This is a command-line tool to parse DMARC aggregate reports and output the results in an easy to read manner.
This tools does not download the DMARC reports from a mailbox, but consumes the previously downloaded reports from a local directory. This tool does not connect to the Internet.
Given a directory, it will parse all reports for a given domain (from .xml
,
.xml.gz
, .zip
files) and output a simplified DMARC report summary.
For example:
$ dmarc-report ~/Downloads example.com
DKIM report for domain: example.com
Reporter: google.com
Begin End Policy: DKIM SPF Auth: DKIM SPF
2023-09-22 02:00:00 2023-09-24 01:59:59 pass pass pass pass
2023-10-06 02:00:00 2023-10-07 01:59:59 pass pass pass pass
2023-10-29 02:00:00 2023-10-30 00:59:59 pass pass pass pass
2023-11-13 01:00:00 2023-11-14 00:59:59 pass pass pass pass
2023-12-04 01:00:00 2023-12-05 00:59:59 FAIL pass FAIL pass
2023-12-07 01:00:00 2023-12-08 00:59:59 pass pass pass pass
Reporter: Outlook.com
Begin End Policy: DKIM SPF Auth: DKIM SPF
2023-09-28 02:00:00 2023-09-29 02:00:00 pass pass pass pass
2023-10-03 02:00:00 2023-10-04 02:00:00 pass pass pass pass
2023-10-06 02:00:00 2023-10-07 02:00:00 pass pass pass pass
2023-11-12 01:00:00 2023-11-14 01:00:00 pass pass pass pass
2023-12-07 01:00:00 2023-12-08 01:00:00 pass pass pass pass
go install github.com/candidtim/[email protected]
Usage (show with dmarc-report -h
):
dmarc-report [OPTIONS] DIRECTORY DOMAIN
Options:
-c Show color output (default true)
-f Show only the failures
Example:
dmarc-report ~/Downloads example.com
Latter will look for all files matching the DMARC report file name format
(receiver "!" policy-domain "!" begin-timestamp "!" end-timestamp "." extension
),
decompress .gz
and .zip
files if necessary, and output an aggregated
summary.
- Parses DMARC aggregate reports only (what is normally received by email when DMARC is set up for a domain)
- Ignores duplicate reports (if there are multiple copies of the same report in the same directory; typically the case if some reports were extracted manually after they have been downloaded)
- Merges subsequent reports (where the start time of a subsequent report is the same as the end time of a previous one)
- Tested on most popular DMARC reports (Google, Outlook). Not extensively tested in various complex scenarios.
Note that this tool is originally implemented for individuals who own their domains, set up DMARC, and want to review the reports regularly. Some more complex scenarios may not be supported. However, feel free to submit issues, propose features, or better yet - pull requests.