How to Parse DMARC Reports via IMAP

UPDATE : As of March 9, 2016, imap-dmarcts has been renamed to dmarcts-report-parser! We’ve also moved the code to GitHub to better facilitate contributions from our users!

After my recent post about “How to Parse DMARC Reports“, I decided to find a way to directly query an IMAP folder to parse reports. I have started with John Levine’s rddmarc script, and modified it to connect to an IMAP server.

In the process of working on this, I also discovered that some receivers are sending their DMARC reports as multipart attachments. The original rddmarc script did not seem to handle this condition well, so I added this capability as well.

The script assumes you have already setup the database aspects already detailed in : How to Parse DMARC Reports

You can download the script here : dmarcts-report-parser.pl

OR… you can follow these steps…


wget https://github.com/techsneeze/dmarcts-report-parser/raw/master/dmarcts-report-parser.pl
chmod 755 dmarcts-report-parser.pl

Next, you’ll want to either edit the script or have a separate file named “dmarcts-report-parser.conf” (template) with the following information:


####################################################################
### configuration ##################################################
####################################################################

# If IMAP access is not used, config options starting with $imap
# do not need to be set and are ignored.

$debug = 0;
$delete_reports = 0;

$dbname = 'dmarc';
$dbuser = 'dmarc';
$dbpass = 'xxx';
$dbhost = ''; # Set the hostname if we can't connect to the local socket.

$imapserver = 'mail.example.com:143';
$imapuser = 'dmarcreports';
$imappass = 'xxx';
$imapssl = '0'; # If set to 1, remember to change server port to 993.
$imaptls = '1'; # Enabled as the default and best-practice.
$imapreadfolder = 'Inbox';

# If $imapmovefolder is set, processed IMAP messages
# will be moved (overruled by the --delete option!)
$imapmovefolder = 'Inbox.processed';

You’ll see that you need to put the appropriate IMAP server settings, as well as the source folder and what folder to put them in once processed. In my example, I am looking in the Inbox, and then moving to a “processed” folder. You will also need to edit the database destination.

Once the settings are changed, you can simply run the script:

./dmarcts-report-parser.pl

You may want to use the DMARC Web Reporting Tool to display your parsed reports.

Also available via GitHub repository :

8 thoughts on “How to Parse DMARC Reports via IMAP

  1. Pingback: How to Parse DMARC Reports – TechSneeze.com

    1. superdave Post author

      All of those links worked for me just now. You may want to try again, or try a different network/computer.

      I’d prefer to let him be the source of truth for those, as he has made tweaks over time.

  2. John

    The script is adding missing tables and missing columns. All you have to do is to setup a database and and a database user, which can create and modify tables in that database. Do not forget to provide database server, database name, database user and password in the config file.

  3. Pingback: Skab overblik over dine DMARC rapporter – NerdGirl

  4. Pingback: Simple DMARC report parsing and visualizing toolkit – oxcrag.net