Parsedmarc – Open source DMARC report analyzer and visualizer

An open source alternative to commercial DMARC report processing tools

Blog Author : Sandeep Saxena

ParseDMARC Code on GitHub

What is DMARC?

DMARC stands for Domain-based message authentication, reporting and conformance. DMARC is an email authentication protocol which when published for a domain, ensures that any legitimate email is authenticated against DKIM and SPF standards and that any fraudulent activity appearing to come from domains is either quarantined or blocked.

DMARC helps in stoping spoofed spam and phishing from reaching you and your customers, protecting your information security and your brand.

How DMARC works ?

A DMARC policy allows a domain owner to indicate that emails from his/her domain is protected by SPF and DKIM.

DMARC uses a DNS record to publish information on how an email from a domain should be handled. This record helps domain owners to control what happens if a message fails authentication tests of SPF & DKIM alignment

DMARC’s (SPF and DKIM) alignment checks prevents spoofing of the “header from” address by:

Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and
Matching the “header from” domain name with the “d= domain name” in the DKIM signature.

However many organisations are not able to deploy DMARC because of the complexities, misconceptions and costs involved with paid DMARC report analysing tools.

Parsedmarc – an open source alternative to commercial DMARC report processing tools

parsedmarc is a Python module and CLI utility for parsing DMARC reports. When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted open source alternative to commercial DMARC report processing services.

Features
Parses draft and 1.0 standard aggregate/rua reports
Parses forensic/failure/ruf reports
Can parse reports from an inbox over IMAP
Transparently handles gzip or zip compressed reports
Consistent data structures
Simple JSON and/or CSV output
Optionally email the results
Optionally send the results to Elasticsearch and/or Splunk, for use with premade dashboards
Optionally send reports to Apache Kafka

We deployed this tool and found that it serves our purpose best. Off course commercial tools have some added features and they can be deployed if someone is looking to avail those features.

You can take a complete look at the ParseDMARC’s  DMARC-dashboard in this PDF file.

Individual screenshots of various pie charts / data are given here which will help you understand the capabilities of this open source tool.

——————————————————————————

If you need any help to deploy this tool please reach out to Postbox Consultancy Services. Drop us a note at [email protected]

  ——————————————————————————

SPF Alignment

SPF DMARC Pie Chart

 

DKIM Alignment

DKIM Alignment Pie Chart

DMARC Alignment

DMARC Alignment Pie Chart

 

DMARC Passage Over Time

DMARC passage over time

 

Reporting Organisation, Source by Reverse DNS and Volume by Header From

DMARC reporting organizations

 

Message Source Countries

message source countries

 

Top 1000 Message Source IP Addresses

DMARC source ip address

 

SPF Alignment Details

SPF Alignment Details

 

DKIM Alignment Details

DKIM Alignment Details

 

——————————————————————————

If you need any help to deploy this tool please reach out to Postbox Consultancy Services. Drop us a note at [email protected]

  ——————————————————————————

Sandeep Saxena Bio

Sandeep Saxena Bio

Sandeep Saxena is Director and CEO of Postbox Consultancy Services.