Parsedmarc – Open source DMARC report analyzer and visualizer
ParseDMARC: An open source DMARC analyzer – alternative to commercial DMARC report processing tools
Blog Author : Sandeep Saxena
What is DMARC?
DMARC stands for Domain-based message authentication, reporting and conformance. DMARC is an email authentication protocol which when published for a domain, ensures that any legitimate email is authenticated against DKIM and SPF standards and that any fraudulent activity appearing to come from domains is either quarantined or blocked.
DMARC helps in stoping spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand.
How DMARC works?
A DMARC policy allows a domain owner to indicate that emails from his/her domain is protected by SPF and DKIM.
DMARC uses a DNS record to publish information on how an email from a domain should be handled. This record helps domain owners to control what happens if a message fails authentication tests of SPF & DKIM alignment.
DMARC’s (SPF and DKIM) alignment checks prevents spoofing of the “header from” address by matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and matching the “header from” domain name with the “d= domain name” in the DKIM signature.
However many organizations are not able to deploy DMARC because of the complexities, misconceptions and costs involved with paid DMARC report analyzing tools.
Parsedmarc – an open source alternative to commercial DMARC report processing tools
Parsedmarc is a Python module and CLI utility for parsing DMARC reports. When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted open source alternative to commercial DMARC report processing services.
- Parses draft and 1.0 standard aggregate/rua reports
- Parses forensic/failure/ruf reports
- Can parse reports from an inbox over IMAP
- Transparently handles gzip or zip compressed reports
- Consistent data structures
- Simple JSON and/or CSV output
- Optionally email the results
- Optionally send the results to Elasticsearch and/or Splunk, for use with premade dashboards
- Optionally send reports to Apache Kafka
We deployed this tool and found that it serves our purpose best. Off course commercial tools have some added features and they can be deployed if someone is looking to avail those features.
You can take a complete look at the ParseDMARC’s DMARC-dashboard in this PDF file.
Individual screenshots of various pie charts / data are given here which will help you understand the capabilities of this open source tool.
If you need any help to deploy this tool please reach out to Postbox Consultancy Services. Drop us a note at [email protected]
DMARC Passage Over Time
Reporting Organisation, Source by Reverse DNS and Volume by Header From
Message Source Countries
Top 1000 Message Source IP Addresses
SPF Alignment Details
DKIM Alignment Details