A Python module and CLI for parsing aggregate DMARC reports

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Sean.Whalen from gravatar.com Sean.Whalen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Sean Whalen
  • Tags DMARC, reporting, parser
Classifiers

Project description

Build Status

pasedmarc is a Python module and CLI utility for parsing aggregate DMARC reports.

Features

  • Parses draft and 1.0 standard aggregate reports

  • Transparently handles gzip or zip compressed reports

  • Consistent data structures

  • Simple JSON or CSV output

  • Python 2 and 3 support

CLI help

usage: parsedmarc.py [-h] [-f FORMAT] [-o OUTPUT]
                     [-n NAMESERVER [NAMESERVER ...]] [-t TIMEOUT] [-v]
                     file_path [file_path ...]

Parses aggregate DMARC reports

positional arguments:
  file_path             one or more paths of aggregate report files
                        (compressed or uncompressed)

optional arguments:
  -h, --help            show this help message and exit
  -f FORMAT, --format FORMAT
                        specify JSON or CSV output format
  -o OUTPUT, --output OUTPUT
                        output to a file path rather than printing to the
                        screen
  -n NAMESERVER [NAMESERVER ...], --nameserver NAMESERVER [NAMESERVER ...]
                        nameservers to query
  -t TIMEOUT, --timeout TIMEOUT
                        number of seconds to wait for an answer from DNS
                        (default 6.0)
  -v, --version         show program's version number and exit

Sample output

Here are the results from parsing the example report from the dmarc.org wiki. It’s actually an older draft of the the 1.0 report schema standardized in RFC 7480 Appendix C. This draft schema is still in wide use.

parsedmarc produces consistent, normalized output, regardless of the report schema.

JSON

{
  "xml_schema": "draft",
  "report_metadata": {
    "org_name": "acme.com",
    "org_email": "noreply-dmarc-support@acme.com",
    "org_extra_contact_info": "http://acme.com/dmarc/support",
    "report_id": "9391651994964116463",
    "begin_date": "2012-04-27 20:00:00",
    "end_date": "2012-04-28 19:59:59",
    "errors": []
  },
  "policy_published": {
    "domain": "example.com",
    "adkim": "r",
    "aspf": "r",
    "p": "none",
    "sp": "none",
    "pct": "100",
    "fo": "0"
  },
  "records": [
    {
      "source": {
        "ip_address": "72.150.241.94",
        "country": "US",
        "reverse_dns": "adsl-72-150-241-94.shv.bellsouth.net",
        "base_domain": "bellsouth.net"
      },
      "count": 2,
      "policy_evaluated": {
        "disposition": "none",
        "dkim": "fail",
        "spf": "pass",
        "policy_override_reasons": []
      },
      "identifiers": {
        "header_from": "example.com",
        "envelope_from": "example.com",
        "envelope_to": null
      },
      "auth_results": {
        "dkim": [
          {
            "domain": "example.com",
            "selector": "none",
            "result": "fail"
          }
        ],
        "spf": [
          {
            "domain": "example.com",
            "scope": "mfrom",
            "result": "pass"
          }
        ]
      }
    }
  ]
}

CSV

xml_schema,org_name,org_email,org_extra_contact_info,report_id,begin_date,end_date,errors,domain,adkim,aspf,p,sp,pct,fo,source_ip_address,source_country,source_reverse_dns,source_base_domain,count,disposition,dkim_alignment,spf_alignment,policy_override_reasons,policy_override_comments,envelope_from,header_from,envelope_to,dkim_domains,dkim_selectors,dkim_results,spf_domains,spf_scopes,spf_results
draft,acme.com,noreply-dmarc-support@acme.com,http://acme.com/dmarc/support,9391651994964116463,2012-04-27 20:00:00,2012-04-28 19:59:59,,example.com,r,r,none,none,100,0,72.150.241.94,US,adsl-72-150-241-94.shv.bellsouth.net,bellsouth.net,2,none,fail,pass,,,example.com,example.com,,example.com,none,fail,example.com,mfrom,pass

What about forensic DMARC reports?

Forensic DMARC reports are emails with an attached email sample that failed a DMARC check. You can parse them with any email message parser, such as mail-parser.

Very few recipients send forensic reports, and even those who do will often provide only the message headers, and not the message’s content, for privacy reasons.

Installation

parsedmarc works with Python 2 or 3, but Python 3 is preferred.

On Debian or Ubuntu systems, run:

$ sudo apt-get install python3-pip

Python 3 installers for Windows and macOS can be found at https://www.python.org/downloads/

To install or upgrade to the latest stable release of parsedmarc on macOS or Linux, run

$ sudo -H pip3 install -U checkdmarc

Or, install the latest development release directly from GitHub:

$ sudo -H pip3 install -U git+https://github.com/domainaware/parsedmarc.git

Documentation

https://domainaware.github.io/parsedmarc

Bug reports

Please report bugs on the GitHub issue tracker

https://github.com/domainaware/parsedmarc/issues

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Sean.Whalen from gravatar.com Sean.Whalen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache 2.0)
  • Author: Sean Whalen
  • Tags DMARC, reporting, parser
Classifiers

Release history Release notifications | RSS feed

8.16.0

8.15.4

8.15.3

8.15.2

8.15.1

8.15.0

8.14.1

8.14.0

8.13.0

8.12.0

8.11.0

8.10.3

8.10.2

8.10.1

8.10.0

8.9.4

8.9.3

8.9.2

8.9.1

8.8.0

8.7.0

8.6.4

8.6.3

8.6.2

8.6.1

8.6.0

8.5.0

8.4.2

8.4.1

8.4.0

8.3.2

8.3.1

8.3.0

8.2.0

8.1.1

8.1.0

8.0.3

8.0.2 yanked

Reason this release was yanked:

IMAP bugs

8.0.1 yanked

Reason this release was yanked:

IMAP bugs

8.0.0 yanked

Reason this release was yanked:

Broken packaging

7.1.1

7.1.0

7.0.1

7.0.0

6.12.0

6.11.0

6.10.0

6.9.0

6.8.2

6.8.1

6.8.0

6.7.4

6.7.3

6.7.2

6.7.1

6.7.0

6.6.1

6.6.0

6.5.5

6.5.4

6.5.3

6.5.2

6.5.1

6.5.0

6.4.2

6.4.1

6.4.0

6.3.7

6.3.6

6.3.5

6.3.4

6.3.3

6.3.2

6.3.1

6.3.0

6.2.2

6.2.1

6.2.0

6.1.8

6.1.6

6.1.5

6.1.3

6.1.2

6.1.1

6.1.0

6.0.3

6.0.2

6.0.1

6.0.0

5.3.0

5.2.1

5.2.0

5.1.3

5.1.2

5.1.1

5.1.0

5.0.2

5.0.1

5.0.0

4.4.1

4.4.0

4.3.8

4.3.7

4.3.6

4.3.5

4.3.4

4.3.3

4.3.2

4.3.1

4.3.0

4.2.1

4.2.0

4.1.9

4.1.8

4.1.7

4.1.6

4.1.5

4.1.4

4.1.3

4.1.2

4.1.1

4.1.0

4.0.2

4.0.1

4.0.0

3.9.7

3.9.6

3.9.5

3.9.4

3.9.3

3.9.2

3.9.1

3.9.0

3.8.2

3.8.0

3.7.3

3.7.2

3.7.1

3.7.0

3.6.1

3.6.0

3.5.1

3.5.0

3.4.1

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

This version

1.1.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

parsedmarc-1.1.0-py2.py3-none-any.whl (12.8 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file parsedmarc-1.1.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for parsedmarc-1.1.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 3b0b30979b2ce5aeae22b89b2521cfb92a01ee183ae8d5313c75bf0062e9a27b
MD5 f41dc55b4219dbf9fe875909cd819a7c
BLAKE2b-256 e890909b897011a3622d4e2c6109fd5cb426159d43756bc101395e9d44915cf8

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page