Short answer:
realm shows up in the auth dialog box the user sees telling him/her to what he/she is authenticating (e.g. $realm="mail at genesisreports.com"; in the case of (at least) 'basic' auth
One often uses:

 
my $netloc = new URI::URL($url)->netloc();
[download]

to find the netloc. It is the "Authority" part of the URI which is the host and port.

Longer Answer:
From RFC 2617:"<quote> The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL (the absoluteURI for the server whose abs_path is empty; see section 5.1.2 of [2]) of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. The realm value is a string, generally assigned by the origin server, which may have additional semantics specific to the authentication scheme. Note that there may be multiple challenges with the same auth-scheme but different realms.</quote>"

Then later in the RFC: "For Basic, the framework above is utilized as follows:

       challenge   = "Basic" realm
      credentials = "Basic" basic-credentials
[download]

Upon receipt of an unauthorized request for a URI within the protection space, the origin server MAY respond with a challenge like the following:       WWW-Authenticate: Basic realm="WallyWorld" where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI."

--traveler