diff --git a/_modules/index.html b/_modules/index.html
index c974b32..370330a 100644
--- a/_modules/index.html
+++ b/_modules/index.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Overview: module code &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Overview: module code &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../_static/jquery.js?v=5d32c60e"></script>
       <script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../_static/doctools.js?v=9bcbadda"></script>
       <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../_static/js/theme.js"></script>
diff --git a/_modules/parsedmarc.html b/_modules/parsedmarc.html
index 543b6e4..60157b9 100644
--- a/_modules/parsedmarc.html
+++ b/_modules/parsedmarc.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../_static/jquery.js?v=5d32c60e"></script>
       <script src="../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../_static/doctools.js?v=9bcbadda"></script>
       <script src="../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../_static/js/theme.js"></script>
@@ -98,7 +98,7 @@
 <span class="kn">from</span> <span class="nn">base64</span> <span class="kn">import</span> <span class="n">b64decode</span>
 <span class="kn">from</span> <span class="nn">collections</span> <span class="kn">import</span> <span class="n">OrderedDict</span>
 <span class="kn">from</span> <span class="nn">csv</span> <span class="kn">import</span> <span class="n">DictWriter</span>
-<span class="kn">from</span> <span class="nn">datetime</span> <span class="kn">import</span> <span class="n">datetime</span>
+<span class="kn">from</span> <span class="nn">datetime</span> <span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span>
 <span class="kn">from</span> <span class="nn">io</span> <span class="kn">import</span> <span class="n">BytesIO</span><span class="p">,</span> <span class="n">StringIO</span>
 <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">Callable</span>
 
@@ -109,13 +109,18 @@
 <span class="kn">from</span> <span class="nn">mailsuite.smtp</span> <span class="kn">import</span> <span class="n">send_email</span>
 
 <span class="kn">from</span> <span class="nn">parsedmarc.log</span> <span class="kn">import</span> <span class="n">logger</span>
-<span class="kn">from</span> <span class="nn">parsedmarc.mail</span> <span class="kn">import</span> <span class="n">MailboxConnection</span>
+<span class="kn">from</span> <span class="nn">parsedmarc.mail</span> <span class="kn">import</span> <span class="p">(</span>
+    <span class="n">MailboxConnection</span><span class="p">,</span>
+    <span class="n">IMAPConnection</span><span class="p">,</span>
+    <span class="n">MSGraphConnection</span><span class="p">,</span>
+    <span class="n">GmailConnection</span><span class="p">,</span>
+<span class="p">)</span>
 <span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">get_base_domain</span><span class="p">,</span> <span class="n">get_ip_address_info</span>
 <span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">is_outlook_msg</span><span class="p">,</span> <span class="n">convert_outlook_msg</span>
 <span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">parse_email</span>
 <span class="kn">from</span> <span class="nn">parsedmarc.utils</span> <span class="kn">import</span> <span class="n">timestamp_to_human</span><span class="p">,</span> <span class="n">human_timestamp_to_datetime</span>
 
-<span class="n">__version__</span> <span class="o">=</span> <span class="s2">&quot;8.15.4&quot;</span>
+<span class="n">__version__</span> <span class="o">=</span> <span class="s2">&quot;8.16.1&quot;</span>
 
 <span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">&quot;parsedmarc v</span><span class="si">{0}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">__version__</span><span class="p">))</span>
 
@@ -1642,6 +1647,7 @@
     <span class="n">strip_attachment_payloads</span><span class="o">=</span><span class="kc">False</span><span class="p">,</span>
     <span class="n">results</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span>
     <span class="n">batch_size</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span>
+    <span class="n">since</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span>
     <span class="n">create_folders</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span>
 <span class="p">):</span>
 <span class="w">    </span><span class="sd">&quot;&quot;&quot;</span>
@@ -1665,6 +1671,8 @@
 <span class="sd">        results (dict): Results from the previous run</span>
 <span class="sd">        batch_size (int): Number of messages to read and process before saving</span>
 <span class="sd">            (use 0 for no limit)</span>
+<span class="sd">        since: Search for messages since certain time</span>
+<span class="sd">            (units - {&quot;m&quot;:&quot;minutes&quot;, &quot;h&quot;:&quot;hours&quot;, &quot;d&quot;:&quot;days&quot;, &quot;w&quot;:&quot;weeks&quot;})</span>
 <span class="sd">        create_folders (bool): Whether to create the destination folders</span>
 <span class="sd">            (not used in watch)</span>
 
@@ -1677,6 +1685,9 @@
     <span class="k">if</span> <span class="n">connection</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
         <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span><span class="s2">&quot;Must supply a connection&quot;</span><span class="p">)</span>
 
+    <span class="c1"># current_time useful to fetch_messages later in the program</span>
+    <span class="n">current_time</span> <span class="o">=</span> <span class="kc">None</span>
+
     <span class="n">aggregate_reports</span> <span class="o">=</span> <span class="p">[]</span>
     <span class="n">forensic_reports</span> <span class="o">=</span> <span class="p">[]</span>
     <span class="n">smtp_tls_reports</span> <span class="o">=</span> <span class="p">[]</span>
@@ -1700,11 +1711,50 @@
         <span class="n">connection</span><span class="o">.</span><span class="n">create_folder</span><span class="p">(</span><span class="n">smtp_tls_reports_folder</span><span class="p">)</span>
         <span class="n">connection</span><span class="o">.</span><span class="n">create_folder</span><span class="p">(</span><span class="n">invalid_reports_folder</span><span class="p">)</span>
 
-    <span class="n">messages</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_messages</span><span class="p">(</span><span class="n">reports_folder</span><span class="p">,</span> <span class="n">batch_size</span><span class="o">=</span><span class="n">batch_size</span><span class="p">)</span>
+    <span class="k">if</span> <span class="n">since</span><span class="p">:</span>
+        <span class="n">_since</span> <span class="o">=</span> <span class="mi">1440</span>  <span class="c1"># default one day</span>
+        <span class="k">if</span> <span class="n">re</span><span class="o">.</span><span class="n">match</span><span class="p">(</span><span class="sa">r</span><span class="s2">&quot;\d+[mhd]$&quot;</span><span class="p">,</span> <span class="n">since</span><span class="p">):</span>
+            <span class="n">s</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="sa">r</span><span class="s2">&quot;(\d+)&quot;</span><span class="p">,</span> <span class="n">since</span><span class="p">)</span>
+            <span class="k">if</span> <span class="n">s</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="o">==</span> <span class="s2">&quot;m&quot;</span><span class="p">:</span>
+                <span class="n">_since</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">s</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span>
+            <span class="k">elif</span> <span class="n">s</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="o">==</span> <span class="s2">&quot;h&quot;</span><span class="p">:</span>
+                <span class="n">_since</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">s</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="o">*</span> <span class="mi">60</span>
+            <span class="k">elif</span> <span class="n">s</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="o">==</span> <span class="s2">&quot;d&quot;</span><span class="p">:</span>
+                <span class="n">_since</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">s</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">24</span>
+            <span class="k">elif</span> <span class="n">s</span><span class="p">[</span><span class="mi">2</span><span class="p">]</span> <span class="o">==</span> <span class="s2">&quot;w&quot;</span><span class="p">:</span>
+                <span class="n">_since</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">s</span><span class="p">[</span><span class="mi">1</span><span class="p">])</span> <span class="o">*</span> <span class="mi">60</span> <span class="o">*</span> <span class="mi">24</span> <span class="o">*</span> <span class="mi">7</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="n">logger</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span>
+                <span class="s2">&quot;Incorrect format for &#39;since&#39; option. </span><span class="se">\</span>
+<span class="s2">                           Provided value:</span><span class="si">{0}</span><span class="s2">, Expected values:(5m|3h|2d|1w). </span><span class="se">\</span>
+<span class="s2">                           Ignoring option, fetching messages for last 24hrs&quot;</span>
+                <span class="s2">&quot;SMTP does not support a time or timezone in since.&quot;</span>
+                <span class="s2">&quot;See https://www.rfc-editor.org/rfc/rfc3501#page-52&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="n">since</span><span class="p">)</span>
+            <span class="p">)</span>
+
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">connection</span><span class="p">,</span> <span class="n">IMAPConnection</span><span class="p">):</span>
+            <span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span>
+                <span class="s2">&quot;Only days and weeks values in &#39;since&#39; option are </span><span class="se">\</span>
+<span class="s2">                         considered for IMAP conections. Examples: 2d or 1w&quot;</span>
+            <span class="p">)</span>
+            <span class="n">since</span> <span class="o">=</span> <span class="p">(</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span> <span class="o">-</span> <span class="n">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">_since</span><span class="p">))</span><span class="o">.</span><span class="n">date</span><span class="p">()</span>
+            <span class="n">current_time</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span><span class="o">.</span><span class="n">date</span><span class="p">()</span>
+        <span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">connection</span><span class="p">,</span> <span class="n">MSGraphConnection</span><span class="p">):</span>
+            <span class="n">since</span> <span class="o">=</span> <span class="p">(</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span> <span class="o">-</span> <span class="n">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">_since</span><span class="p">))</span><span class="o">.</span><span class="n">isoformat</span><span class="p">()</span> <span class="o">+</span> <span class="s2">&quot;Z&quot;</span>
+            <span class="n">current_time</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span><span class="o">.</span><span class="n">isoformat</span><span class="p">()</span> <span class="o">+</span> <span class="s2">&quot;Z&quot;</span>
+        <span class="k">elif</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">connection</span><span class="p">,</span> <span class="n">GmailConnection</span><span class="p">):</span>
+            <span class="n">since</span> <span class="o">=</span> <span class="p">(</span><span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span> <span class="o">-</span> <span class="n">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">_since</span><span class="p">))</span><span class="o">.</span><span class="n">strftime</span><span class="p">(</span><span class="s2">&quot;</span><span class="si">%s</span><span class="s2">&quot;</span><span class="p">)</span>
+            <span class="n">current_time</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">utcnow</span><span class="p">()</span><span class="o">.</span><span class="n">strftime</span><span class="p">(</span><span class="s2">&quot;</span><span class="si">%s</span><span class="s2">&quot;</span><span class="p">)</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="k">pass</span>
+
+    <span class="n">messages</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_messages</span><span class="p">(</span>
+        <span class="n">reports_folder</span><span class="p">,</span> <span class="n">batch_size</span><span class="o">=</span><span class="n">batch_size</span><span class="p">,</span> <span class="n">since</span><span class="o">=</span><span class="n">since</span>
+    <span class="p">)</span>
     <span class="n">total_messages</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">messages</span><span class="p">)</span>
     <span class="n">logger</span><span class="o">.</span><span class="n">debug</span><span class="p">(</span><span class="s2">&quot;Found </span><span class="si">{0}</span><span class="s2"> messages in </span><span class="si">{1}</span><span class="s2">&quot;</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="nb">len</span><span class="p">(</span><span class="n">messages</span><span class="p">),</span> <span class="n">reports_folder</span><span class="p">))</span>
 
-    <span class="k">if</span> <span class="n">batch_size</span><span class="p">:</span>
+    <span class="k">if</span> <span class="n">batch_size</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">since</span><span class="p">:</span>
         <span class="n">message_limit</span> <span class="o">=</span> <span class="nb">min</span><span class="p">(</span><span class="n">total_messages</span><span class="p">,</span> <span class="n">batch_size</span><span class="p">)</span>
     <span class="k">else</span><span class="p">:</span>
         <span class="n">message_limit</span> <span class="o">=</span> <span class="n">total_messages</span>
@@ -1718,7 +1768,13 @@
                 <span class="n">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">message_limit</span><span class="p">,</span> <span class="n">msg_uid</span>
             <span class="p">)</span>
         <span class="p">)</span>
-        <span class="n">msg_content</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_message</span><span class="p">(</span><span class="n">msg_uid</span><span class="p">)</span>
+        <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">mailbox</span><span class="p">,</span> <span class="n">MSGraphConnection</span><span class="p">):</span>
+            <span class="k">if</span> <span class="n">test</span><span class="p">:</span>
+                <span class="n">msg_content</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_message</span><span class="p">(</span><span class="n">msg_uid</span><span class="p">,</span> <span class="n">mark_read</span><span class="o">=</span><span class="kc">False</span><span class="p">)</span>
+            <span class="k">else</span><span class="p">:</span>
+                <span class="n">msg_content</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_message</span><span class="p">(</span><span class="n">msg_uid</span><span class="p">,</span> <span class="n">mark_read</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
+        <span class="k">else</span><span class="p">:</span>
+            <span class="n">msg_content</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="n">fetch_message</span><span class="p">(</span><span class="n">msg_uid</span><span class="p">)</span>
         <span class="k">try</span><span class="p">:</span>
             <span class="n">sa</span> <span class="o">=</span> <span class="n">strip_attachment_payloads</span>
             <span class="n">parsed_email</span> <span class="o">=</span> <span class="n">parse_report_email</span><span class="p">(</span>
@@ -1849,7 +1905,12 @@
         <span class="p">]</span>
     <span class="p">)</span>
 
-    <span class="n">total_messages</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">connection</span><span class="o">.</span><span class="n">fetch_messages</span><span class="p">(</span><span class="n">reports_folder</span><span class="p">))</span>
+    <span class="k">if</span> <span class="n">current_time</span><span class="p">:</span>
+        <span class="n">total_messages</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span>
+            <span class="n">connection</span><span class="o">.</span><span class="n">fetch_messages</span><span class="p">(</span><span class="n">reports_folder</span><span class="p">,</span> <span class="n">since</span><span class="o">=</span><span class="n">current_time</span><span class="p">)</span>
+        <span class="p">)</span>
+    <span class="k">else</span><span class="p">:</span>
+        <span class="n">total_messages</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">connection</span><span class="o">.</span><span class="n">fetch_messages</span><span class="p">(</span><span class="n">reports_folder</span><span class="p">))</span>
 
     <span class="k">if</span> <span class="ow">not</span> <span class="n">test</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">batch_size</span> <span class="ow">and</span> <span class="n">total_messages</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span>
         <span class="c1"># Process emails that came in during the last run</span>
@@ -1868,6 +1929,7 @@
             <span class="n">reverse_dns_map_path</span><span class="o">=</span><span class="n">reverse_dns_map_path</span><span class="p">,</span>
             <span class="n">reverse_dns_map_url</span><span class="o">=</span><span class="n">reverse_dns_map_url</span><span class="p">,</span>
             <span class="n">offline</span><span class="o">=</span><span class="n">offline</span><span class="p">,</span>
+            <span class="n">since</span><span class="o">=</span><span class="n">current_time</span><span class="p">,</span>
         <span class="p">)</span>
 
     <span class="k">return</span> <span class="n">results</span></div>
diff --git a/_modules/parsedmarc/elastic.html b/_modules/parsedmarc/elastic.html
index 538218c..338cd72 100644
--- a/_modules/parsedmarc/elastic.html
+++ b/_modules/parsedmarc/elastic.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc.elastic &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc.elastic &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../../_static/jquery.js?v=5d32c60e"></script>
       <script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../../_static/doctools.js?v=9bcbadda"></script>
       <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../../_static/js/theme.js"></script>
diff --git a/_modules/parsedmarc/opensearch.html b/_modules/parsedmarc/opensearch.html
index 8d2b4c5..530af72 100644
--- a/_modules/parsedmarc/opensearch.html
+++ b/_modules/parsedmarc/opensearch.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc.opensearch &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc.opensearch &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../../_static/jquery.js?v=5d32c60e"></script>
       <script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../../_static/doctools.js?v=9bcbadda"></script>
       <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../../_static/js/theme.js"></script>
diff --git a/_modules/parsedmarc/splunk.html b/_modules/parsedmarc/splunk.html
index 770e786..65e1c4f 100644
--- a/_modules/parsedmarc/splunk.html
+++ b/_modules/parsedmarc/splunk.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc.splunk &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc.splunk &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../../_static/jquery.js?v=5d32c60e"></script>
       <script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../../_static/doctools.js?v=9bcbadda"></script>
       <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../../_static/js/theme.js"></script>
diff --git a/_modules/parsedmarc/utils.html b/_modules/parsedmarc/utils.html
index b67620c..d3e19a3 100644
--- a/_modules/parsedmarc/utils.html
+++ b/_modules/parsedmarc/utils.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc.utils &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc.utils &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=e59714d7" />
 
   
       <script src="../../_static/jquery.js?v=5d32c60e"></script>
       <script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="../../_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="../../_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="../../_static/doctools.js?v=9bcbadda"></script>
       <script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="../../_static/js/theme.js"></script>
diff --git a/_sources/usage.md.txt b/_sources/usage.md.txt
index 3bd0487..81f0fa5 100644
--- a/_sources/usage.md.txt
+++ b/_sources/usage.md.txt
@@ -166,6 +166,9 @@ The full set of configuration options are:
   - `check_timeout` - int: Number of seconds to wait for a IMAP
       IDLE response or the number of seconds until the next
       mail check (Default: `30`)
+  - `since` - str: Search for messages since certain time. (Examples: `5m|3h|2d|1w`) 
+      Acceptable units - {"m":"minutes", "h":"hours", "d":"days", "w":"weeks"}). 
+      Defaults to `1d` if incorrect value is provided.
 - `imap`
   - `host` - str: The IMAP server hostname or IP address
   - `port` - int: The IMAP server port (Default: `993`)
diff --git a/_static/documentation_options.js b/_static/documentation_options.js
index dd93aab..a00b9b0 100644
--- a/_static/documentation_options.js
+++ b/_static/documentation_options.js
@@ -1,5 +1,5 @@
 const DOCUMENTATION_OPTIONS = {
-    VERSION: '8.15.4',
+    VERSION: '8.16.1',
     LANGUAGE: 'en',
     COLLAPSE_INDEX: false,
     BUILDER: 'html',
diff --git a/api.html b/api.html
index d1a6493..382224f 100644
--- a/api.html
+++ b/api.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>API reference &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>API reference &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
@@ -254,7 +254,7 @@ file-like object, or bytes.</p>
 
 <dl class="py function">
 <dt class="sig sig-object py" id="parsedmarc.get_dmarc_reports_from_mailbox">
-<span class="sig-prename descclassname"><span class="pre">parsedmarc.</span></span><span class="sig-name descname"><span class="pre">get_dmarc_reports_from_mailbox</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">connection</span></span><span class="p"><span class="pre">:</span></span><span class="w"> </span><span class="n"><span class="pre">MailboxConnection</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reports_folder</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'INBOX'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">archive_folder</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'Archive'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">delete</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">test</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">ip_db_path</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">always_use_local_files</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reverse_dns_map_path</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reverse_dns_map_url</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">offline</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">nameservers</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">dns_timeout</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">6.0</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">strip_attachment_payloads</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">results</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">batch_size</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">10</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">create_folders</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">True</span></span></em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#get_dmarc_reports_from_mailbox"><span class="viewcode-link"><span class="pre">[source]</span></span></a><a class="headerlink" href="#parsedmarc.get_dmarc_reports_from_mailbox" title="Link to this definition"></a></dt>
+<span class="sig-prename descclassname"><span class="pre">parsedmarc.</span></span><span class="sig-name descname"><span class="pre">get_dmarc_reports_from_mailbox</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">connection</span></span><span class="p"><span class="pre">:</span></span><span class="w"> </span><span class="n"><span class="pre">MailboxConnection</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reports_folder</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'INBOX'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">archive_folder</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'Archive'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">delete</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">test</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">ip_db_path</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">always_use_local_files</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reverse_dns_map_path</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">reverse_dns_map_url</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">offline</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">nameservers</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">dns_timeout</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">6.0</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">strip_attachment_payloads</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">results</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">batch_size</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">10</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">since</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">create_folders</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">True</span></span></em><span class="sig-paren">)</span><a class="reference internal" href="_modules/parsedmarc.html#get_dmarc_reports_from_mailbox"><span class="viewcode-link"><span class="pre">[source]</span></span></a><a class="headerlink" href="#parsedmarc.get_dmarc_reports_from_mailbox" title="Link to this definition"></a></dt>
 <dd><p>Fetches and parses DMARC reports from a mailbox</p>
 <dl class="field-list simple">
 <dt class="field-odd">Parameters<span class="colon">:</span></dt>
@@ -276,6 +276,8 @@ forensic report results</p></li>
 <li><p><strong>results</strong> (<em>dict</em>) – Results from the previous run</p></li>
 <li><p><strong>batch_size</strong> (<em>int</em>) – Number of messages to read and process before saving
 (use 0 for no limit)</p></li>
+<li><p><strong>since</strong> – Search for messages since certain time
+(units - {“m”:”minutes”, “h”:”hours”, “d”:”days”, “w”:”weeks”})</p></li>
 <li><p><strong>create_folders</strong> (<em>bool</em>) – Whether to create the destination folders
 (not used in watch)</p></li>
 </ul>
diff --git a/contributing.html b/contributing.html
index faf263c..abbb746 100644
--- a/contributing.html
+++ b/contributing.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Contributing to parsedmarc &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Contributing to parsedmarc &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/davmail.html b/davmail.html
index 60fd053..4528104 100644
--- a/davmail.html
+++ b/davmail.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Accessing an inbox using OWA/EWS &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Accessing an inbox using OWA/EWS &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/dmarc.html b/dmarc.html
index 9384351..62d0feb 100644
--- a/dmarc.html
+++ b/dmarc.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Understanding DMARC &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Understanding DMARC &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/elasticsearch.html b/elasticsearch.html
index c70e38a..b01721b 100644
--- a/elasticsearch.html
+++ b/elasticsearch.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Elasticsearch and Kibana &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Elasticsearch and Kibana &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/genindex.html b/genindex.html
index 2d5c4c3..9f35d18 100644
--- a/genindex.html
+++ b/genindex.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Index &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Index &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/index.html b/index.html
index b0129c7..13c50bf 100644
--- a/index.html
+++ b/index.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>parsedmarc documentation - Open source DMARC report analyzer and visualizer &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>parsedmarc documentation - Open source DMARC report analyzer and visualizer &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/installation.html b/installation.html
index 4d147e2..0705ced 100644
--- a/installation.html
+++ b/installation.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Installation &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Installation &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/kibana.html b/kibana.html
index 6cefa85..21e4d7a 100644
--- a/kibana.html
+++ b/kibana.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Using the Kibana dashboards &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Using the Kibana dashboards &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/mailing-lists.html b/mailing-lists.html
index 3b794d0..f0a9350 100644
--- a/mailing-lists.html
+++ b/mailing-lists.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>What about mailing lists? &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>What about mailing lists? &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/objects.inv b/objects.inv
index b393ab9..2c9c937 100644
Binary files a/objects.inv and b/objects.inv differ
diff --git a/opensearch.html b/opensearch.html
index ba9c572..de159cf 100644
--- a/opensearch.html
+++ b/opensearch.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>OpenSearch and Grafana &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>OpenSearch and Grafana &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/output.html b/output.html
index 3e70c7c..b59604e 100644
--- a/output.html
+++ b/output.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Sample outputs &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Sample outputs &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/py-modindex.html b/py-modindex.html
index 52e4b52..336415b 100644
--- a/py-modindex.html
+++ b/py-modindex.html
@@ -5,14 +5,14 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Python Module Index &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Python Module Index &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/search.html b/search.html
index bb9e97e..1e944cc 100644
--- a/search.html
+++ b/search.html
@@ -5,7 +5,7 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Search &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Search &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
@@ -13,7 +13,7 @@
     
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/searchindex.js b/searchindex.js
index d82e806..5e85e90 100644
--- a/searchindex.js
+++ b/searchindex.js
@@ -1 +1 @@
-Search.setIndex({"alltitles": {"API reference": [[0, null]], "Accessing an inbox using OWA/EWS": [[2, null]], "Bug reports": [[1, "bug-reports"]], "CLI help": [[12, "cli-help"]], "CSV aggregate report": [[10, "csv-aggregate-report"]], "CSV forensic report": [[10, "csv-forensic-report"]], "Configuration file": [[12, "configuration-file"]], "Configuring parsedmarc for DavMail": [[2, "configuring-parsedmarc-for-davmail"]], "Contents": [[5, null]], "Contributing to parsedmarc": [[1, null]], "DMARC Alignment Guide": [[3, "dmarc-alignment-guide"]], "DMARC Forensic Samples": [[7, "dmarc-forensic-samples"]], "DMARC Summary": [[7, "dmarc-summary"]], "DMARC guides": [[3, "dmarc-guides"]], "Do": [[3, "do"], [8, "do"]], "Do not": [[3, "do-not"], [8, "do-not"]], "Elasticsearch and Kibana": [[4, null]], "Features": [[5, "features"]], "Indices and tables": [[0, "indices-and-tables"]], "Installation": [[4, "installation"], [6, null], [9, "installation"]], "Installing parsedmarc": [[6, "installing-parsedmarc"]], "JSON SMTP TLS report": [[10, "json-smtp-tls-report"]], "JSON aggregate report": [[10, "json-aggregate-report"]], "JSON forensic report": [[10, "json-forensic-report"]], "LISTSERV": [[3, "listserv"], [8, "listserv"]], "Lookalike domains": [[3, "lookalike-domains"]], "Mailing list best practices": [[3, "mailing-list-best-practices"], [8, "mailing-list-best-practices"]], "Mailman 2": [[3, "mailman-2"], [3, "id1"], [8, "mailman-2"], [8, "id1"]], "Mailman 3": [[3, "mailman-3"], [3, "id2"], [8, "mailman-3"], [8, "id2"]], "OpenSearch and Grafana": [[9, null]], "Optional dependencies": [[6, "optional-dependencies"]], "Prerequisites": [[6, "prerequisites"]], "Records retention": [[4, "records-retention"], [9, "records-retention"]], "Resources": [[3, "resources"]], "Running DavMail as a systemd service": [[2, "running-davmail-as-a-systemd-service"]], "Running parsedmarc as a systemd service": [[12, "running-parsedmarc-as-a-systemd-service"]], "SPF and DMARC record validation": [[3, "spf-and-dmarc-record-validation"]], "Sample aggregate report output": [[10, "sample-aggregate-report-output"]], "Sample forensic report output": [[10, "sample-forensic-report-output"]], "Sample outputs": [[10, null]], "Splunk": [[11, null]], "Testing multiple report analyzers": [[6, "testing-multiple-report-analyzers"]], "Understanding DMARC": [[3, null]], "Upgrading Kibana index patterns": [[4, "upgrading-kibana-index-patterns"]], "Using Microsoft Exchange": [[6, "using-microsoft-exchange"]], "Using a web proxy": [[6, "using-a-web-proxy"]], "Using parsedmarc": [[12, null]], "Using the Kibana dashboards": [[7, null]], "What about mailing lists?": [[3, "what-about-mailing-lists"], [8, null]], "What if a sender won\u2019t support DKIM/DMARC?": [[3, "what-if-a-sender-wont-support-dkim-dmarc"]], "Workarounds": [[3, "workarounds"], [8, "workarounds"]], "geoipupdate setup": [[6, "geoipupdate-setup"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc documentation - Open source DMARC report analyzer and visualizer": [[5, null]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]]}, "docnames": ["api", "contributing", "davmail", "dmarc", "elasticsearch", "index", "installation", "kibana", "mailing-lists", "opensearch", "output", "splunk", "usage"], "envversion": {"sphinx": 64, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.todo": 2, "sphinx.ext.viewcode": 1}, "filenames": ["api.md", "contributing.md", "davmail.md", "dmarc.md", "elasticsearch.md", "index.md", "installation.md", "kibana.md", "mailing-lists.md", "opensearch.md", "output.md", "splunk.md", "usage.md"], "indexentries": {"alreadysaved": [[0, "parsedmarc.elastic.AlreadySaved", false], [0, "parsedmarc.opensearch.AlreadySaved", false]], "convert_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.convert_outlook_msg", false]], "create_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.create_indexes", false]], "create_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.create_indexes", false]], "decode_base64() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.decode_base64", false]], "downloaderror": [[0, "parsedmarc.utils.DownloadError", false]], "elasticsearcherror": [[0, "parsedmarc.elastic.ElasticsearchError", false]], "email_results() (in module parsedmarc)": [[0, "parsedmarc.email_results", false]], "emailparsererror": [[0, "parsedmarc.utils.EmailParserError", false]], "extract_report() (in module parsedmarc)": [[0, "parsedmarc.extract_report", false]], "extract_report_from_file_path() (in module parsedmarc)": [[0, "parsedmarc.extract_report_from_file_path", false]], "get_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_base_domain", false]], "get_dmarc_reports_from_mailbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mailbox", false]], "get_dmarc_reports_from_mbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mbox", false]], "get_filename_safe_string() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_filename_safe_string", false]], "get_ip_address_country() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_country", false]], "get_ip_address_info() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_info", false]], "get_report_zip() (in module parsedmarc)": [[0, "parsedmarc.get_report_zip", false]], "get_reverse_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_reverse_dns", false]], "get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_service_from_reverse_dns_base_domain", false]], "hecclient (class in parsedmarc.splunk)": [[0, "parsedmarc.splunk.HECClient", false]], "human_timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_datetime", false]], "human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_unix_timestamp", false]], "invalidaggregatereport": [[0, "parsedmarc.InvalidAggregateReport", false]], "invaliddmarcreport": [[0, "parsedmarc.InvalidDMARCReport", false]], "invalidforensicreport": [[0, "parsedmarc.InvalidForensicReport", false]], "invalidsmtptlsreport": [[0, "parsedmarc.InvalidSMTPTLSReport", false]], "is_mbox() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_mbox", false]], "is_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_outlook_msg", false]], "migrate_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.migrate_indexes", false]], "migrate_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.migrate_indexes", false]], "module": [[0, "module-parsedmarc", false], [0, "module-parsedmarc.elastic", false], [0, "module-parsedmarc.opensearch", false], [0, "module-parsedmarc.splunk", false], [0, "module-parsedmarc.utils", false]], "opensearcherror": [[0, "parsedmarc.opensearch.OpenSearchError", false]], "parse_aggregate_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_file", false]], "parse_aggregate_report_xml() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_xml", false]], "parse_email() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.parse_email", false]], "parse_forensic_report() (in module parsedmarc)": [[0, "parsedmarc.parse_forensic_report", false]], "parse_report_email() (in module parsedmarc)": [[0, "parsedmarc.parse_report_email", false]], "parse_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_report_file", false]], "parse_smtp_tls_report_json() (in module parsedmarc)": [[0, "parsedmarc.parse_smtp_tls_report_json", false]], "parsed_aggregate_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv", false]], "parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv_rows", false]], "parsed_forensic_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv", false]], "parsed_forensic_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv_rows", false]], "parsed_smtp_tls_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv", false]], "parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv_rows", false]], "parsedmarc": [[0, "module-parsedmarc", false]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic", false]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch", false]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk", false]], "parsedmarc.utils": [[0, "module-parsedmarc.utils", false]], "parsererror": [[0, "parsedmarc.ParserError", false]], "query_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.query_dns", false]], "save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_aggregate_report_to_elasticsearch", false]], "save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_aggregate_report_to_opensearch", false]], "save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk", false]], "save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_forensic_report_to_elasticsearch", false]], "save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_forensic_report_to_opensearch", false]], "save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk", false]], "save_output() (in module parsedmarc)": [[0, "parsedmarc.save_output", false]], "save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch", false]], "save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_smtp_tls_report_to_opensearch", false]], "save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk", false]], "set_hosts() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.set_hosts", false]], "set_hosts() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.set_hosts", false]], "splunkerror": [[0, "parsedmarc.splunk.SplunkError", false]], "timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_datetime", false]], "timestamp_to_human() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_human", false]], "watch_inbox() (in module parsedmarc)": [[0, "parsedmarc.watch_inbox", false]]}, "objects": {"": [[0, 0, 0, "-", "parsedmarc"]], "parsedmarc": [[0, 1, 1, "", "InvalidAggregateReport"], [0, 1, 1, "", "InvalidDMARCReport"], [0, 1, 1, "", "InvalidForensicReport"], [0, 1, 1, "", "InvalidSMTPTLSReport"], [0, 1, 1, "", "ParserError"], [0, 0, 0, "-", "elastic"], [0, 2, 1, "", "email_results"], [0, 2, 1, "", "extract_report"], [0, 2, 1, "", "extract_report_from_file_path"], [0, 2, 1, "", "get_dmarc_reports_from_mailbox"], [0, 2, 1, "", "get_dmarc_reports_from_mbox"], [0, 2, 1, "", "get_report_zip"], [0, 0, 0, "-", "opensearch"], [0, 2, 1, "", "parse_aggregate_report_file"], [0, 2, 1, "", "parse_aggregate_report_xml"], [0, 2, 1, "", "parse_forensic_report"], [0, 2, 1, "", "parse_report_email"], [0, 2, 1, "", "parse_report_file"], [0, 2, 1, "", "parse_smtp_tls_report_json"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv_rows"], [0, 2, 1, "", "parsed_forensic_reports_to_csv"], [0, 2, 1, "", "parsed_forensic_reports_to_csv_rows"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv_rows"], [0, 2, 1, "", "save_output"], [0, 0, 0, "-", "splunk"], [0, 0, 0, "-", "utils"], [0, 2, 1, "", "watch_inbox"]], "parsedmarc.elastic": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "ElasticsearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_elasticsearch"], [0, 2, 1, "", "save_forensic_report_to_elasticsearch"], [0, 2, 1, "", "save_smtp_tls_report_to_elasticsearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.opensearch": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "OpenSearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_opensearch"], [0, 2, 1, "", "save_forensic_report_to_opensearch"], [0, 2, 1, "", "save_smtp_tls_report_to_opensearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.splunk": [[0, 3, 1, "", "HECClient"], [0, 1, 1, "", "SplunkError"]], "parsedmarc.splunk.HECClient": [[0, 4, 1, "", "save_aggregate_reports_to_splunk"], [0, 4, 1, "", "save_forensic_reports_to_splunk"], [0, 4, 1, "", "save_smtp_tls_reports_to_splunk"]], "parsedmarc.utils": [[0, 1, 1, "", "DownloadError"], [0, 1, 1, "", "EmailParserError"], [0, 2, 1, "", "convert_outlook_msg"], [0, 2, 1, "", "decode_base64"], [0, 2, 1, "", "get_base_domain"], [0, 2, 1, "", "get_filename_safe_string"], [0, 2, 1, "", "get_ip_address_country"], [0, 2, 1, "", "get_ip_address_info"], [0, 2, 1, "", "get_reverse_dns"], [0, 2, 1, "", "get_service_from_reverse_dns_base_domain"], [0, 2, 1, "", "human_timestamp_to_datetime"], [0, 2, 1, "", "human_timestamp_to_unix_timestamp"], [0, 2, 1, "", "is_mbox"], [0, 2, 1, "", "is_outlook_msg"], [0, 2, 1, "", "parse_email"], [0, 2, 1, "", "query_dns"], [0, 2, 1, "", "timestamp_to_datetime"], [0, 2, 1, "", "timestamp_to_human"]]}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "exception", "Python exception"], "2": ["py", "function", "Python function"], "3": ["py", "class", "Python class"], "4": ["py", "method", "Python method"]}, "objtypes": {"0": "py:module", "1": "py:exception", "2": "py:function", "3": "py:class", "4": "py:method"}, "terms": {"": [0, 2, 3, 4, 6, 8, 10, 12], "0": [0, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12], "00": 10, "003": 10, "00z": 10, "00z_exampl": 10, "01": 10, "0200": 10, "0240": 10, "04": 10, "08": 10, "09": 10, "09t00": 10, "09t23": 10, "1": [0, 2, 4, 5, 6, 10, 12], "10": [0, 6, 10, 12], "100": [10, 12], "1000": 12, "11": [6, 10], "1143": 2, "12201": 12, "127": [2, 4, 12], "150": 10, "16": [3, 8], "173": 10, "176": 10, "19": 10, "1g": 4, "2": [0, 4, 10, 12], "20": 10, "2000": 12, "201": 10, "2010": [6, 10], "2012": 10, "2013": 6, "2016": 6, "2017a": [3, 8], "2018": 10, "2019": 6, "2024": 10, "208": 10, "209": 10, "21": 6, "212": 10, "22": 6, "222": 10, "2369": [3, 8], "241": 10, "25": 12, "27": 10, "28": 10, "2919": [3, 8], "2k": 12, "3": [6, 10, 11, 12], "30": [0, 12], "300": 2, "30937": 10, "30th": 6, "3128": 6, "365": [2, 4], "38": 10, "3d": 10, "4": [4, 6, 11], "4096": 4, "41": 10, "5": [2, 4, 9], "514": 12, "5601": 4, "59": 10, "59z": 10, "5m": [2, 12], "6": [0, 4, 6, 12], "60": [0, 12], "660": 4, "7": [4, 6], "72": 10, "7480": 10, "8": [2, 4, 6, 10, 12], "8080": 12, "822": 0, "85": 10, "86400": 10, "9": 6, "9200": [4, 12], "932": 12, "9391651994964116463": 10, "94": 10, "993": 12, "A": [0, 3, 12], "And": 0, "As": [4, 7], "Be": 6, "By": [7, 12], "For": [4, 12], "If": [0, 3, 4, 6, 7, 8, 12], "In": [2, 3, 7, 8, 12], "It": [2, 4, 7, 10, 12], "No": [3, 8], "On": [3, 4, 6, 7, 8], "Or": [4, 6], "That": 7, "The": [0, 3, 6, 7, 11, 12], "Then": [2, 3, 4, 6, 8, 12], "These": 7, "To": [2, 4, 6, 7, 9, 10, 12], "With": 7, "_cluster": 12, "_input": 0, "abl": 6, "about": [0, 5, 6], "abov": [2, 12], "accept": [3, 4, 8], "access": [0, 4, 5, 6, 12], "access_key_id": 12, "access_token": 0, "accessright": 12, "accident": [3, 8], "account": [6, 7], "acm": 10, "acquir": 12, "across": 7, "action": [3, 8], "activ": [4, 6], "active_primary_shard": 12, "active_shard": 12, "actual": [3, 10], "ad": [3, 6, 8, 12], "add": [2, 3, 4, 6, 7, 8, 12], "addit": [3, 8], "address": [0, 2, 3, 4, 7, 8, 10, 12], "addresse": 7, "adkim": 10, "admin": [3, 8, 12], "administr": [3, 8], "adsl": 10, "after": [0, 2, 4, 12], "against": [3, 8], "agari": 5, "agent": 4, "aggreg": [0, 5, 7, 11, 12], "aggregate_csv_filenam": [0, 12], "aggregate_index": 0, "aggregate_json_filenam": [0, 12], "aggregate_report": 0, "aggregate_top": 12, "aggregate_url": 12, "align": [5, 7, 10], "aliv": 0, "all": [3, 5, 7, 8, 11, 12], "allow": [2, 3, 8, 12], "allow_unencrypted_storag": 12, "allowremot": 2, "alreadysav": 0, "also": [2, 3, 7, 8, 12], "alter": [3, 8], "altern": [5, 12], "although": 11, "alwai": [0, 2, 4, 12], "always_use_local_fil": [0, 12], "an": [0, 3, 5, 7, 8, 10, 12], "analyz": 12, "ani": [0, 3, 7, 8, 12], "anonym": 10, "anoth": [6, 12], "answer": [0, 12], "apach": 5, "api": [2, 4, 5, 12], "apikei": [0, 12], "app": 12, "appear": 12, "appendix": 10, "appid": 12, "appli": 12, "applic": 12, "applicationaccesspolici": 12, "approach": 12, "approxim": 2, "apt": [2, 4, 6], "ar": [0, 2, 3, 4, 6, 7, 8, 10, 12], "archiv": [0, 12], "archive_fold": [0, 12], "argument": 12, "arriv": 12, "arrival_d": 10, "arrival_date_utc": 10, "artifact": 4, "ask": 3, "asmx": 2, "asn": 6, "aspf": 10, "assign": 4, "assist": 5, "associ": 0, "attach": [0, 3, 8, 10, 12], "attachment_filenam": 0, "attribut": 6, "auth": [2, 10, 12], "auth_failur": 10, "auth_method": 12, "auth_result": 10, "authent": [0, 2, 3, 4, 7, 12], "authentication_mechan": 10, "authentication_result": 10, "auto": 2, "avoid": 7, "azur": 12, "b": [6, 10], "b2c": 7, "back": 12, "base": [0, 2, 3, 4, 7, 8, 10], "base64": 0, "base_domain": [0, 10], "basic": [2, 12], "batch_siz": [0, 12], "bcc": [0, 10], "bd6e1bb5": 10, "becaus": [2, 3, 7, 8, 12], "been": [7, 12], "befor": [0, 12], "begin_d": 10, "behind": 6, "being": 0, "bellsouth": 10, "below": [3, 8, 12], "best": 7, "between": [4, 7], "bin": [2, 4, 6, 12], "binari": 0, "bind": 2, "bindaddress": 2, "blank": [3, 8], "block": [2, 12], "bodi": [0, 3, 8, 10, 12], "bool": [0, 12], "brand": [5, 7], "break": [3, 4, 8], "browser": 4, "bucket": 12, "bug": 5, "build": 6, "built": 0, "busi": 7, "buster": 6, "button": [3, 8], "byte": 0, "c": [10, 12], "ca": 4, "cach": [0, 12], "call": [7, 12], "callabl": 0, "callback": 0, "came": [3, 8], "can": [0, 2, 3, 4, 5, 6, 7, 8, 12], "cannot": 6, "case": [2, 3, 8], "caus": [3, 4, 7, 8], "cc": [0, 10], "center": 7, "cento": [4, 6], "cert": 4, "cert_path": 12, "certif": [0, 4, 12], "cest": 10, "chain": 0, "chang": [4, 7, 11, 12], "charact": [2, 12], "charset": 10, "chart": 7, "check": [0, 2, 3, 4, 6, 12], "check_timeout": [0, 12], "checkbox": 4, "checkdmarc": 3, "chines": 7, "chmod": [2, 4, 12], "choos": [3, 8], "chown": [2, 12], "cisco": 12, "citi": 6, "class": 0, "cli": 5, "click": [4, 7], "client": [2, 3, 4, 8, 12], "client_id": 12, "client_secret": 12, "clientsecret": 12, "clientsotimeout": 2, "cloudflar": [0, 12], "cluster": [4, 12], "co": 4, "code": [0, 4, 5], "collect": [7, 12], "collector": [11, 12], "com": [1, 2, 3, 8, 9, 10, 12], "come": 7, "comma": [6, 12], "command": [2, 3, 8, 12], "comment": 12, "commerci": [4, 5], "common": [3, 4, 6, 8], "commun": [3, 8], "complet": [3, 4], "compli": [3, 4, 6, 8, 9], "compliant": [3, 8], "compon": 6, "compress": 5, "conf": 6, "config": [2, 6, 12], "config_fil": 12, "configur": [3, 4, 5, 6, 7, 8, 9], "conform": 4, "connect": [0, 2, 4, 12], "connexion": 4, "consid": [5, 7], "consist": [0, 5, 10], "consol": [4, 12], "consolid": 7, "consum": 7, "contact": 7, "contain": [0, 7, 11, 12], "content": [0, 3, 8, 10, 11], "contrib": 6, "contribut": 5, "contributor": 5, "control": 4, "convert": [0, 3, 8], "convert_outlook_msg": 0, "copi": [0, 6, 11], "core": [3, 8], "correct": 6, "correctli": 7, "could": [3, 4, 8, 12], "count": [2, 10], "countri": [0, 6, 7, 10], "crash": [2, 4, 12], "creat": [0, 2, 3, 4, 6, 8, 12], "create_fold": 0, "create_index": 0, "creativ": 6, "credenti": [6, 12], "credentials_fil": 12, "cron": 6, "crt": 4, "csr": 4, "csv": [0, 5, 12], "cumul": 6, "current": [2, 4, 12], "custom": [7, 12], "d": 4, "daemon": [2, 4, 12], "dai": [4, 9, 12], "daili": [0, 12], "dashboard": [4, 5, 9, 11], "dat": 0, "data": [0, 4, 5, 7, 9, 11, 12], "databas": 6, "date": [0, 3, 8, 10], "date_utc": 10, "datetim": 0, "davmail": 5, "db_path": 0, "dbip": [0, 12], "dce": 12, "dcr": 12, "dcr_aggregate_stream": 12, "dcr_forensic_stream": 12, "dcr_immutable_id": 12, "dcr_smtp_tls_stream": 12, "dd": 0, "de": 10, "dearmor": 4, "deb": 4, "debian": [4, 6], "debug": 12, "decemb": 6, "decod": 0, "decode_base64": 0, "default": [0, 2, 4, 6, 7, 12], "defens": 5, "delai": [2, 10], "deleg": 12, "delet": [0, 2, 4, 12], "delivery_result": 10, "demystifi": 3, "depend": [4, 5, 12], "deploi": [3, 8], "describ": 12, "descript": [2, 6, 12], "destin": 0, "detail": [6, 7], "dev": [6, 12], "devel": 6, "develop": 5, "devicecod": 12, "di": 10, "dict": 0, "dictionari": 0, "differ": [6, 7, 12], "digest": [3, 8], "directori": [0, 12], "disabl": [2, 12], "disclaim": [3, 8], "displai": [3, 7, 11], "display_nam": 10, "disposit": [7, 10], "distribut": 6, "dkim": [5, 7, 8, 10], "dkim_align": 10, "dkim_domain": 10, "dkim_result": 10, "dkim_selector": 10, "dkm": 3, "dmarc": [0, 4, 6, 8, 9, 10, 11, 12], "dmarc_aggreg": 4, "dmarc_align": 10, "dmarc_forens": 4, "dmarc_moderation_act": [3, 8], "dmarc_none_moderation_act": [3, 8], "dmarc_quarantine_moderation_act": [3, 8], "dmarcian": 5, "dmarcresport": 12, "dn": [0, 3, 7, 12], "dnf": 6, "dns_test_address": 12, "dns_timeout": [0, 12], "do": [0, 2, 6, 7, 12], "doc": 9, "doctyp": 10, "document": [2, 12], "doe": [3, 8], "domain": [0, 4, 7, 8, 10], "domainawar": [1, 3, 12], "don": 3, "down": 7, "download": [0, 2, 4, 6, 12], "downloaderror": 0, "draft": [5, 10], "dtd": 10, "dummi": 12, "dure": 2, "e": [0, 2, 3, 4, 6, 8, 12], "e7": 10, "each": [4, 6, 9, 11], "earlier": 7, "easi": [4, 9], "easier": 11, "echo": 4, "edit": [2, 6, 12], "editor": 11, "effici": 4, "either": 12, "elast": [4, 5], "elasticsearch": [0, 5, 12], "elasticsearcherror": 0, "els": 4, "email": [0, 3, 5, 6, 7, 8, 10, 11, 12], "email_result": 0, "emailparsererror": 0, "empti": [3, 8], "en": [3, 4, 8, 10], "enabl": [2, 4, 12], "enableew": 2, "enablekeepal": 2, "enableproxi": 2, "encod": [0, 10, 12], "encount": 0, "encrypt": [4, 12], "encryptedsavedobject": 4, "encryptionkei": 4, "end": [3, 4], "end_dat": 10, "endpoint": 12, "endpoint_url": 12, "enforc": [3, 8], "enrol": 4, "ensur": [3, 6, 8], "entir": [3, 7, 8], "envelop": 3, "envelope_from": 10, "envelope_to": 10, "environ": 6, "error": [0, 10, 12], "escap": 12, "especi": 7, "etc": [2, 3, 4, 6, 8, 12], "even": [2, 3, 8, 12], "event": [2, 11, 12], "everi": [2, 6, 12], "ew": 5, "exactli": [3, 8], "exampl": [3, 4, 6, 8, 10, 12], "except": [0, 12], "exchang": [2, 10, 12], "exclud": 2, "execstart": [2, 12], "exist": [0, 3, 4, 8], "exit": 12, "expiringdict": 0, "explain": [3, 8], "explicit": [3, 8], "explicitli": 6, "export": 4, "extract": [0, 2], "extract_report": 0, "extract_report_from_file_path": 0, "ey": [2, 12], "f": 4, "factor": 2, "fail": [0, 3, 7, 8, 10, 12], "failed_session_count": 10, "failur": [5, 7, 10, 12], "failure_detail": 10, "fall": 12, "fallback": 6, "fals": [0, 2, 6, 10, 12], "fantast": [3, 8], "faster": 12, "featur": 4, "feedback": 0, "feedback_report": 0, "feedback_typ": 10, "fetch": [0, 12], "few": [7, 12], "field": 4, "file": [0, 2, 5, 6, 11], "file_path": [0, 12], "filenam": [0, 12], "filename_safe_subject": 10, "fill": [4, 6], "filter": [3, 7, 8, 11], "financ": 12, "find": [3, 7, 8], "fine": [3, 8], "first": [3, 6, 8, 12], "first_strip_reply_to": [3, 8], "fit": [3, 8], "fix": 4, "flag": [0, 2], "flat": 0, "flexibl": 11, "flight": 12, "float": [0, 12], "fo": 10, "folder": [0, 2, 12], "foldersizelimit": 2, "follow": [2, 4], "footer": [3, 8], "forens": [0, 5, 11, 12], "forensic_csv_filenam": [0, 12], "forensic_index": 0, "forensic_json_filenam": [0, 12], "forensic_report": 0, "forensic_top": 12, "forensic_url": 12, "format": [0, 6], "forward": [3, 7, 8], "found": [0, 6, 12], "foundat": 10, "fqdn": 4, "fraud": 5, "free": 6, "friendli": 7, "from": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "from_is_list": [3, 8], "ftp_proxi": 6, "full": 12, "fulli": [3, 8], "function": 0, "further": 7, "g": [2, 3, 4, 8, 12], "gatewai": 2, "gb": 4, "gdpr": [4, 9], "gelf": 12, "gener": [3, 4, 6, 8, 10, 12], "geoip": 6, "geolite2": 6, "geoloc": [0, 12], "get": [0, 2, 4, 6, 12], "get_base_domain": 0, "get_dmarc_reports_from_mailbox": 0, "get_dmarc_reports_from_mbox": 0, "get_filename_safe_str": 0, "get_ip_address_countri": 0, "get_ip_address_info": 0, "get_report_zip": 0, "get_reverse_dn": 0, "get_service_from_reverse_dns_base_domain": 0, "github": [1, 6, 10, 12], "give": [0, 4], "given": [0, 12], "glass": 7, "gmail": [5, 7, 12], "gmail_api": 12, "go": [3, 8], "goe": [3, 8], "googl": [7, 12], "googleapi": 12, "got": 12, "gpg": 4, "grafana": 5, "grant": 12, "graph": [2, 5, 7, 12], "group": [2, 7, 12], "guid": [4, 5], "gzip": [0, 5], "h": 12, "ha": [4, 7, 12], "hamburg": 4, "hand": [3, 8], "handl": [5, 12], "has_defect": 10, "have": [3, 4, 6, 7, 8, 11, 12], "head": 10, "header": [0, 3, 7, 8, 10, 12], "header_from": 10, "headless": 2, "health": 12, "healthcar": 12, "heap": 4, "heavi": 4, "hec": [0, 11, 12], "hecclient": 0, "hectokengoesher": 12, "help": 5, "here": [3, 8, 10, 12], "hh": 0, "hi": [3, 8], "high": 7, "higher": [3, 8], "highli": 12, "hop": 10, "host": [0, 2, 3, 4, 5, 8, 12], "hostnam": [0, 12], "hover": 7, "how": 5, "howev": 6, "href": 10, "html": [3, 4, 8, 10], "http": [0, 1, 2, 3, 4, 6, 8, 9, 10, 11, 12], "http_proxi": 6, "https_proxi": 6, "human": [0, 7], "human_timestamp": 0, "human_timestamp_to_datetim": 0, "human_timestamp_to_unix_timestamp": 0, "i": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "icon": 7, "id": [3, 8, 10, 12], "ideal": [3, 8], "ident": [3, 8, 12], "identifi": 10, "idl": [0, 2, 12], "imap": [0, 2, 5, 12], "imapalwaysapproxmsgs": 2, "imapautoexpung": 2, "imapidledelai": 2, "imapport": 2, "immedi": 2, "immut": 12, "impli": 12, "import": [4, 7], "improv": 12, "inbox": [0, 3, 5, 8, 12], "inc": 10, "includ": [0, 3, 6, 7, 8, 12], "include_list_post_head": [3, 8], "include_rfc2369_head": [3, 8], "include_sender_head": [3, 8], "include_spam_trash": 12, "incom": [7, 12], "increas": [4, 12], "index": [0, 5, 9, 11, 12], "index_prefix": [0, 12], "index_suffix": [0, 12], "indic": [3, 5], "individu": 12, "industri": 12, "inform": [0, 4, 6, 7, 12], "ingest": 12, "ini": [2, 12], "initi": 0, "input": 0, "input_": 0, "insid": 6, "instal": [2, 5, 12], "instanc": 12, "instead": [0, 3, 6, 8, 12], "int": [0, 12], "intend": [3, 8], "interact": [2, 4], "interakt": 10, "interfer": [3, 8], "intern": 6, "interv": 12, "invalid": 0, "invalidaggregatereport": 0, "invaliddmarcreport": 0, "invalidforensicreport": 0, "invalidsmtptlsreport": 0, "io": 12, "ip": [0, 3, 4, 6, 7, 12], "ip_address": [0, 10], "ip_db_path": [0, 6, 12], "ipdb": 6, "ipv4": 0, "ipv6": 0, "is_mbox": 0, "is_outlook_msg": 0, "iso": 0, "issu": [1, 5], "java": 2, "job": [3, 6, 8], "joe": [3, 8], "journalctl": [2, 12], "jre": 2, "json": [0, 5, 12], "just": 7, "jvm": 4, "kafka": [5, 12], "kb4099855": 6, "kb4134118": 6, "kb4295699": 6, "keep": 0, "keep_al": 0, "keepal": 2, "kei": [0, 3, 4, 6, 12], "keyout": 4, "keyr": 4, "keystor": 4, "kibana": [5, 11], "kind": 12, "know": 3, "known": [3, 7, 8, 12], "label": 12, "languag": [3, 8], "larg": 2, "larger": 12, "later": [4, 6, 12], "latest": [2, 4, 6, 9], "layer": 0, "layout": 11, "leak": 7, "least": [4, 6, 12], "leav": 3, "left": 7, "legal": [3, 8], "legitim": [7, 12], "level": [3, 4], "libemail": 6, "libxml2": 6, "libxslt": 6, "licens": 6, "like": [0, 3, 6, 8], "limit": [0, 2, 12], "line": [3, 8], "link": [3, 4, 7, 8], "linux": [3, 6, 8], "list": [0, 2, 4, 5, 7, 12], "listen": [2, 12], "lite": 6, "ll": [3, 8], "load": 4, "local": [0, 2, 4, 10, 12], "local_file_path": 0, "local_reverse_dns_map_path": 12, "localhost": 12, "locat": [6, 7, 12], "log": [2, 12], "log_analyt": 12, "log_fil": 12, "logger": 12, "login": 4, "logstash": 4, "long": 3, "longer": [3, 8], "look": [3, 7], "lookup": 0, "loopback": 2, "lot": 7, "lua": 10, "m": [0, 6, 10, 12], "m365": 12, "maco": 6, "magnifi": 7, "mai": [7, 12], "maidir": 12, "mail": [0, 5, 6, 10, 12], "mail_bcc": 0, "mail_cc": 0, "mail_from": 0, "mail_to": 0, "mailbox": [0, 7, 12], "mailbox_connect": 0, "mailboxconnect": 0, "maildir": 12, "maildir_cr": 12, "mailer": 10, "mailrelai": 10, "mailto": 6, "main": 4, "maintain": 5, "make": [0, 3, 4, 8, 9, 12], "malici": [7, 12], "manag": [4, 12], "manual": 12, "map": [0, 12], "market": 7, "match": [0, 4, 11], "max_ag": 10, "max_shards_per_nod": 12, "maximum": 4, "maxmind": [0, 6, 12], "mbox": [0, 12], "mechan": 3, "member": [3, 8], "mention": 7, "menu": [4, 7], "messag": [0, 2, 3, 4, 6, 7, 8, 10, 12], "message_id": 10, "meta": 10, "method": 12, "mfrom": 10, "microsoft": [2, 5, 10, 12], "might": [0, 3, 7, 8], "migrate_index": 0, "mime": 10, "minimum": 4, "minut": [2, 12], "mitig": [3, 8], "mkdir": 6, "mm": 0, "mmdb": [0, 12], "mobil": [3, 8], "mode": [2, 4, 10, 12], "modern": [2, 3, 8], "modifi": [3, 8, 12], "modul": [0, 5, 12], "mon": 10, "monitor": [3, 12], "monthli": [0, 12], "monthly_index": [0, 12], "more": [0, 4, 6, 11, 12], "most": [3, 4, 7, 8, 12], "mous": 7, "move": [0, 4, 12], "msg": [0, 6], "msg_byte": 0, "msg_date": 0, "msg_footer": [3, 8], "msg_header": [3, 8], "msgconvert": [0, 6], "msgraph": 12, "much": 12, "multi": [2, 12], "mung": [3, 8], "must": [2, 3, 8, 12], "mutual": 4, "mv": 4, "mx": 10, "my": 12, "n": [10, 12], "n_proc": 12, "name": [0, 3, 4, 7, 10, 11, 12], "nameserv": [0, 12], "nano": [2, 12], "navig": [3, 6, 8], "ncontent": 10, "ndate": 10, "ndjson": 4, "need": [2, 3, 4, 6, 7, 8, 12], "nelson": [3, 8], "net": [2, 10], "network": [2, 4, 12], "new": [0, 2, 3, 6, 7, 12], "newer": 6, "newest": [2, 12], "newkei": 4, "next": [0, 12], "nfrom": 10, "nmessag": 10, "nmime": 10, "node": 4, "non": [3, 8, 12], "none": [0, 3, 10, 12], "noproxyfor": 2, "norepli": [3, 10], "normal": [10, 12], "nosecureimap": 2, "notabl": 7, "now": [4, 7], "nsubject": 10, "nto": 10, "null": 10, "number": [0, 12], "number_of_replica": [0, 12], "number_of_shard": [0, 12], "nwettbewerb": 10, "nx": 10, "o": [2, 4, 12], "oauth2": 12, "oauth2_port": 12, "object": [0, 4], "observ": 7, "occur": [0, 7], "occurr": 11, "oct": 10, "offic": 2, "office365": 2, "offlin": [0, 12], "often": 7, "ol": [0, 6], "old": 7, "older": [6, 10], "oldest": [2, 12], "onc": 6, "ondmarc": 5, "one": [0, 3, 5, 8, 12], "onli": [2, 3, 6, 7, 8, 12], "onlin": [0, 2, 12], "oor": 0, "open": 3, "opendn": 12, "opensearch": [5, 12], "opensearcherror": 0, "openssl": 4, "opt": [2, 6, 12], "option": [0, 2, 3, 4, 5, 8, 11, 12], "order": 6, "ordereddict": 0, "org": [0, 6, 9, 10], "org_email": 10, "org_extra_contact_info": 10, "org_nam": 10, "organ": [2, 7, 12], "organization_nam": 10, "origin": [3, 8, 12], "original_envelope_id": 10, "original_mail_from": 10, "original_rcpt_to": 10, "other": [0, 3, 4, 7, 8], "our": 7, "out": [3, 4, 7], "outdat": 7, "outgo": [3, 8, 12], "outlook": [0, 2, 6], "output": [0, 5, 12], "output_directori": 0, "outsid": 12, "over": [2, 5, 7], "overrid": [0, 12], "overridden": 6, "overwrit": 4, "owa": 5, "own": [7, 11], "p": [3, 6, 10], "p12": 4, "pack": 4, "packag": [0, 4], "pad": 0, "page": [3, 4, 6, 7, 8], "paginate_messag": 12, "pan": 10, "parallel": 12, "paramet": 0, "parent": 7, "pars": [0, 3, 5, 6, 10, 12], "parse_aggregate_report_fil": 0, "parse_aggregate_report_xml": 0, "parse_email": 0, "parse_forensic_report": 0, "parse_report_email": 0, "parse_report_fil": 0, "parse_smtp_tls_report_json": 0, "parsed_aggregate_reports_to_csv": 0, "parsed_aggregate_reports_to_csv_row": 0, "parsed_forensic_reports_to_csv": 0, "parsed_forensic_reports_to_csv_row": 0, "parsed_sampl": 10, "parsed_smtp_tls_reports_to_csv": 0, "parsed_smtp_tls_reports_to_csv_row": 0, "parsedmarc": [4, 9, 10, 11], "parser": 0, "parsererror": 0, "part": [3, 4, 7, 8], "particular": 7, "particularli": [5, 12], "pass": [3, 7, 10], "passag": 7, "passsword": 12, "password": [0, 4, 6, 12], "past": [4, 11], "patch": 6, "path": [0, 4, 12], "pattern": [5, 7], "payload": [0, 12], "pct": 10, "per": 12, "percentag": 7, "perform": [2, 12], "period": 12, "perl": [0, 6], "permiss": [4, 12], "persist": 12, "peter": 10, "pie": 7, "pin": 5, "pip": 6, "place": [4, 7, 12], "plain": 0, "plaintext": [3, 8], "platform": [3, 8], "pleas": [1, 5, 12], "plu": 7, "polici": [3, 8, 10, 12], "policy_domain": 10, "policy_evalu": 10, "policy_override_com": 10, "policy_override_reason": 10, "policy_publish": 10, "policy_str": 10, "policy_typ": 10, "policyscopegroupid": 12, "poll": [2, 12], "port": [0, 2, 12], "posit": 12, "possibl": 12, "post": [3, 8, 12], "poster": [3, 8], "postoriu": [3, 8], "powershel": 12, "ppa": 6, "pre": [6, 12], "prefer": [2, 6], "prefix": [0, 3, 8, 12], "premad": [5, 11], "prerequisit": 5, "present": 12, "pretti": 12, "previou": [0, 2, 4, 12], "previous": [4, 7], "print": 12, "printabl": 10, "privaci": [3, 6, 7, 8, 12], "process": [0, 2, 5, 6, 12], "produc": 10, "program": 12, "programdata": 6, "project": [0, 2, 3, 5, 11], "prompt": 4, "proofpoint": 5, "properti": 2, "protect": [2, 3, 5, 8, 12], "provid": [4, 7], "prox": 6, "proxi": 2, "proxyhost": 2, "proxypassword": 2, "proxyport": 2, "proxyus": 2, "pry": [2, 12], "public": [0, 3, 10, 12], "public_suffix_list": 0, "publicbaseurl": 4, "publicsuffix": 0, "publish": 3, "put": [4, 12], "python": [0, 5, 6], "python3": 6, "python39": 6, "qo": 4, "quarantin": [3, 8], "queri": [0, 12], "query_dn": 0, "quickstart": 12, "quot": 10, "r": [2, 6, 10, 12], "rais": 0, "ram": 4, "rather": [3, 8], "read": [0, 12], "readabl": 0, "readwrit": 12, "realli": 3, "reason": [0, 2, 4, 12], "receiv": [0, 10, 12], "receiving_ip": 10, "receiving_mx_hostnam": 10, "recipi": 7, "recogn": 7, "recommend": 12, "record": [0, 5, 6, 10], "record_typ": 0, "refer": [4, 5], "regard": 12, "regardless": 10, "region": 12, "region_nam": 12, "regist": 6, "registr": 12, "regul": [4, 6, 9, 12], "regular": [3, 8], "reject": [3, 8], "relai": [3, 8], "relat": 3, "releas": [4, 6], "reli": 7, "reliabl": 12, "reload": [2, 4, 12], "remain": 7, "remot": 2, "remov": [0, 3, 4, 8, 12], "repeat": [3, 8], "replac": [0, 3, 4, 8], "repli": [2, 3, 8], "replica": [0, 12], "reply_goes_to_list": [3, 8], "reply_to": 10, "replyto": [3, 8], "report": [0, 4, 7, 11, 12], "report_id": 10, "report_metadata": 10, "report_typ": 0, "reported_domain": 10, "reports_fold": [0, 12], "repositori": [6, 11], "req": 4, "request": [2, 4, 12], "requir": [0, 2, 3, 4, 6, 8, 12], "require_encrypt": 0, "resid": 12, "resolv": [0, 12], "resourc": [4, 5, 12], "respons": [0, 12], "restart": [2, 3, 4, 8, 12], "restartsec": [2, 12], "restor": 4, "restrict": 12, "restrictaccess": 12, "result": [0, 5, 7, 10, 12], "result_typ": 10, "retain": [3, 8], "retent": 5, "retriev": 2, "return": 0, "revers": [0, 7, 12], "reverse_dn": [0, 10], "reverse_dns_base_domain": 0, "reverse_dns_map": 0, "reverse_dns_map_path": 0, "reverse_dns_map_url": [0, 12], "review": [5, 7], "rewrit": [3, 8], "rfc": [0, 3, 8, 10], "rfc2369": [3, 8], "rfc822": 2, "rhel": [4, 6], "right": [4, 7], "rm": 4, "ro": 0, "rollup": 6, "root": [2, 12], "rpm": 4, "rsa": 4, "rua": [5, 6], "ruf": [5, 6, 7, 12], "rule": [7, 12], "run": [0, 4, 5, 6], "rw": [2, 12], "s3": 12, "safe": 0, "same": [3, 4, 6, 7, 11], "sampl": [0, 5, 12], "sample_headers_onli": 10, "save": [0, 4, 6, 12], "save_aggreg": 12, "save_aggregate_report_to_elasticsearch": 0, "save_aggregate_report_to_opensearch": 0, "save_aggregate_reports_to_splunk": 0, "save_forens": 12, "save_forensic_report_to_elasticsearch": 0, "save_forensic_report_to_opensearch": 0, "save_forensic_reports_to_splunk": 0, "save_output": 0, "save_smtp_tl": 12, "save_smtp_tls_report_to_elasticsearch": 0, "save_smtp_tls_report_to_opensearch": 0, "save_smtp_tls_reports_to_splunk": 0, "schedul": 6, "schema": 10, "scope": [10, 12], "scrub_nondigest": [3, 8], "search": [3, 8, 12], "second": [0, 2, 12], "secret": 12, "secret_access_kei": 12, "section": 12, "secur": [0, 4, 12], "see": [2, 3, 4, 5, 7, 12], "segment": 7, "select": 6, "selector": 10, "self": [4, 5], "send": [0, 2, 3, 4, 5, 7, 8, 11, 12], "sender": [5, 7, 8], "sending_mta_ip": 10, "sensit": 12, "sent": [3, 8, 12], "separ": [3, 4, 6, 7, 9, 11, 12], "server": [0, 2, 3, 4, 6, 7, 10, 12], "server_ip": 4, "servernameon": 10, "servic": [0, 3, 4, 5, 7, 8], "session": 7, "set": [0, 2, 3, 4, 6, 7, 8, 9, 12], "set_host": 0, "setup": [4, 9, 12], "setuptool": 6, "shard": [0, 12], "share": [4, 12], "sharepoint": 10, "should": [3, 6, 7, 8, 12], "shouldn": [3, 8], "show": [2, 7, 12], "shv": 10, "side": 7, "sign": [3, 4, 6], "signatur": [3, 7, 8], "silent": 12, "similar": 7, "simpl": 5, "simplifi": 0, "sinc": 12, "singl": 0, "sister": 3, "size": [2, 4], "skip": 12, "skip_certificate_verif": 12, "slightli": 11, "small": 4, "smtp": [0, 3, 7, 12], "smtp_tl": [0, 12], "smtp_tls_csv_filenam": 0, "smtp_tls_json_filenam": 0, "smtp_tls_url": 12, "so": [3, 6, 7, 8, 12], "socket": 2, "solut": 6, "some": [0, 2, 3, 4, 7, 8], "someon": 4, "sometim": 12, "sort": [7, 12], "sourc": [0, 3, 4, 6, 7, 10], "source_base_domain": 10, "source_countri": 10, "source_ip_address": 10, "source_reverse_dn": 10, "sourceforg": 2, "sp": [3, 10], "spam": 12, "special": 12, "specif": [3, 12], "specifi": [2, 3], "spf": [7, 10], "spf_align": 10, "spf_domain": 10, "spf_result": 10, "spf_scope": 10, "splunk": [5, 12], "splunk_hec": 12, "splunkerror": 0, "splunkhec": 12, "spoof": [3, 8], "ss": 0, "ssl": [0, 2, 4, 12], "ssl_cert_path": 0, "st": [10, 12], "stabl": 4, "stack": 4, "standard": [0, 5, 10], "start": [0, 2, 4, 6, 7, 9, 11, 12], "starttl": 12, "static": 6, "statu": [2, 12], "step": [3, 4, 8], "still": [3, 6, 8, 10, 12], "storag": [0, 12], "store": [2, 4, 9], "str": [0, 12], "stream": 12, "string": 0, "strip": [3, 8, 12], "strip_attachment_payload": [0, 12], "strongli": 12, "structur": 5, "stsv1": 10, "subdomain": [0, 3], "subject": [0, 3, 8, 10, 12], "subject_prefix": [3, 8], "subsidiari": 7, "successful_session_count": 10, "sudo": [2, 4, 6, 12], "suffix": [0, 12], "suggest": 7, "suitabl": 0, "summari": [3, 5, 8], "suppli": [0, 7, 12], "support": [2, 5, 10, 11], "sure": [4, 6], "sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq": 10, "switch": 7, "syslog": [2, 12], "system": [2, 3, 4, 6, 8, 12], "systemctl": [2, 4, 12], "systemd": 5, "systemdr": 6, "t": [5, 8, 12], "tab": [3, 4, 8], "tabl": [5, 7], "tag": 6, "target": [2, 12], "task": 6, "tby": 10, "tcp": 12, "tee": 4, "tell": [3, 6, 7, 8], "templat": [3, 8], "temporari": 7, "tenant": 12, "tenant_id": 12, "term": 6, "test": [0, 10, 12], "text": [0, 10], "than": [3, 4, 8, 12], "thank": [5, 10], "thei": [3, 6, 7, 8, 12], "theirs": 3, "them": [0, 4, 7, 12], "therebi": [3, 8], "thi": [2, 3, 4, 5, 6, 7, 8, 10, 12], "those": 6, "thousand": 12, "three": 7, "through": 3, "time": [2, 4, 6, 7, 12], "timeout": [0, 2, 12], "timestamp": 0, "timestamp_to_datetim": 0, "timestamp_to_human": 0, "timezon": 10, "tl": [0, 12], "tld": 3, "to_domain": 10, "to_utc": 0, "token": [0, 4, 12], "token_fil": 12, "tool": [6, 12], "top": [3, 7], "topic": 12, "touch": [3, 8], "tracker": 1, "tradit": [3, 8], "transfer": 10, "transpar": 5, "transport": [4, 12], "trash": 12, "true": [0, 2, 4, 10, 12], "trust": 12, "truststor": 4, "try": 12, "tuesdai": 6, "two": 6, "type": [0, 10, 12], "u": [2, 6, 10, 12], "ubuntu": [4, 6], "udp": 12, "ui": [3, 8], "uncondition": [3, 8], "under": [4, 6, 7], "underneath": 7, "understand": [5, 7], "unencrypt": 12, "unfortun": [3, 8], "unit": [2, 12], "unix": 0, "unknown": 0, "unsubscrib": [3, 8], "until": [0, 12], "unzip": 2, "up": [0, 2, 4, 6, 7, 9, 12], "updat": [0, 4, 6, 12], "upersecur": 12, "upgrad": [2, 5, 6, 12], "upload": 12, "upper": 7, "uri": 6, "url": [0, 2, 12], "us": [0, 3, 4, 5, 8, 10], "usag": 12, "use_ssl": 0, "user": [2, 3, 4, 5, 6, 8, 10, 12], "user_ag": 10, "useradd": [2, 6], "usernam": [0, 12], "usernamepassword": 12, "usesystemproxi": 2, "usr": 4, "utc": 0, "utf": 10, "util": 5, "v": [6, 12], "valid": [0, 7, 10, 12], "valimail": 5, "valu": [0, 3, 4, 7, 8, 12], "var": [3, 8], "variou": 6, "vendor": 3, "venv": [6, 12], "verbos": 12, "veri": [4, 7, 12], "verif": [4, 12], "verifi": 0, "verification_mod": 4, "version": [2, 4, 6, 9, 10, 11, 12], "vew": 2, "via": 2, "view": [7, 12], "vim": 4, "virtualenv": 6, "visual": [4, 9], "volum": 7, "vulner": 3, "w3c": 10, "wa": [3, 4, 6, 8], "wai": [4, 7], "wait": [0, 12], "want": [2, 5, 12], "wantedbi": [2, 12], "warn": 12, "watch": [0, 2, 4, 12], "watch_inbox": 0, "watcher": 12, "web": [2, 4], "webdav": 2, "webhook": 12, "webmail": [3, 7, 8], "weekli": 6, "well": [2, 12], "were": [7, 12], "wettbewerb": 10, "wget": 4, "what": 5, "when": [0, 3, 5, 7, 8, 12], "whenev": [0, 2, 12], "where": [0, 2, 3, 8, 12], "wherea": 7, "wherev": 12, "whether": 0, "which": [2, 4, 7, 12], "while": [7, 12], "who": 7, "why": [3, 7], "wide": [6, 10], "wiki": 10, "window": 6, "without": [3, 4, 7, 8], "won": 5, "work": [2, 3, 5, 6, 7, 8], "workstat": 2, "worst": 3, "would": [3, 5, 6, 8], "wrap": [3, 8], "write": 12, "www": [4, 6, 12], "x": [4, 10], "x509": 4, "xennn": 10, "xml": [0, 11], "xml_schema": 10, "xms4g": 4, "xmx4g": 4, "xpack": 4, "xxxx": 4, "y": [4, 6], "yahoo": 7, "ye": [3, 8], "year": 12, "yet": 3, "yml": 4, "you": [2, 3, 4, 5, 6, 7, 8, 12], "your": [3, 4, 6, 7, 8, 11, 12], "yyyi": 0, "zip": [0, 2, 5, 12], "\u00fcbersicht": 10}, "titles": ["API reference", "Contributing to parsedmarc", "Accessing an inbox using OWA/EWS", "Understanding DMARC", "Elasticsearch and Kibana", "parsedmarc documentation - Open source DMARC report analyzer and visualizer", "Installation", "Using the Kibana dashboards", "What about mailing lists?", "OpenSearch and Grafana", "Sample outputs", "Splunk", "Using parsedmarc"], "titleterms": {"2": [3, 8], "3": [3, 8], "about": [3, 8], "access": 2, "aggreg": 10, "align": 3, "an": 2, "analyz": [5, 6], "api": 0, "best": [3, 8], "bug": 1, "cli": 12, "configur": [2, 12], "content": 5, "contribut": 1, "csv": 10, "dashboard": 7, "davmail": 2, "depend": 6, "dkim": 3, "dmarc": [3, 5, 7], "do": [3, 8], "document": 5, "domain": 3, "elast": 0, "elasticsearch": 4, "ew": 2, "exchang": 6, "featur": 5, "file": 12, "forens": [7, 10], "geoipupd": 6, "grafana": 9, "guid": 3, "help": 12, "inbox": 2, "index": 4, "indic": 0, "instal": [4, 6, 9], "json": 10, "kibana": [4, 7], "list": [3, 8], "listserv": [3, 8], "lookalik": 3, "mail": [3, 8], "mailman": [3, 8], "microsoft": 6, "multipl": 6, "open": 5, "opensearch": [0, 9], "option": 6, "output": 10, "owa": 2, "parsedmarc": [0, 1, 2, 5, 6, 12], "pattern": 4, "practic": [3, 8], "prerequisit": 6, "proxi": 6, "record": [3, 4, 9], "refer": 0, "report": [1, 5, 6, 10], "resourc": 3, "retent": [4, 9], "run": [2, 12], "sampl": [7, 10], "sender": 3, "servic": [2, 12], "setup": 6, "smtp": 10, "sourc": 5, "spf": 3, "splunk": [0, 11], "summari": 7, "support": 3, "systemd": [2, 12], "t": 3, "tabl": 0, "test": 6, "tl": 10, "understand": 3, "upgrad": 4, "us": [2, 6, 7, 12], "util": 0, "valid": 3, "visual": 5, "web": 6, "what": [3, 8], "won": 3, "workaround": [3, 8]}})
\ No newline at end of file
+Search.setIndex({"alltitles": {"API reference": [[0, null]], "Accessing an inbox using OWA/EWS": [[2, null]], "Bug reports": [[1, "bug-reports"]], "CLI help": [[12, "cli-help"]], "CSV aggregate report": [[10, "csv-aggregate-report"]], "CSV forensic report": [[10, "csv-forensic-report"]], "Configuration file": [[12, "configuration-file"]], "Configuring parsedmarc for DavMail": [[2, "configuring-parsedmarc-for-davmail"]], "Contents": [[5, null]], "Contributing to parsedmarc": [[1, null]], "DMARC Alignment Guide": [[3, "dmarc-alignment-guide"]], "DMARC Forensic Samples": [[7, "dmarc-forensic-samples"]], "DMARC Summary": [[7, "dmarc-summary"]], "DMARC guides": [[3, "dmarc-guides"]], "Do": [[3, "do"], [8, "do"]], "Do not": [[3, "do-not"], [8, "do-not"]], "Elasticsearch and Kibana": [[4, null]], "Features": [[5, "features"]], "Indices and tables": [[0, "indices-and-tables"]], "Installation": [[4, "installation"], [6, null], [9, "installation"]], "Installing parsedmarc": [[6, "installing-parsedmarc"]], "JSON SMTP TLS report": [[10, "json-smtp-tls-report"]], "JSON aggregate report": [[10, "json-aggregate-report"]], "JSON forensic report": [[10, "json-forensic-report"]], "LISTSERV": [[3, "listserv"], [8, "listserv"]], "Lookalike domains": [[3, "lookalike-domains"]], "Mailing list best practices": [[3, "mailing-list-best-practices"], [8, "mailing-list-best-practices"]], "Mailman 2": [[3, "mailman-2"], [3, "id1"], [8, "mailman-2"], [8, "id1"]], "Mailman 3": [[3, "mailman-3"], [3, "id2"], [8, "mailman-3"], [8, "id2"]], "OpenSearch and Grafana": [[9, null]], "Optional dependencies": [[6, "optional-dependencies"]], "Prerequisites": [[6, "prerequisites"]], "Records retention": [[4, "records-retention"], [9, "records-retention"]], "Resources": [[3, "resources"]], "Running DavMail as a systemd service": [[2, "running-davmail-as-a-systemd-service"]], "Running parsedmarc as a systemd service": [[12, "running-parsedmarc-as-a-systemd-service"]], "SPF and DMARC record validation": [[3, "spf-and-dmarc-record-validation"]], "Sample aggregate report output": [[10, "sample-aggregate-report-output"]], "Sample forensic report output": [[10, "sample-forensic-report-output"]], "Sample outputs": [[10, null]], "Splunk": [[11, null]], "Testing multiple report analyzers": [[6, "testing-multiple-report-analyzers"]], "Understanding DMARC": [[3, null]], "Upgrading Kibana index patterns": [[4, "upgrading-kibana-index-patterns"]], "Using Microsoft Exchange": [[6, "using-microsoft-exchange"]], "Using a web proxy": [[6, "using-a-web-proxy"]], "Using parsedmarc": [[12, null]], "Using the Kibana dashboards": [[7, null]], "What about mailing lists?": [[3, "what-about-mailing-lists"], [8, null]], "What if a sender won\u2019t support DKIM/DMARC?": [[3, "what-if-a-sender-wont-support-dkim-dmarc"]], "Workarounds": [[3, "workarounds"], [8, "workarounds"]], "geoipupdate setup": [[6, "geoipupdate-setup"]], "parsedmarc": [[0, "module-parsedmarc"]], "parsedmarc documentation - Open source DMARC report analyzer and visualizer": [[5, null]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic"]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch"]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk"]], "parsedmarc.utils": [[0, "module-parsedmarc.utils"]]}, "docnames": ["api", "contributing", "davmail", "dmarc", "elasticsearch", "index", "installation", "kibana", "mailing-lists", "opensearch", "output", "splunk", "usage"], "envversion": {"sphinx": 64, "sphinx.domains.c": 3, "sphinx.domains.changeset": 1, "sphinx.domains.citation": 1, "sphinx.domains.cpp": 9, "sphinx.domains.index": 1, "sphinx.domains.javascript": 3, "sphinx.domains.math": 2, "sphinx.domains.python": 4, "sphinx.domains.rst": 2, "sphinx.domains.std": 2, "sphinx.ext.todo": 2, "sphinx.ext.viewcode": 1}, "filenames": ["api.md", "contributing.md", "davmail.md", "dmarc.md", "elasticsearch.md", "index.md", "installation.md", "kibana.md", "mailing-lists.md", "opensearch.md", "output.md", "splunk.md", "usage.md"], "indexentries": {"alreadysaved": [[0, "parsedmarc.elastic.AlreadySaved", false], [0, "parsedmarc.opensearch.AlreadySaved", false]], "convert_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.convert_outlook_msg", false]], "create_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.create_indexes", false]], "create_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.create_indexes", false]], "decode_base64() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.decode_base64", false]], "downloaderror": [[0, "parsedmarc.utils.DownloadError", false]], "elasticsearcherror": [[0, "parsedmarc.elastic.ElasticsearchError", false]], "email_results() (in module parsedmarc)": [[0, "parsedmarc.email_results", false]], "emailparsererror": [[0, "parsedmarc.utils.EmailParserError", false]], "extract_report() (in module parsedmarc)": [[0, "parsedmarc.extract_report", false]], "extract_report_from_file_path() (in module parsedmarc)": [[0, "parsedmarc.extract_report_from_file_path", false]], "get_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_base_domain", false]], "get_dmarc_reports_from_mailbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mailbox", false]], "get_dmarc_reports_from_mbox() (in module parsedmarc)": [[0, "parsedmarc.get_dmarc_reports_from_mbox", false]], "get_filename_safe_string() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_filename_safe_string", false]], "get_ip_address_country() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_country", false]], "get_ip_address_info() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_ip_address_info", false]], "get_report_zip() (in module parsedmarc)": [[0, "parsedmarc.get_report_zip", false]], "get_reverse_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_reverse_dns", false]], "get_service_from_reverse_dns_base_domain() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.get_service_from_reverse_dns_base_domain", false]], "hecclient (class in parsedmarc.splunk)": [[0, "parsedmarc.splunk.HECClient", false]], "human_timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_datetime", false]], "human_timestamp_to_unix_timestamp() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.human_timestamp_to_unix_timestamp", false]], "invalidaggregatereport": [[0, "parsedmarc.InvalidAggregateReport", false]], "invaliddmarcreport": [[0, "parsedmarc.InvalidDMARCReport", false]], "invalidforensicreport": [[0, "parsedmarc.InvalidForensicReport", false]], "invalidsmtptlsreport": [[0, "parsedmarc.InvalidSMTPTLSReport", false]], "is_mbox() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_mbox", false]], "is_outlook_msg() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.is_outlook_msg", false]], "migrate_indexes() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.migrate_indexes", false]], "migrate_indexes() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.migrate_indexes", false]], "module": [[0, "module-parsedmarc", false], [0, "module-parsedmarc.elastic", false], [0, "module-parsedmarc.opensearch", false], [0, "module-parsedmarc.splunk", false], [0, "module-parsedmarc.utils", false]], "opensearcherror": [[0, "parsedmarc.opensearch.OpenSearchError", false]], "parse_aggregate_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_file", false]], "parse_aggregate_report_xml() (in module parsedmarc)": [[0, "parsedmarc.parse_aggregate_report_xml", false]], "parse_email() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.parse_email", false]], "parse_forensic_report() (in module parsedmarc)": [[0, "parsedmarc.parse_forensic_report", false]], "parse_report_email() (in module parsedmarc)": [[0, "parsedmarc.parse_report_email", false]], "parse_report_file() (in module parsedmarc)": [[0, "parsedmarc.parse_report_file", false]], "parse_smtp_tls_report_json() (in module parsedmarc)": [[0, "parsedmarc.parse_smtp_tls_report_json", false]], "parsed_aggregate_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv", false]], "parsed_aggregate_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_aggregate_reports_to_csv_rows", false]], "parsed_forensic_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv", false]], "parsed_forensic_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_forensic_reports_to_csv_rows", false]], "parsed_smtp_tls_reports_to_csv() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv", false]], "parsed_smtp_tls_reports_to_csv_rows() (in module parsedmarc)": [[0, "parsedmarc.parsed_smtp_tls_reports_to_csv_rows", false]], "parsedmarc": [[0, "module-parsedmarc", false]], "parsedmarc.elastic": [[0, "module-parsedmarc.elastic", false]], "parsedmarc.opensearch": [[0, "module-parsedmarc.opensearch", false]], "parsedmarc.splunk": [[0, "module-parsedmarc.splunk", false]], "parsedmarc.utils": [[0, "module-parsedmarc.utils", false]], "parsererror": [[0, "parsedmarc.ParserError", false]], "query_dns() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.query_dns", false]], "save_aggregate_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_aggregate_report_to_elasticsearch", false]], "save_aggregate_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_aggregate_report_to_opensearch", false]], "save_aggregate_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_aggregate_reports_to_splunk", false]], "save_forensic_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_forensic_report_to_elasticsearch", false]], "save_forensic_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_forensic_report_to_opensearch", false]], "save_forensic_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_forensic_reports_to_splunk", false]], "save_output() (in module parsedmarc)": [[0, "parsedmarc.save_output", false]], "save_smtp_tls_report_to_elasticsearch() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch", false]], "save_smtp_tls_report_to_opensearch() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.save_smtp_tls_report_to_opensearch", false]], "save_smtp_tls_reports_to_splunk() (parsedmarc.splunk.hecclient method)": [[0, "parsedmarc.splunk.HECClient.save_smtp_tls_reports_to_splunk", false]], "set_hosts() (in module parsedmarc.elastic)": [[0, "parsedmarc.elastic.set_hosts", false]], "set_hosts() (in module parsedmarc.opensearch)": [[0, "parsedmarc.opensearch.set_hosts", false]], "splunkerror": [[0, "parsedmarc.splunk.SplunkError", false]], "timestamp_to_datetime() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_datetime", false]], "timestamp_to_human() (in module parsedmarc.utils)": [[0, "parsedmarc.utils.timestamp_to_human", false]], "watch_inbox() (in module parsedmarc)": [[0, "parsedmarc.watch_inbox", false]]}, "objects": {"": [[0, 0, 0, "-", "parsedmarc"]], "parsedmarc": [[0, 1, 1, "", "InvalidAggregateReport"], [0, 1, 1, "", "InvalidDMARCReport"], [0, 1, 1, "", "InvalidForensicReport"], [0, 1, 1, "", "InvalidSMTPTLSReport"], [0, 1, 1, "", "ParserError"], [0, 0, 0, "-", "elastic"], [0, 2, 1, "", "email_results"], [0, 2, 1, "", "extract_report"], [0, 2, 1, "", "extract_report_from_file_path"], [0, 2, 1, "", "get_dmarc_reports_from_mailbox"], [0, 2, 1, "", "get_dmarc_reports_from_mbox"], [0, 2, 1, "", "get_report_zip"], [0, 0, 0, "-", "opensearch"], [0, 2, 1, "", "parse_aggregate_report_file"], [0, 2, 1, "", "parse_aggregate_report_xml"], [0, 2, 1, "", "parse_forensic_report"], [0, 2, 1, "", "parse_report_email"], [0, 2, 1, "", "parse_report_file"], [0, 2, 1, "", "parse_smtp_tls_report_json"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv"], [0, 2, 1, "", "parsed_aggregate_reports_to_csv_rows"], [0, 2, 1, "", "parsed_forensic_reports_to_csv"], [0, 2, 1, "", "parsed_forensic_reports_to_csv_rows"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv"], [0, 2, 1, "", "parsed_smtp_tls_reports_to_csv_rows"], [0, 2, 1, "", "save_output"], [0, 0, 0, "-", "splunk"], [0, 0, 0, "-", "utils"], [0, 2, 1, "", "watch_inbox"]], "parsedmarc.elastic": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "ElasticsearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_elasticsearch"], [0, 2, 1, "", "save_forensic_report_to_elasticsearch"], [0, 2, 1, "", "save_smtp_tls_report_to_elasticsearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.opensearch": [[0, 1, 1, "", "AlreadySaved"], [0, 1, 1, "", "OpenSearchError"], [0, 2, 1, "", "create_indexes"], [0, 2, 1, "", "migrate_indexes"], [0, 2, 1, "", "save_aggregate_report_to_opensearch"], [0, 2, 1, "", "save_forensic_report_to_opensearch"], [0, 2, 1, "", "save_smtp_tls_report_to_opensearch"], [0, 2, 1, "", "set_hosts"]], "parsedmarc.splunk": [[0, 3, 1, "", "HECClient"], [0, 1, 1, "", "SplunkError"]], "parsedmarc.splunk.HECClient": [[0, 4, 1, "", "save_aggregate_reports_to_splunk"], [0, 4, 1, "", "save_forensic_reports_to_splunk"], [0, 4, 1, "", "save_smtp_tls_reports_to_splunk"]], "parsedmarc.utils": [[0, 1, 1, "", "DownloadError"], [0, 1, 1, "", "EmailParserError"], [0, 2, 1, "", "convert_outlook_msg"], [0, 2, 1, "", "decode_base64"], [0, 2, 1, "", "get_base_domain"], [0, 2, 1, "", "get_filename_safe_string"], [0, 2, 1, "", "get_ip_address_country"], [0, 2, 1, "", "get_ip_address_info"], [0, 2, 1, "", "get_reverse_dns"], [0, 2, 1, "", "get_service_from_reverse_dns_base_domain"], [0, 2, 1, "", "human_timestamp_to_datetime"], [0, 2, 1, "", "human_timestamp_to_unix_timestamp"], [0, 2, 1, "", "is_mbox"], [0, 2, 1, "", "is_outlook_msg"], [0, 2, 1, "", "parse_email"], [0, 2, 1, "", "query_dns"], [0, 2, 1, "", "timestamp_to_datetime"], [0, 2, 1, "", "timestamp_to_human"]]}, "objnames": {"0": ["py", "module", "Python module"], "1": ["py", "exception", "Python exception"], "2": ["py", "function", "Python function"], "3": ["py", "class", "Python class"], "4": ["py", "method", "Python method"]}, "objtypes": {"0": "py:module", "1": "py:exception", "2": "py:function", "3": "py:class", "4": "py:method"}, "terms": {"": [0, 2, 3, 4, 6, 8, 10, 12], "0": [0, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12], "00": 10, "003": 10, "00z": 10, "00z_exampl": 10, "01": 10, "0200": 10, "0240": 10, "04": 10, "08": 10, "09": 10, "09t00": 10, "09t23": 10, "1": [0, 2, 4, 5, 6, 10, 12], "10": [0, 6, 10, 12], "100": [10, 12], "1000": 12, "11": [6, 10], "1143": 2, "12201": 12, "127": [2, 4, 12], "150": 10, "16": [3, 8], "173": 10, "176": 10, "19": 10, "1d": 12, "1g": 4, "1w": 12, "2": [0, 4, 10, 12], "20": 10, "2000": 12, "201": 10, "2010": [6, 10], "2012": 10, "2013": 6, "2016": 6, "2017a": [3, 8], "2018": 10, "2019": 6, "2024": 10, "208": 10, "209": 10, "21": 6, "212": 10, "22": 6, "222": 10, "2369": [3, 8], "241": 10, "25": 12, "27": 10, "28": 10, "2919": [3, 8], "2d": 12, "2k": 12, "3": [6, 10, 11, 12], "30": [0, 12], "300": 2, "30937": 10, "30th": 6, "3128": 6, "365": [2, 4], "38": 10, "3d": 10, "3h": 12, "4": [4, 6, 11], "4096": 4, "41": 10, "5": [2, 4, 9], "514": 12, "5601": 4, "59": 10, "59z": 10, "5m": [2, 12], "6": [0, 4, 6, 12], "60": [0, 12], "660": 4, "7": [4, 6], "72": 10, "7480": 10, "8": [2, 4, 6, 10, 12], "8080": 12, "822": 0, "85": 10, "86400": 10, "9": 6, "9200": [4, 12], "932": 12, "9391651994964116463": 10, "94": 10, "993": 12, "A": [0, 3, 12], "And": 0, "As": [4, 7], "Be": 6, "By": [7, 12], "For": [4, 12], "If": [0, 3, 4, 6, 7, 8, 12], "In": [2, 3, 7, 8, 12], "It": [2, 4, 7, 10, 12], "No": [3, 8], "On": [3, 4, 6, 7, 8], "Or": [4, 6], "That": 7, "The": [0, 3, 6, 7, 11, 12], "Then": [2, 3, 4, 6, 8, 12], "These": 7, "To": [2, 4, 6, 7, 9, 10, 12], "With": 7, "_cluster": 12, "_input": 0, "abl": 6, "about": [0, 5, 6], "abov": [2, 12], "accept": [3, 4, 8, 12], "access": [0, 4, 5, 6, 12], "access_key_id": 12, "access_token": 0, "accessright": 12, "accident": [3, 8], "account": [6, 7], "acm": 10, "acquir": 12, "across": 7, "action": [3, 8], "activ": [4, 6], "active_primary_shard": 12, "active_shard": 12, "actual": [3, 10], "ad": [3, 6, 8, 12], "add": [2, 3, 4, 6, 7, 8, 12], "addit": [3, 8], "address": [0, 2, 3, 4, 7, 8, 10, 12], "addresse": 7, "adkim": 10, "admin": [3, 8, 12], "administr": [3, 8], "adsl": 10, "after": [0, 2, 4, 12], "against": [3, 8], "agari": 5, "agent": 4, "aggreg": [0, 5, 7, 11, 12], "aggregate_csv_filenam": [0, 12], "aggregate_index": 0, "aggregate_json_filenam": [0, 12], "aggregate_report": 0, "aggregate_top": 12, "aggregate_url": 12, "align": [5, 7, 10], "aliv": 0, "all": [3, 5, 7, 8, 11, 12], "allow": [2, 3, 8, 12], "allow_unencrypted_storag": 12, "allowremot": 2, "alreadysav": 0, "also": [2, 3, 7, 8, 12], "alter": [3, 8], "altern": [5, 12], "although": 11, "alwai": [0, 2, 4, 12], "always_use_local_fil": [0, 12], "an": [0, 3, 5, 7, 8, 10, 12], "analyz": 12, "ani": [0, 3, 7, 8, 12], "anonym": 10, "anoth": [6, 12], "answer": [0, 12], "apach": 5, "api": [2, 4, 5, 12], "apikei": [0, 12], "app": 12, "appear": 12, "appendix": 10, "appid": 12, "appli": 12, "applic": 12, "applicationaccesspolici": 12, "approach": 12, "approxim": 2, "apt": [2, 4, 6], "ar": [0, 2, 3, 4, 6, 7, 8, 10, 12], "archiv": [0, 12], "archive_fold": [0, 12], "argument": 12, "arriv": 12, "arrival_d": 10, "arrival_date_utc": 10, "artifact": 4, "ask": 3, "asmx": 2, "asn": 6, "aspf": 10, "assign": 4, "assist": 5, "associ": 0, "attach": [0, 3, 8, 10, 12], "attachment_filenam": 0, "attribut": 6, "auth": [2, 10, 12], "auth_failur": 10, "auth_method": 12, "auth_result": 10, "authent": [0, 2, 3, 4, 7, 12], "authentication_mechan": 10, "authentication_result": 10, "auto": 2, "avoid": 7, "azur": 12, "b": [6, 10], "b2c": 7, "back": 12, "base": [0, 2, 3, 4, 7, 8, 10], "base64": 0, "base_domain": [0, 10], "basic": [2, 12], "batch_siz": [0, 12], "bcc": [0, 10], "bd6e1bb5": 10, "becaus": [2, 3, 7, 8, 12], "been": [7, 12], "befor": [0, 12], "begin_d": 10, "behind": 6, "being": 0, "bellsouth": 10, "below": [3, 8, 12], "best": 7, "between": [4, 7], "bin": [2, 4, 6, 12], "binari": 0, "bind": 2, "bindaddress": 2, "blank": [3, 8], "block": [2, 12], "bodi": [0, 3, 8, 10, 12], "bool": [0, 12], "brand": [5, 7], "break": [3, 4, 8], "browser": 4, "bucket": 12, "bug": 5, "build": 6, "built": 0, "busi": 7, "buster": 6, "button": [3, 8], "byte": 0, "c": [10, 12], "ca": 4, "cach": [0, 12], "call": [7, 12], "callabl": 0, "callback": 0, "came": [3, 8], "can": [0, 2, 3, 4, 5, 6, 7, 8, 12], "cannot": 6, "case": [2, 3, 8], "caus": [3, 4, 7, 8], "cc": [0, 10], "center": 7, "cento": [4, 6], "cert": 4, "cert_path": 12, "certain": [0, 12], "certif": [0, 4, 12], "cest": 10, "chain": 0, "chang": [4, 7, 11, 12], "charact": [2, 12], "charset": 10, "chart": 7, "check": [0, 2, 3, 4, 6, 12], "check_timeout": [0, 12], "checkbox": 4, "checkdmarc": 3, "chines": 7, "chmod": [2, 4, 12], "choos": [3, 8], "chown": [2, 12], "cisco": 12, "citi": 6, "class": 0, "cli": 5, "click": [4, 7], "client": [2, 3, 4, 8, 12], "client_id": 12, "client_secret": 12, "clientsecret": 12, "clientsotimeout": 2, "cloudflar": [0, 12], "cluster": [4, 12], "co": 4, "code": [0, 4, 5], "collect": [7, 12], "collector": [11, 12], "com": [1, 2, 3, 8, 9, 10, 12], "come": 7, "comma": [6, 12], "command": [2, 3, 8, 12], "comment": 12, "commerci": [4, 5], "common": [3, 4, 6, 8], "commun": [3, 8], "complet": [3, 4], "compli": [3, 4, 6, 8, 9], "compliant": [3, 8], "compon": 6, "compress": 5, "conf": 6, "config": [2, 6, 12], "config_fil": 12, "configur": [3, 4, 5, 6, 7, 8, 9], "conform": 4, "connect": [0, 2, 4, 12], "connexion": 4, "consid": [5, 7], "consist": [0, 5, 10], "consol": [4, 12], "consolid": 7, "consum": 7, "contact": 7, "contain": [0, 7, 11, 12], "content": [0, 3, 8, 10, 11], "contrib": 6, "contribut": 5, "contributor": 5, "control": 4, "convert": [0, 3, 8], "convert_outlook_msg": 0, "copi": [0, 6, 11], "core": [3, 8], "correct": 6, "correctli": 7, "could": [3, 4, 8, 12], "count": [2, 10], "countri": [0, 6, 7, 10], "crash": [2, 4, 12], "creat": [0, 2, 3, 4, 6, 8, 12], "create_fold": 0, "create_index": 0, "creativ": 6, "credenti": [6, 12], "credentials_fil": 12, "cron": 6, "crt": 4, "csr": 4, "csv": [0, 5, 12], "cumul": 6, "current": [2, 4, 12], "custom": [7, 12], "d": [0, 4, 12], "daemon": [2, 4, 12], "dai": [0, 4, 9, 12], "daili": [0, 12], "dashboard": [4, 5, 9, 11], "dat": 0, "data": [0, 4, 5, 7, 9, 11, 12], "databas": 6, "date": [0, 3, 8, 10], "date_utc": 10, "datetim": 0, "davmail": 5, "db_path": 0, "dbip": [0, 12], "dce": 12, "dcr": 12, "dcr_aggregate_stream": 12, "dcr_forensic_stream": 12, "dcr_immutable_id": 12, "dcr_smtp_tls_stream": 12, "dd": 0, "de": 10, "dearmor": 4, "deb": 4, "debian": [4, 6], "debug": 12, "decemb": 6, "decod": 0, "decode_base64": 0, "default": [0, 2, 4, 6, 7, 12], "defens": 5, "delai": [2, 10], "deleg": 12, "delet": [0, 2, 4, 12], "delivery_result": 10, "demystifi": 3, "depend": [4, 5, 12], "deploi": [3, 8], "describ": 12, "descript": [2, 6, 12], "destin": 0, "detail": [6, 7], "dev": [6, 12], "devel": 6, "develop": 5, "devicecod": 12, "di": 10, "dict": 0, "dictionari": 0, "differ": [6, 7, 12], "digest": [3, 8], "directori": [0, 12], "disabl": [2, 12], "disclaim": [3, 8], "displai": [3, 7, 11], "display_nam": 10, "disposit": [7, 10], "distribut": 6, "dkim": [5, 7, 8, 10], "dkim_align": 10, "dkim_domain": 10, "dkim_result": 10, "dkim_selector": 10, "dkm": 3, "dmarc": [0, 4, 6, 8, 9, 10, 11, 12], "dmarc_aggreg": 4, "dmarc_align": 10, "dmarc_forens": 4, "dmarc_moderation_act": [3, 8], "dmarc_none_moderation_act": [3, 8], "dmarc_quarantine_moderation_act": [3, 8], "dmarcian": 5, "dmarcresport": 12, "dn": [0, 3, 7, 12], "dnf": 6, "dns_test_address": 12, "dns_timeout": [0, 12], "do": [0, 2, 6, 7, 12], "doc": 9, "doctyp": 10, "document": [2, 12], "doe": [3, 8], "domain": [0, 4, 7, 8, 10], "domainawar": [1, 3, 12], "don": 3, "down": 7, "download": [0, 2, 4, 6, 12], "downloaderror": 0, "draft": [5, 10], "dtd": 10, "dummi": 12, "dure": 2, "e": [0, 2, 3, 4, 6, 8, 12], "e7": 10, "each": [4, 6, 9, 11], "earlier": 7, "easi": [4, 9], "easier": 11, "echo": 4, "edit": [2, 6, 12], "editor": 11, "effici": 4, "either": 12, "elast": [4, 5], "elasticsearch": [0, 5, 12], "elasticsearcherror": 0, "els": 4, "email": [0, 3, 5, 6, 7, 8, 10, 11, 12], "email_result": 0, "emailparsererror": 0, "empti": [3, 8], "en": [3, 4, 8, 10], "enabl": [2, 4, 12], "enableew": 2, "enablekeepal": 2, "enableproxi": 2, "encod": [0, 10, 12], "encount": 0, "encrypt": [4, 12], "encryptedsavedobject": 4, "encryptionkei": 4, "end": [3, 4], "end_dat": 10, "endpoint": 12, "endpoint_url": 12, "enforc": [3, 8], "enrol": 4, "ensur": [3, 6, 8], "entir": [3, 7, 8], "envelop": 3, "envelope_from": 10, "envelope_to": 10, "environ": 6, "error": [0, 10, 12], "escap": 12, "especi": 7, "etc": [2, 3, 4, 6, 8, 12], "even": [2, 3, 8, 12], "event": [2, 11, 12], "everi": [2, 6, 12], "ew": 5, "exactli": [3, 8], "exampl": [3, 4, 6, 8, 10, 12], "except": [0, 12], "exchang": [2, 10, 12], "exclud": 2, "execstart": [2, 12], "exist": [0, 3, 4, 8], "exit": 12, "expiringdict": 0, "explain": [3, 8], "explicit": [3, 8], "explicitli": 6, "export": 4, "extract": [0, 2], "extract_report": 0, "extract_report_from_file_path": 0, "ey": [2, 12], "f": 4, "factor": 2, "fail": [0, 3, 7, 8, 10, 12], "failed_session_count": 10, "failur": [5, 7, 10, 12], "failure_detail": 10, "fall": 12, "fallback": 6, "fals": [0, 2, 6, 10, 12], "fantast": [3, 8], "faster": 12, "featur": 4, "feedback": 0, "feedback_report": 0, "feedback_typ": 10, "fetch": [0, 12], "few": [7, 12], "field": 4, "file": [0, 2, 5, 6, 11], "file_path": [0, 12], "filenam": [0, 12], "filename_safe_subject": 10, "fill": [4, 6], "filter": [3, 7, 8, 11], "financ": 12, "find": [3, 7, 8], "fine": [3, 8], "first": [3, 6, 8, 12], "first_strip_reply_to": [3, 8], "fit": [3, 8], "fix": 4, "flag": [0, 2], "flat": 0, "flexibl": 11, "flight": 12, "float": [0, 12], "fo": 10, "folder": [0, 2, 12], "foldersizelimit": 2, "follow": [2, 4], "footer": [3, 8], "forens": [0, 5, 11, 12], "forensic_csv_filenam": [0, 12], "forensic_index": 0, "forensic_json_filenam": [0, 12], "forensic_report": 0, "forensic_top": 12, "forensic_url": 12, "format": [0, 6], "forward": [3, 7, 8], "found": [0, 6, 12], "foundat": 10, "fqdn": 4, "fraud": 5, "free": 6, "friendli": 7, "from": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "from_is_list": [3, 8], "ftp_proxi": 6, "full": 12, "fulli": [3, 8], "function": 0, "further": 7, "g": [2, 3, 4, 8, 12], "gatewai": 2, "gb": 4, "gdpr": [4, 9], "gelf": 12, "gener": [3, 4, 6, 8, 10, 12], "geoip": 6, "geolite2": 6, "geoloc": [0, 12], "get": [0, 2, 4, 6, 12], "get_base_domain": 0, "get_dmarc_reports_from_mailbox": 0, "get_dmarc_reports_from_mbox": 0, "get_filename_safe_str": 0, "get_ip_address_countri": 0, "get_ip_address_info": 0, "get_report_zip": 0, "get_reverse_dn": 0, "get_service_from_reverse_dns_base_domain": 0, "github": [1, 6, 10, 12], "give": [0, 4], "given": [0, 12], "glass": 7, "gmail": [5, 7, 12], "gmail_api": 12, "go": [3, 8], "goe": [3, 8], "googl": [7, 12], "googleapi": 12, "got": 12, "gpg": 4, "grafana": 5, "grant": 12, "graph": [2, 5, 7, 12], "group": [2, 7, 12], "guid": [4, 5], "gzip": [0, 5], "h": [0, 12], "ha": [4, 7, 12], "hamburg": 4, "hand": [3, 8], "handl": [5, 12], "has_defect": 10, "have": [3, 4, 6, 7, 8, 11, 12], "head": 10, "header": [0, 3, 7, 8, 10, 12], "header_from": 10, "headless": 2, "health": 12, "healthcar": 12, "heap": 4, "heavi": 4, "hec": [0, 11, 12], "hecclient": 0, "hectokengoesher": 12, "help": 5, "here": [3, 8, 10, 12], "hh": 0, "hi": [3, 8], "high": 7, "higher": [3, 8], "highli": 12, "hop": 10, "host": [0, 2, 3, 4, 5, 8, 12], "hostnam": [0, 12], "hour": [0, 12], "hover": 7, "how": 5, "howev": 6, "href": 10, "html": [3, 4, 8, 10], "http": [0, 1, 2, 3, 4, 6, 8, 9, 10, 11, 12], "http_proxi": 6, "https_proxi": 6, "human": [0, 7], "human_timestamp": 0, "human_timestamp_to_datetim": 0, "human_timestamp_to_unix_timestamp": 0, "i": [0, 2, 3, 4, 5, 6, 7, 8, 10, 12], "icon": 7, "id": [3, 8, 10, 12], "ideal": [3, 8], "ident": [3, 8, 12], "identifi": 10, "idl": [0, 2, 12], "imap": [0, 2, 5, 12], "imapalwaysapproxmsgs": 2, "imapautoexpung": 2, "imapidledelai": 2, "imapport": 2, "immedi": 2, "immut": 12, "impli": 12, "import": [4, 7], "improv": 12, "inbox": [0, 3, 5, 8, 12], "inc": 10, "includ": [0, 3, 6, 7, 8, 12], "include_list_post_head": [3, 8], "include_rfc2369_head": [3, 8], "include_sender_head": [3, 8], "include_spam_trash": 12, "incom": [7, 12], "incorrect": 12, "increas": [4, 12], "index": [0, 5, 9, 11, 12], "index_prefix": [0, 12], "index_suffix": [0, 12], "indic": [3, 5], "individu": 12, "industri": 12, "inform": [0, 4, 6, 7, 12], "ingest": 12, "ini": [2, 12], "initi": 0, "input": 0, "input_": 0, "insid": 6, "instal": [2, 5, 12], "instanc": 12, "instead": [0, 3, 6, 8, 12], "int": [0, 12], "intend": [3, 8], "interact": [2, 4], "interakt": 10, "interfer": [3, 8], "intern": 6, "interv": 12, "invalid": 0, "invalidaggregatereport": 0, "invaliddmarcreport": 0, "invalidforensicreport": 0, "invalidsmtptlsreport": 0, "io": 12, "ip": [0, 3, 4, 6, 7, 12], "ip_address": [0, 10], "ip_db_path": [0, 6, 12], "ipdb": 6, "ipv4": 0, "ipv6": 0, "is_mbox": 0, "is_outlook_msg": 0, "iso": 0, "issu": [1, 5], "java": 2, "job": [3, 6, 8], "joe": [3, 8], "journalctl": [2, 12], "jre": 2, "json": [0, 5, 12], "just": 7, "jvm": 4, "kafka": [5, 12], "kb4099855": 6, "kb4134118": 6, "kb4295699": 6, "keep": 0, "keep_al": 0, "keepal": 2, "kei": [0, 3, 4, 6, 12], "keyout": 4, "keyr": 4, "keystor": 4, "kibana": [5, 11], "kind": 12, "know": 3, "known": [3, 7, 8, 12], "label": 12, "languag": [3, 8], "larg": 2, "larger": 12, "later": [4, 6, 12], "latest": [2, 4, 6, 9], "layer": 0, "layout": 11, "leak": 7, "least": [4, 6, 12], "leav": 3, "left": 7, "legal": [3, 8], "legitim": [7, 12], "level": [3, 4], "libemail": 6, "libxml2": 6, "libxslt": 6, "licens": 6, "like": [0, 3, 6, 8], "limit": [0, 2, 12], "line": [3, 8], "link": [3, 4, 7, 8], "linux": [3, 6, 8], "list": [0, 2, 4, 5, 7, 12], "listen": [2, 12], "lite": 6, "ll": [3, 8], "load": 4, "local": [0, 2, 4, 10, 12], "local_file_path": 0, "local_reverse_dns_map_path": 12, "localhost": 12, "locat": [6, 7, 12], "log": [2, 12], "log_analyt": 12, "log_fil": 12, "logger": 12, "login": 4, "logstash": 4, "long": 3, "longer": [3, 8], "look": [3, 7], "lookup": 0, "loopback": 2, "lot": 7, "lua": 10, "m": [0, 6, 10, 12], "m365": 12, "maco": 6, "magnifi": 7, "mai": [7, 12], "maidir": 12, "mail": [0, 5, 6, 10, 12], "mail_bcc": 0, "mail_cc": 0, "mail_from": 0, "mail_to": 0, "mailbox": [0, 7, 12], "mailbox_connect": 0, "mailboxconnect": 0, "maildir": 12, "maildir_cr": 12, "mailer": 10, "mailrelai": 10, "mailto": 6, "main": 4, "maintain": 5, "make": [0, 3, 4, 8, 9, 12], "malici": [7, 12], "manag": [4, 12], "manual": 12, "map": [0, 12], "market": 7, "match": [0, 4, 11], "max_ag": 10, "max_shards_per_nod": 12, "maximum": 4, "maxmind": [0, 6, 12], "mbox": [0, 12], "mechan": 3, "member": [3, 8], "mention": 7, "menu": [4, 7], "messag": [0, 2, 3, 4, 6, 7, 8, 10, 12], "message_id": 10, "meta": 10, "method": 12, "mfrom": 10, "microsoft": [2, 5, 10, 12], "might": [0, 3, 7, 8], "migrate_index": 0, "mime": 10, "minimum": 4, "minut": [0, 2, 12], "mitig": [3, 8], "mkdir": 6, "mm": 0, "mmdb": [0, 12], "mobil": [3, 8], "mode": [2, 4, 10, 12], "modern": [2, 3, 8], "modifi": [3, 8, 12], "modul": [0, 5, 12], "mon": 10, "monitor": [3, 12], "monthli": [0, 12], "monthly_index": [0, 12], "more": [0, 4, 6, 11, 12], "most": [3, 4, 7, 8, 12], "mous": 7, "move": [0, 4, 12], "msg": [0, 6], "msg_byte": 0, "msg_date": 0, "msg_footer": [3, 8], "msg_header": [3, 8], "msgconvert": [0, 6], "msgraph": 12, "much": 12, "multi": [2, 12], "mung": [3, 8], "must": [2, 3, 8, 12], "mutual": 4, "mv": 4, "mx": 10, "my": 12, "n": [10, 12], "n_proc": 12, "name": [0, 3, 4, 7, 10, 11, 12], "nameserv": [0, 12], "nano": [2, 12], "navig": [3, 6, 8], "ncontent": 10, "ndate": 10, "ndjson": 4, "need": [2, 3, 4, 6, 7, 8, 12], "nelson": [3, 8], "net": [2, 10], "network": [2, 4, 12], "new": [0, 2, 3, 6, 7, 12], "newer": 6, "newest": [2, 12], "newkei": 4, "next": [0, 12], "nfrom": 10, "nmessag": 10, "nmime": 10, "node": 4, "non": [3, 8, 12], "none": [0, 3, 10, 12], "noproxyfor": 2, "norepli": [3, 10], "normal": [10, 12], "nosecureimap": 2, "notabl": 7, "now": [4, 7], "nsubject": 10, "nto": 10, "null": 10, "number": [0, 12], "number_of_replica": [0, 12], "number_of_shard": [0, 12], "nwettbewerb": 10, "nx": 10, "o": [2, 4, 12], "oauth2": 12, "oauth2_port": 12, "object": [0, 4], "observ": 7, "occur": [0, 7], "occurr": 11, "oct": 10, "offic": 2, "office365": 2, "offlin": [0, 12], "often": 7, "ol": [0, 6], "old": 7, "older": [6, 10], "oldest": [2, 12], "onc": 6, "ondmarc": 5, "one": [0, 3, 5, 8, 12], "onli": [2, 3, 6, 7, 8, 12], "onlin": [0, 2, 12], "oor": 0, "open": 3, "opendn": 12, "opensearch": [5, 12], "opensearcherror": 0, "openssl": 4, "opt": [2, 6, 12], "option": [0, 2, 3, 4, 5, 8, 11, 12], "order": 6, "ordereddict": 0, "org": [0, 6, 9, 10], "org_email": 10, "org_extra_contact_info": 10, "org_nam": 10, "organ": [2, 7, 12], "organization_nam": 10, "origin": [3, 8, 12], "original_envelope_id": 10, "original_mail_from": 10, "original_rcpt_to": 10, "other": [0, 3, 4, 7, 8], "our": 7, "out": [3, 4, 7], "outdat": 7, "outgo": [3, 8, 12], "outlook": [0, 2, 6], "output": [0, 5, 12], "output_directori": 0, "outsid": 12, "over": [2, 5, 7], "overrid": [0, 12], "overridden": 6, "overwrit": 4, "owa": 5, "own": [7, 11], "p": [3, 6, 10], "p12": 4, "pack": 4, "packag": [0, 4], "pad": 0, "page": [3, 4, 6, 7, 8], "paginate_messag": 12, "pan": 10, "parallel": 12, "paramet": 0, "parent": 7, "pars": [0, 3, 5, 6, 10, 12], "parse_aggregate_report_fil": 0, "parse_aggregate_report_xml": 0, "parse_email": 0, "parse_forensic_report": 0, "parse_report_email": 0, "parse_report_fil": 0, "parse_smtp_tls_report_json": 0, "parsed_aggregate_reports_to_csv": 0, "parsed_aggregate_reports_to_csv_row": 0, "parsed_forensic_reports_to_csv": 0, "parsed_forensic_reports_to_csv_row": 0, "parsed_sampl": 10, "parsed_smtp_tls_reports_to_csv": 0, "parsed_smtp_tls_reports_to_csv_row": 0, "parsedmarc": [4, 9, 10, 11], "parser": 0, "parsererror": 0, "part": [3, 4, 7, 8], "particular": 7, "particularli": [5, 12], "pass": [3, 7, 10], "passag": 7, "passsword": 12, "password": [0, 4, 6, 12], "past": [4, 11], "patch": 6, "path": [0, 4, 12], "pattern": [5, 7], "payload": [0, 12], "pct": 10, "per": 12, "percentag": 7, "perform": [2, 12], "period": 12, "perl": [0, 6], "permiss": [4, 12], "persist": 12, "peter": 10, "pie": 7, "pin": 5, "pip": 6, "place": [4, 7, 12], "plain": 0, "plaintext": [3, 8], "platform": [3, 8], "pleas": [1, 5, 12], "plu": 7, "polici": [3, 8, 10, 12], "policy_domain": 10, "policy_evalu": 10, "policy_override_com": 10, "policy_override_reason": 10, "policy_publish": 10, "policy_str": 10, "policy_typ": 10, "policyscopegroupid": 12, "poll": [2, 12], "port": [0, 2, 12], "posit": 12, "possibl": 12, "post": [3, 8, 12], "poster": [3, 8], "postoriu": [3, 8], "powershel": 12, "ppa": 6, "pre": [6, 12], "prefer": [2, 6], "prefix": [0, 3, 8, 12], "premad": [5, 11], "prerequisit": 5, "present": 12, "pretti": 12, "previou": [0, 2, 4, 12], "previous": [4, 7], "print": 12, "printabl": 10, "privaci": [3, 6, 7, 8, 12], "process": [0, 2, 5, 6, 12], "produc": 10, "program": 12, "programdata": 6, "project": [0, 2, 3, 5, 11], "prompt": 4, "proofpoint": 5, "properti": 2, "protect": [2, 3, 5, 8, 12], "provid": [4, 7, 12], "prox": 6, "proxi": 2, "proxyhost": 2, "proxypassword": 2, "proxyport": 2, "proxyus": 2, "pry": [2, 12], "public": [0, 3, 10, 12], "public_suffix_list": 0, "publicbaseurl": 4, "publicsuffix": 0, "publish": 3, "put": [4, 12], "python": [0, 5, 6], "python3": 6, "python39": 6, "qo": 4, "quarantin": [3, 8], "queri": [0, 12], "query_dn": 0, "quickstart": 12, "quot": 10, "r": [2, 6, 10, 12], "rais": 0, "ram": 4, "rather": [3, 8], "read": [0, 12], "readabl": 0, "readwrit": 12, "realli": 3, "reason": [0, 2, 4, 12], "receiv": [0, 10, 12], "receiving_ip": 10, "receiving_mx_hostnam": 10, "recipi": 7, "recogn": 7, "recommend": 12, "record": [0, 5, 6, 10], "record_typ": 0, "refer": [4, 5], "regard": 12, "regardless": 10, "region": 12, "region_nam": 12, "regist": 6, "registr": 12, "regul": [4, 6, 9, 12], "regular": [3, 8], "reject": [3, 8], "relai": [3, 8], "relat": 3, "releas": [4, 6], "reli": 7, "reliabl": 12, "reload": [2, 4, 12], "remain": 7, "remot": 2, "remov": [0, 3, 4, 8, 12], "repeat": [3, 8], "replac": [0, 3, 4, 8], "repli": [2, 3, 8], "replica": [0, 12], "reply_goes_to_list": [3, 8], "reply_to": 10, "replyto": [3, 8], "report": [0, 4, 7, 11, 12], "report_id": 10, "report_metadata": 10, "report_typ": 0, "reported_domain": 10, "reports_fold": [0, 12], "repositori": [6, 11], "req": 4, "request": [2, 4, 12], "requir": [0, 2, 3, 4, 6, 8, 12], "require_encrypt": 0, "resid": 12, "resolv": [0, 12], "resourc": [4, 5, 12], "respons": [0, 12], "restart": [2, 3, 4, 8, 12], "restartsec": [2, 12], "restor": 4, "restrict": 12, "restrictaccess": 12, "result": [0, 5, 7, 10, 12], "result_typ": 10, "retain": [3, 8], "retent": 5, "retriev": 2, "return": 0, "revers": [0, 7, 12], "reverse_dn": [0, 10], "reverse_dns_base_domain": 0, "reverse_dns_map": 0, "reverse_dns_map_path": 0, "reverse_dns_map_url": [0, 12], "review": [5, 7], "rewrit": [3, 8], "rfc": [0, 3, 8, 10], "rfc2369": [3, 8], "rfc822": 2, "rhel": [4, 6], "right": [4, 7], "rm": 4, "ro": 0, "rollup": 6, "root": [2, 12], "rpm": 4, "rsa": 4, "rua": [5, 6], "ruf": [5, 6, 7, 12], "rule": [7, 12], "run": [0, 4, 5, 6], "rw": [2, 12], "s3": 12, "safe": 0, "same": [3, 4, 6, 7, 11], "sampl": [0, 5, 12], "sample_headers_onli": 10, "save": [0, 4, 6, 12], "save_aggreg": 12, "save_aggregate_report_to_elasticsearch": 0, "save_aggregate_report_to_opensearch": 0, "save_aggregate_reports_to_splunk": 0, "save_forens": 12, "save_forensic_report_to_elasticsearch": 0, "save_forensic_report_to_opensearch": 0, "save_forensic_reports_to_splunk": 0, "save_output": 0, "save_smtp_tl": 12, "save_smtp_tls_report_to_elasticsearch": 0, "save_smtp_tls_report_to_opensearch": 0, "save_smtp_tls_reports_to_splunk": 0, "schedul": 6, "schema": 10, "scope": [10, 12], "scrub_nondigest": [3, 8], "search": [0, 3, 8, 12], "second": [0, 2, 12], "secret": 12, "secret_access_kei": 12, "section": 12, "secur": [0, 4, 12], "see": [2, 3, 4, 5, 7, 12], "segment": 7, "select": 6, "selector": 10, "self": [4, 5], "send": [0, 2, 3, 4, 5, 7, 8, 11, 12], "sender": [5, 7, 8], "sending_mta_ip": 10, "sensit": 12, "sent": [3, 8, 12], "separ": [3, 4, 6, 7, 9, 11, 12], "server": [0, 2, 3, 4, 6, 7, 10, 12], "server_ip": 4, "servernameon": 10, "servic": [0, 3, 4, 5, 7, 8], "session": 7, "set": [0, 2, 3, 4, 6, 7, 8, 9, 12], "set_host": 0, "setup": [4, 9, 12], "setuptool": 6, "shard": [0, 12], "share": [4, 12], "sharepoint": 10, "should": [3, 6, 7, 8, 12], "shouldn": [3, 8], "show": [2, 7, 12], "shv": 10, "side": 7, "sign": [3, 4, 6], "signatur": [3, 7, 8], "silent": 12, "similar": 7, "simpl": 5, "simplifi": 0, "sinc": [0, 12], "singl": 0, "sister": 3, "size": [2, 4], "skip": 12, "skip_certificate_verif": 12, "slightli": 11, "small": 4, "smtp": [0, 3, 7, 12], "smtp_tl": [0, 12], "smtp_tls_csv_filenam": 0, "smtp_tls_json_filenam": 0, "smtp_tls_url": 12, "so": [3, 6, 7, 8, 12], "socket": 2, "solut": 6, "some": [0, 2, 3, 4, 7, 8], "someon": 4, "sometim": 12, "sort": [7, 12], "sourc": [0, 3, 4, 6, 7, 10], "source_base_domain": 10, "source_countri": 10, "source_ip_address": 10, "source_reverse_dn": 10, "sourceforg": 2, "sp": [3, 10], "spam": 12, "special": 12, "specif": [3, 12], "specifi": [2, 3], "spf": [7, 10], "spf_align": 10, "spf_domain": 10, "spf_result": 10, "spf_scope": 10, "splunk": [5, 12], "splunk_hec": 12, "splunkerror": 0, "splunkhec": 12, "spoof": [3, 8], "ss": 0, "ssl": [0, 2, 4, 12], "ssl_cert_path": 0, "st": [10, 12], "stabl": 4, "stack": 4, "standard": [0, 5, 10], "start": [0, 2, 4, 6, 7, 9, 11, 12], "starttl": 12, "static": 6, "statu": [2, 12], "step": [3, 4, 8], "still": [3, 6, 8, 10, 12], "storag": [0, 12], "store": [2, 4, 9], "str": [0, 12], "stream": 12, "string": 0, "strip": [3, 8, 12], "strip_attachment_payload": [0, 12], "strongli": 12, "structur": 5, "stsv1": 10, "subdomain": [0, 3], "subject": [0, 3, 8, 10, 12], "subject_prefix": [3, 8], "subsidiari": 7, "successful_session_count": 10, "sudo": [2, 4, 6, 12], "suffix": [0, 12], "suggest": 7, "suitabl": 0, "summari": [3, 5, 8], "suppli": [0, 7, 12], "support": [2, 5, 10, 11], "sure": [4, 6], "sw50zxjha3rpdmugv2v0dgjld2vyymvylcocymvyc2ljahq": 10, "switch": 7, "syslog": [2, 12], "system": [2, 3, 4, 6, 8, 12], "systemctl": [2, 4, 12], "systemd": 5, "systemdr": 6, "t": [5, 8, 12], "tab": [3, 4, 8], "tabl": [5, 7], "tag": 6, "target": [2, 12], "task": 6, "tby": 10, "tcp": 12, "tee": 4, "tell": [3, 6, 7, 8], "templat": [3, 8], "temporari": 7, "tenant": 12, "tenant_id": 12, "term": 6, "test": [0, 10, 12], "text": [0, 10], "than": [3, 4, 8, 12], "thank": [5, 10], "thei": [3, 6, 7, 8, 12], "theirs": 3, "them": [0, 4, 7, 12], "therebi": [3, 8], "thi": [2, 3, 4, 5, 6, 7, 8, 10, 12], "those": 6, "thousand": 12, "three": 7, "through": 3, "time": [0, 2, 4, 6, 7, 12], "timeout": [0, 2, 12], "timestamp": 0, "timestamp_to_datetim": 0, "timestamp_to_human": 0, "timezon": 10, "tl": [0, 12], "tld": 3, "to_domain": 10, "to_utc": 0, "token": [0, 4, 12], "token_fil": 12, "tool": [6, 12], "top": [3, 7], "topic": 12, "touch": [3, 8], "tracker": 1, "tradit": [3, 8], "transfer": 10, "transpar": 5, "transport": [4, 12], "trash": 12, "true": [0, 2, 4, 10, 12], "trust": 12, "truststor": 4, "try": 12, "tuesdai": 6, "two": 6, "type": [0, 10, 12], "u": [2, 6, 10, 12], "ubuntu": [4, 6], "udp": 12, "ui": [3, 8], "uncondition": [3, 8], "under": [4, 6, 7], "underneath": 7, "understand": [5, 7], "unencrypt": 12, "unfortun": [3, 8], "unit": [0, 2, 12], "unix": 0, "unknown": 0, "unsubscrib": [3, 8], "until": [0, 12], "unzip": 2, "up": [0, 2, 4, 6, 7, 9, 12], "updat": [0, 4, 6, 12], "upersecur": 12, "upgrad": [2, 5, 6, 12], "upload": 12, "upper": 7, "uri": 6, "url": [0, 2, 12], "us": [0, 3, 4, 5, 8, 10], "usag": 12, "use_ssl": 0, "user": [2, 3, 4, 5, 6, 8, 10, 12], "user_ag": 10, "useradd": [2, 6], "usernam": [0, 12], "usernamepassword": 12, "usesystemproxi": 2, "usr": 4, "utc": 0, "utf": 10, "util": 5, "v": [6, 12], "valid": [0, 7, 10, 12], "valimail": 5, "valu": [0, 3, 4, 7, 8, 12], "var": [3, 8], "variou": 6, "vendor": 3, "venv": [6, 12], "verbos": 12, "veri": [4, 7, 12], "verif": [4, 12], "verifi": 0, "verification_mod": 4, "version": [2, 4, 6, 9, 10, 11, 12], "vew": 2, "via": 2, "view": [7, 12], "vim": 4, "virtualenv": 6, "visual": [4, 9], "volum": 7, "vulner": 3, "w": [0, 12], "w3c": 10, "wa": [3, 4, 6, 8], "wai": [4, 7], "wait": [0, 12], "want": [2, 5, 12], "wantedbi": [2, 12], "warn": 12, "watch": [0, 2, 4, 12], "watch_inbox": 0, "watcher": 12, "web": [2, 4], "webdav": 2, "webhook": 12, "webmail": [3, 7, 8], "week": [0, 12], "weekli": 6, "well": [2, 12], "were": [7, 12], "wettbewerb": 10, "wget": 4, "what": 5, "when": [0, 3, 5, 7, 8, 12], "whenev": [0, 2, 12], "where": [0, 2, 3, 8, 12], "wherea": 7, "wherev": 12, "whether": 0, "which": [2, 4, 7, 12], "while": [7, 12], "who": 7, "why": [3, 7], "wide": [6, 10], "wiki": 10, "window": 6, "without": [3, 4, 7, 8], "won": 5, "work": [2, 3, 5, 6, 7, 8], "workstat": 2, "worst": 3, "would": [3, 5, 6, 8], "wrap": [3, 8], "write": 12, "www": [4, 6, 12], "x": [4, 10], "x509": 4, "xennn": 10, "xml": [0, 11], "xml_schema": 10, "xms4g": 4, "xmx4g": 4, "xpack": 4, "xxxx": 4, "y": [4, 6], "yahoo": 7, "ye": [3, 8], "year": 12, "yet": 3, "yml": 4, "you": [2, 3, 4, 5, 6, 7, 8, 12], "your": [3, 4, 6, 7, 8, 11, 12], "yyyi": 0, "zip": [0, 2, 5, 12], "\u00fcbersicht": 10}, "titles": ["API reference", "Contributing to parsedmarc", "Accessing an inbox using OWA/EWS", "Understanding DMARC", "Elasticsearch and Kibana", "parsedmarc documentation - Open source DMARC report analyzer and visualizer", "Installation", "Using the Kibana dashboards", "What about mailing lists?", "OpenSearch and Grafana", "Sample outputs", "Splunk", "Using parsedmarc"], "titleterms": {"2": [3, 8], "3": [3, 8], "about": [3, 8], "access": 2, "aggreg": 10, "align": 3, "an": 2, "analyz": [5, 6], "api": 0, "best": [3, 8], "bug": 1, "cli": 12, "configur": [2, 12], "content": 5, "contribut": 1, "csv": 10, "dashboard": 7, "davmail": 2, "depend": 6, "dkim": 3, "dmarc": [3, 5, 7], "do": [3, 8], "document": 5, "domain": 3, "elast": 0, "elasticsearch": 4, "ew": 2, "exchang": 6, "featur": 5, "file": 12, "forens": [7, 10], "geoipupd": 6, "grafana": 9, "guid": 3, "help": 12, "inbox": 2, "index": 4, "indic": 0, "instal": [4, 6, 9], "json": 10, "kibana": [4, 7], "list": [3, 8], "listserv": [3, 8], "lookalik": 3, "mail": [3, 8], "mailman": [3, 8], "microsoft": 6, "multipl": 6, "open": 5, "opensearch": [0, 9], "option": 6, "output": 10, "owa": 2, "parsedmarc": [0, 1, 2, 5, 6, 12], "pattern": 4, "practic": [3, 8], "prerequisit": 6, "proxi": 6, "record": [3, 4, 9], "refer": 0, "report": [1, 5, 6, 10], "resourc": 3, "retent": [4, 9], "run": [2, 12], "sampl": [7, 10], "sender": 3, "servic": [2, 12], "setup": 6, "smtp": 10, "sourc": 5, "spf": 3, "splunk": [0, 11], "summari": 7, "support": 3, "systemd": [2, 12], "t": 3, "tabl": 0, "test": 6, "tl": 10, "understand": 3, "upgrad": 4, "us": [2, 6, 7, 12], "util": 0, "valid": 3, "visual": 5, "web": 6, "what": [3, 8], "won": 3, "workaround": [3, 8]}})
\ No newline at end of file
diff --git a/splunk.html b/splunk.html
index f327b86..0188a98 100644
--- a/splunk.html
+++ b/splunk.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Splunk &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Splunk &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
diff --git a/usage.html b/usage.html
index bd9f39e..84a7935 100644
--- a/usage.html
+++ b/usage.html
@@ -6,14 +6,14 @@
   <meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>Using parsedmarc &mdash; parsedmarc 8.15.4 documentation</title>
+  <title>Using parsedmarc &mdash; parsedmarc 8.16.1 documentation</title>
       <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />
       <link rel="stylesheet" type="text/css" href="_static/css/theme.css?v=e59714d7" />
 
   
       <script src="_static/jquery.js?v=5d32c60e"></script>
       <script src="_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
-      <script src="_static/documentation_options.js?v=32d4ebce"></script>
+      <script src="_static/documentation_options.js?v=f8a2ab9b"></script>
       <script src="_static/doctools.js?v=9bcbadda"></script>
       <script src="_static/sphinx_highlight.js?v=dc90522c"></script>
     <script src="_static/js/theme.js"></script>
@@ -254,6 +254,9 @@ before saving. Default <code class="docutils literal notranslate"><span class="p
 <li><p><code class="docutils literal notranslate"><span class="pre">check_timeout</span></code> - int: Number of seconds to wait for a IMAP
 IDLE response or the number of seconds until the next
 mail check (Default: <code class="docutils literal notranslate"><span class="pre">30</span></code>)</p></li>
+<li><p><code class="docutils literal notranslate"><span class="pre">since</span></code> - str: Search for messages since certain time. (Examples: <code class="docutils literal notranslate"><span class="pre">5m|3h|2d|1w</span></code>)
+Acceptable units - {“m”:“minutes”, “h”:“hours”, “d”:“days”, “w”:“weeks”}).
+Defaults to <code class="docutils literal notranslate"><span class="pre">1d</span></code> if incorrect value is provided.</p></li>
 </ul>
 </li>
 <li><p><code class="docutils literal notranslate"><span class="pre">imap</span></code></p>