amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-05-21 03:15:24 +00:00
Code Issues Projects Releases Wiki Activity
1,494 Commits 5 Branches 47 Tags
7ba078bff166d62c90d7dafa9e0bf2466b660203
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sean Whalen 7ba078bff1 Translate AS-name source rows via MMDB; classify reverse DNS batch (#745) 
* feat(maps): translate AS-name source rows via MMDB

When parsedmarc's ASN-fallback path in utils.get_ip_address_info surfaces
a raw MMDB as_name (e.g. "Vodafone Group PLC") for an IP that has no PTR
and whose as_domain isn't in the map, find_unknown_base_reverse_dns.py
now looks the as_name up in the bundled ipinfo_lite.mmdb and substitutes
the matching as_domain so the row enters the unknown pipeline as a
researchable domain instead of being dropped or polluting the list.

Normalize non-breaking spaces (U+00A0) and runs of whitespace when
building and querying the as_name index — the source CSV and MMDB
disagree on NBSP placement for several names (e.g. "UDomain\xa0Web
Hosting Company Ltd" in the CSV vs. "UDomain Web Hosting Company Ltd"
in the MMDB), causing exact-match lookups to miss otherwise-identical
entries.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore(maps): classify a batch of unknown reverse DNS base domains

40 map additions (35 source domains + 5 redirect-target/promotion
aliases) and 35 known-unknown additions, covering the 71-entry
unknown_base_reverse_dns.csv refresh.

Newly mapped operators include several MMDB-AS-translated regional
ISPs (Babilon-T/TJ, MegaFon Tajikistan, Ucell, Ufone, PinPro, Teraline
Telecom, Transtelecom Kazakhstan, Satis, AlmaTV, Radius-NET, Burlington
Telecom), aliases of existing brands (Telstra/bigpond.net.au,
UDomain/udomain.hk, AG Telekom/katv1.net, EWE/ewe-ip-backbone.de,
Hostinger/hstgr.cloud, Docusign/docusign.net, Brevo/sp2-brevo.net,
MegaFon/megafon.tj, Beeline/beeline.uz), Tier-0 brands (Visa, Tripster,
Verde Agritech), one healthcare entry (Sanwakai Hospital), one
government entry (Special Communication Service of Azerbaijan), one
education entry (KazRENA), and an MSP (Otava). Redirect-target aliases
added for burlingtontelecom.com, alma.plus, cn.at, and
teraline-telecom.net per the post-batch sweep rule. fea.net promoted
out of known-unknown to West Coast Internet (WCI) after its homepage
redirect-target was already mapped.

Domains with single-source corroboration (privacy WHOIS plus
unreachable site, parked-domain pages, ambiguous categorizations) went
to known_unknown_base_reverse_dns.txt rather than the map.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Sean Whalen <seanthegeek@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 13:17:43 -04:00
.claude
SIGHUP-based configuration reload for watch mode (#697)
2026-03-21 16:14:48 -04:00
.github
Align Kibana dashboards with OpenSearch Dashboards source-of-truth (#737)
2026-04-27 01:30:48 -04:00
.vscode
Update dashboard documentation
2026-05-03 12:36:06 -04:00
dashboards
Fix splunk SMTP TLS dashboard: add additional renames for failure details and adjust stats query
2026-05-03 19:58:29 -04:00
docs
docs: update installation instructions for IPinfo Lite and MaxMind GeoLite2 databases
2026-05-04 18:52:18 -04:00
parsedmarc
Translate AS-name source rows via MMDB; classify reverse DNS batch (#745)
2026-05-05 13:17:43 -04:00
samples
Add example google SMTP-TLS report email
2024-09-04 20:03:51 -04:00
.dockerignore
Add Dockerfile & build/push task (#316)
2022-05-05 21:06:38 -04:00
.gitattributes
Add additional samples and ensure git does not touch CRLF (#456)
2024-01-02 16:29:06 -05:00
.gitignore
9.7.0 (#709)
2026-04-19 21:20:41 -04:00
AGENTS.md
Translate AS-name source rows via MMDB; classify reverse DNS batch (#745)
2026-05-05 13:17:43 -04:00
build.sh
Format on build
2025-12-12 15:56:52 -05:00
CHANGELOG.md
Bump mailsuite to >=2.0.2 for 9.11.1 release (#743)
2026-04-30 11:59:11 -04:00
ci.ini
Skip DNS lookups in GitHub Actions to prevent test timeouts (#657)
2026-02-18 18:19:28 -05:00
CLAUDE.md
Add AGENTS.md for AI agent guidance and link from CLAUDE.md
2026-03-03 21:00:55 -05:00
codecov.yml
Tune Codecov statuses for small PRs (#678)
2026-03-09 17:43:34 -04:00
CONTRIBUTING.md
Add contributing guide (#685)
2026-03-09 18:16:47 -04:00
dashboard-dev-bootstrap.sh
Align Kibana dashboards with OpenSearch Dashboards source-of-truth (#737)
2026-04-27 01:30:48 -04:00
docker-compose.dashboard-dev.yml
9.4.0
2026-03-23 17:08:26 -04:00
docker-compose.yml
Update OpenSearch healthcheck to use HTTPS and include authentication
2026-03-16 17:53:37 -04:00
Dockerfile
Updated default python docker base image to 3.13-slim (#618)
2025-10-29 22:34:06 -04:00
LICENSE
First commit
2018-02-05 20:23:07 -05:00
publish-docs.sh
Add publish-docs.sh
2022-10-04 18:45:57 -04:00
pyproject.toml
Bump mailsuite to >=2.0.2 for 9.11.1 release (#743)
2026-04-30 11:59:11 -04:00
README.md
Update sponsorship section in README and documentation
2026-04-04 22:14:38 -04:00
SECURITY.md
Add security policy (#688)
2026-03-09 18:24:16 -04:00
tests.py
Offload mailbox layer to mailsuite>=2.0.0 (#741)
2026-04-28 00:58:36 -04:00

README.md

parsedmarc

Build Status Code Coverage PyPI Package PyPI - Downloads

A screenshot of DMARC summary charts in Kibana

parsedmarc is a Python module and CLI utility for parsing DMARC reports. When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted open-source alternative to commercial DMARC report processing services such as Agari Brand Protection, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense, and Valimail.

Note

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol.

Sponsors

This is a project is maintained by one developer. Please consider sponsoring my work if you or your organization benefit from it.

Features

  • Parses draft and 1.0 standard aggregate/rua DMARC reports
  • Parses forensic/failure/ruf DMARC reports
  • Parses reports from SMTP TLS Reporting
  • Can parse reports from an inbox over IMAP, Microsoft Graph, or Gmail API
  • Transparently handles gzip or zip compressed reports
  • Consistent data structures
  • Simple JSON and/or CSV output
  • Optionally email the results
  • Optionally send the results to Elasticsearch, Opensearch, and/or Splunk, for use with premade dashboards
  • Optionally send reports to Apache Kafka

Python Compatibility

This project supports the following Python versions, which are either actively maintained or are the default versions for RHEL or Debian.

Version Supported Reason
< 3.6 End of Life (EOL)
3.6 Used in RHEL 8, but not supported by project dependencies
3.7 End of Life (EOL)
3.8 End of Life (EOL)
3.9 Used in Debian 11 and RHEL 9, but not supported by project dependencies
3.10 Actively maintained
3.11 Actively maintained; supported until June 2028 (Debian 12)
3.12 Actively maintained; supported until May 2035 (RHEL 10)
3.13 Actively maintained; supported until June 2030 (Debian 13)
3.14 Supported (requires imapclient>=3.1.0)
Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme Apache-2.0 160 MiB
Languages
Python 98.7%
Shell 1.3%