Deliverability · The reports, read for you

See every server sending as you — across all your domains.

Every mailbox provider already sends back a daily report of who is sending — and forging — as your domain. It arrives as XML nobody reads. Folio reads it, for every business you run, and shows the one number that matters: can the world still spoof you?

Reads
DMARC aggregate reports, parsed daily per provider
Shows
Per-domain pass rate and the exact IPs failing as you
Tells you
When it's finally safe to move to p=reject

I · The blind spot

You can prove who you are. You can't see who's pretending to be you.

SPF, DKIM, and DMARC let receivers verify your mail. But publishing those records is a one-way broadcast — you send the signal and never hear what came back. Somewhere out there, servers are putting your From address on mail you never wrote, and unless you go looking, you have no idea whether it's a handful or a flood.

There is a feedback loop: the DMARC aggregate report. Every provider that receives mail claiming to be from your domain mails back a daily summary of who sent it and whether it authenticated. The problem is the format — raw XML, one file per provider, per domain, every single day. For one operator running several brands, that's a dozen unreadable attachments a day. So the reports pile up unread, and the question — can the world still spoof me? — goes permanently unanswered.

II · The reports, made legible

One view. Every domain. The forgers, named.

Publish a one-line rua= record and Folio parses every provider's daily report into a single dashboard. Here is what a portfolio operator sees — an honest reproduction of the shipped view.

Folio · Deliverability — last 14 days

6
Domains
18,402
Messages
99%
Pass rate
1
Need attention
  • hearth-and-board.comp=reject100% pass
  • field-supply.cop=quarantine99% pass
  • hush-candle-co.comp=none86% pass

Failing sources — sending as you, not passing

  • 203.0.113.44unknown · 4 messages failedNot one of your senders. A forger using your From line.
  • 198.51.100.7mailchimp · 11 messages failedA real sender you forgot to authorize — fix SPF, don't reject.
Reproduction of the in-app dashboard. Numbers illustrative; labels verbatim.

III · The portfolio view

Every business you run, in one pass-rate column.

A single Google Workspace gives you one domain's reports behind one admin console. Run six brands and that's six consoles — or six separate DMARC tools, six logins, six bills. Folio was built for the operator holding the whole portfolio: bind every domain once, and they all report into the same masthead. One pass rate for the whole house, one list of domains that need a look, one place to catch the brand whose policy is still stuck at p=none.

IV · The ladder

From “publishing” to “protected,” safely.

Most domains are stuck at p=none — records published, but telling receivers to do nothing about forgeries. The reason is fear: tighten too early and you might bounce your own newsletter. The dashboard removes the guesswork. It watches the pass rate, separates real senders you forgot to authorize from outright forgers, and marks a domain clean only when a full window proves your legitimate mail aligns. Then you walk it up — nonequarantinereject — knowing the only thing you'll start rejecting is the forgeries.

Free tool Check where a domain stands now → Inbound side How Folio stops spoofed mail reaching you → By operator Email authentication for your kind of business →

V · Plainly asked

Questions, answered.

What is a DMARC aggregate (rua) report?
Once a day, each mailbox provider that received mail claiming to be from your domain sends back an XML summary: which IPs sent as you, how many messages, and whether they passed SPF and DKIM alignment. It's the only feedback loop that shows you who is sending — and forging — as your domain. The catch is that it arrives as raw XML, per provider, per domain, every day, which is why almost nobody reads it.
How does Folio show who's sending as my domain?
Publish a one-line rua= record pointing at Folio and the reports start flowing in. Folio parses every provider's daily report and rolls them into one view: a volume-weighted pass rate per domain, the specific IPs and hostnames failing authentication (a forger using your From line looks different from a real sender you forgot to authorize), and which providers are reporting. No XML, no spreadsheets.
I run several businesses — does this work across all my domains?
That's the point. Every domain you've bound to Folio reports into one masthead rollup: total domains, messages across the window, a portfolio pass rate, and a count of domains that need attention. You see the whole portfolio's authentication health in one place instead of logging into a different DMARC tool per brand.
When is it safe to move my policy to p=reject?
When a domain has passed DMARC on effectively every reported message across the window, and the only failures are forgers rather than your own misconfigured senders. Folio marks a domain clean when it's ready and walks the policy up the ladder — p=none to collect data, p=quarantine, then p=reject — so you tighten only once a clean window proves real mail won't be caught.
Does a forger failing DMARC mean my mail is safe?
It means receivers that honor your DMARC policy can reject the forgery — once your policy is actually at p=quarantine or p=reject. A failing source at p=none is still being delivered somewhere with a shrug. The dashboard's job is to give you the confidence to move off p=none, which is where most domains are stuck and spoofable.

Stop guessing whether you're spoofable.

Bind a domain, publish one rua= line, and watch the reports you were never reading turn into a single answer. Start free — no card.

Start free — no cardvs. Google Workspace

Sources