — not a human-readable format.

02

You have no idea who is sending email as you

Unknown IPs in your DMARC report could be legitimate services you forgot about, phishing actors, or spoofing attempts. Without WHOIS data, you can't tell.

03

Existing tools cost money or require a login

Most DMARC analysers are enterprise products. Even "free" tiers require an account, collect your data, or cap your report size.

04

Your email provider charges for detailed analytics

Detailed sender reputation and delivery analysis is often locked behind paid tiers — even though you already own the reports.

05

A misconfigured DMARC policy goes unnoticed for months

Without checking your reports regularly, a broken SPF record or rogue sending source can silently fail authentication — eroding your domain reputation.

06

DMARC Labs solves all of this

Drag in your report. Get instant, human-readable results with WHOIS-enriched senders — free, private, no account needed.

Upload your report

How it works

No account needed. No data stored. Just actionable DMARC intelligence in seconds.

01

Upload your report

Drag and drop any DMARC aggregate (rua) XML report — or a .gz / .zip archive. Files up to 200 MB are supported, processed client-side before upload.

02

Instant IP enrichment

Every sending IP is looked up for organisation name, country, ASN, and threat classification via real-time WHOIS/GeoIP enrichment.

03

Review & export

See per-IP DMARC pass rate, SPF and DKIM alignment, volume, and risk. Export everything as CSV. Your data is auto-purged after 1 hour.

Zero persistence

Files are never written to disk

GDPR compliant

In-memory only, no cookies

Auto-purge

Sessions deleted after 30 min

Sub-5s analysis

Parallel WHOIS enrichment