Set up DMARC and see who's sending email using your brand's domain.
x

How do I get raw DMARC reports from the DMARC API?

Postmark’s DMARC Weekly Digest tool can be used to implement a DMARC policy and receive weekly aggregate DMARC data from major ISPs in a human readable format. While the convenience and usability of these weekly digests is great, you may occasionally need to get the original raw data we received from ISPs that was used to generate your digest. This help article will walk you through using the DMARC Weekly Digest API to get these raw reports.

Authenticating with the DMARC REST API

When you signed up to receive DMARC Weekly Digests you received an API Token that you can use for accessing the DMARC REST API. Pass this API Token as an X-Api-Token header to the API to perform requests that require authentication. If you forgot your API Token you can reset it here.

Get the DMARC Report ID

This API call will list all the received DMARC reports for a domain with the ability to filter results by a single date or date range. Use this API call to retrieve a list of reports and use the returned Report ID associated with the domain you want to receive the raw data for. Use the from_date and to_date querystring parameters to limit the results to the date range you need the data for.

For example, if you are trying to get the raw report data for google.com, you would use the returned “id” field’s value associated with the reporting “organization_domain” google.com.

Example call using cURL

curl "https://dmarc.postmarkapp.com/records/my/reports?from_date=2017-01-02&to_date=2017-01-16&limit=100" \
  -X GET \
  -H"Accept: application/json" \
  -H"X-Api-Token: 005d8431-b020-41aa-230e-4d63a0357869"

Example response

{
  "meta" : {
    "next" : 276,
    "next_url" : "/records/e8dad1d4-7162-4c73-8ddf-5be0d64bc2a6/reports?from_date=&to_date=&limit=1&after=276",
    "total" : 2
  },
  "entries" : [
    {
      "domain" : "wildbit.com",
      "date_range_begin" : "2014-04-27T20:00:00Z",
      "date_range_end" : "2014-04-28T19:59:59Z",
      "id" : 276,
      "created_at" : "2014-07-25T11:44:55Z",
      "external_id" : "xxxxxxxxxxx",
      "organization_name" : "google.com"
    }
  ]
}

Get the raw report details using the id

Now that you have the Report ID(s) you want to receive the raw DMARC report for, you can use the Get a specific DMARC report by ID API call to retrieve the raw data sent to us by the ISP. If you want to receive the reports as XML instead of JSON, change the Accept header in your request to application/xml.

Example call using cURL

curl "https://dmarc.postmarkapp.com/records/my/reports/:id" \
  -X GET \
  -H "Accept: application/json" \
  -H "X-Api-Token: 005d8431-b020-41aa-230e-4d63a0357869"

Example response

{
  "id": 276,
  "domain": "wildbit.com",
  "date_range_begin": "2014-04-27T20:00:00Z",
  "date_range_end": "2014-04-28T19:59:59Z",
  "source_uri": "mailto:noreply-dmarc-support@google.com",
  "external_id": "xxxxxxxxx",
  "email": "noreply-dmarc-support@google.com",
  "organization_name": "google.com",
  "created_at": "2014-07-25T11:44:55Z",
  "extra_contact_info": "http://support.google.com/a/bin/answer.py?answer=2466580",
  "records": [
    {
      "header_from": "wildbit.com",
      "source_ip": "127.0.0.1",
      "source_ip_version": 4,
      "host_name": "example.org.",
      "count": 1,
      "policy_evaluated_spf": "fail",
      "policy_evaluated_dkim": "fail",
      "policy_evaluated_disposition": "none",
      "policy_evaluated_reason_type": null,
      "spf_domain": "example.org",
      "spf_result": "pass",
      "dkim_domain": null,
      "dkim_result": null
    }
  ]
}
Last updated June 10th, 2020

Still need some help?

Our customer success team has your back!