How to Parse DMARC Reports

UPDATE : As of March 9, 2016 I would recommend you instead use the more modern DMARC Report Parser.

The current buzz in the e-mail industry, is around Domain-based Message Authentication, Reporting & Conformance, commonly referred to as: DMARC. DMARC pulls together SPF and DKIM, into a method to try to stop spam and keep people from abusing your brand/domain. One of the added benefits of DMARC, is that receivers are able to report back to the domain owner, the disposition of messages being sent into their environment. Gmail is currently one of the few receivers providing these reports back, but hopefully adoption will be growing soon.

The reports sent to the domain owner, are in an XML format, making it difficult to be human-readable. Thankfully, John Levine has provided some parsing scripts to push the information into a database for easy querying. The scripts expect a certain level of knowledge and experience, so my goal is to help people unfamiliar with the steps/process.

First you will want to download the scripts to your Linux/BSD/Unix/etc system.

wget http://www.taugh.com/rddmarc/mkdmarc
wget http://www.taugh.com/rddmarc/rddmarc
wget http://www.taugh.com/rddmarc/readme

Next, you will want to edit the “mkdmarc” script, changing the passwords (last 2 lines) to something of your own choosing.

$ vi mkdmarc
(change password "xxx")

It is expected that you already have a MySQL database server running on your host, and that you are aware of the root password. The following commands will create the database in MySQL, and then import the schema needed. Enter the MySQL root password, when prompted for a password.

$ mysqladmin -u root -p create dmarc
Enter password:
$ mysql -u root -p dmarc < mkdmarc
Enter password:

Now you will need to edit the “rddmarc” script, to use the password you set in the “mkdmarc” script earlier.

$ vi rddmarc
(change password "xxx")

By default, the “rddmarc” script appears to expect to be reading raw mail files from your mail folder. So, you may need to figure out where these files are located on your system, and then do something similar to:

$./rddmarc Mail/*

My work-flow didn't allow for this method of grabbing the reports. Instead, I save each of the attachments to a folder for later processing. I then modified John's rddmarc script and created “rddmarc-ts“. So, download the file to your system:

wget http://www.techsneeze.com/wp-content/uploads/2012/05/rddmarc-ts.txt
You should now use the new script found HERE

Rename the file, and change the permissions:

$mv rddmarc-ts.txt rddmarc-ts
$chmod 755 rddmarc-ts

Now you can run the script against a folder of zip attachments:

$./rddmarc-ts reports/google.com\!techsneeze.com\!136547800\!13126478199.zip
OR
$./rddmarc-ts reports/*.zip

If you are looking for additional DMARC resources, you can find some at:
http://dmarc.org/resources.html

rddmarc-ts

One thought on “How to Parse DMARC Reports

  1. Pingback: DMARC Web Reporting Tool – TechSneeze

Leave a Reply

Your email address will not be published. Required fields are marked *