Parsedmarc – Open source DMARC report analyzer and visualizer

ParseDMARC: An open source DMARC analyzer – alternative to commercial DMARC report processing tools

Blog Author : Sandeep Saxena

ParseDMARC Code on GitHub

What is DMARC?

DMARC stands for Domain-based message authentication, reporting and conformance. DMARC is an email authentication protocol which when published for a domain, ensures that any legitimate email is authenticated against DKIM and SPF standards and that any fraudulent activity appearing to come from domains is either quarantined or blocked.
 
DMARC helps in stoping spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand.

 

How DMARC works?

A DMARC policy allows a domain owner to indicate that emails from his/her domain is protected by SPF and DKIM.
 
DMARC uses a DNS record to publish information on how an email from a domain should be handled. This record helps domain owners to control what happens if a message fails authentication tests of SPF & DKIM alignment.
 
DMARC’s (SPF and DKIM) alignment checks prevents spoofing of the “header from” address by matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and matching the “header from” domain name with the “d= domain name” in the DKIM signature.
 

However many organizations are not able to deploy DMARC because of the complexities, misconceptions and costs involved with paid DMARC report analyzing tools.

Parsedmarc – an open source alternative to commercial DMARC report processing tools

Parsedmarc is a Python module and CLI utility for parsing DMARC reports. When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted open source alternative to commercial DMARC report processing services.
 

Features

  • Parses draft and 1.0 standard aggregate/rua reports
  • Parses forensic/failure/ruf reports
  • Can parse reports from an inbox over IMAP
  • Transparently handles gzip or zip compressed reports
  • Consistent data structures
  • Simple JSON and/or CSV output
  • Optionally email the results
  • Optionally send the results to Elasticsearch and/or Splunk, for use with premade dashboards
  • Optionally send reports to Apache Kafka
 
We deployed this tool and found that it serves our purpose best. Off course commercial tools have some added features and they can be deployed if someone is looking to avail those features.
 
You can take a complete look at the ParseDMARC’s   DMARC-dashboard in this PDF file
Individual screenshots of various pie charts / data are given here which will help you understand the capabilities of this open source tool.

                                                                                                 ——————————————————————————

               If you need any help to deploy this tool please reach out to Postbox Consultancy Services. Drop us a note at [email protected]

                                                                                                  ——————————————————————————

SPF Alignment

Sender Policy Framework

DKIM Alignment

                               DKIM Keys

DMARC Alignment

DMARC

 

 

DMARC Passage Over Time

 
DMARC-Over-Time

 

Reporting Organisation, Source by Reverse DNS and Volume by Header From

 

 

Message Source Countries

 
 
 
 

Top 1000 Message Source IP Addresses

 

 

 

SPF Alignment Details

 

DKIM Alignment Details

 

—————————————————————————————-

Author:
Sandeep Saxena is CEO at Postbox Consultancy Services. He is working as an email marketing and deliverability consultant for last 5 years. Before venturing in to Postbox Consultancy Services, Sandeep worked in to IT industry for close to 10 years as a DevOps consultant. Sandeep is based in Bhopal, India and when not working he is often seen reading a book or doing meditation.