amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-05-01 01:39:29 +00:00
Code Issues Projects Releases Wiki Activity
1,453 Commits 26 Branches 46 Tags
9.10.1
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Sean Whalen f0781c6191 IPinfo API: keep only documented behavior (#721) 
* Strip invented IPinfo API behavior; keep documented-only

The IPinfo Lite API docs (https://ipinfo.io/developers/lite-api) state:
"The API has no daily or monthly limit and provides unlimited access."
Auth is documented as a ?token= query param only. The /me shown in the
docs returns geolocation for the caller's IP — it is not a documented
account/quota endpoint for Lite.

Removed everything that was speculating beyond the docs:

- The /me probe that pretended to return plan/limit/remaining fields.
- 429 rate-limit handling, 402 quota-exhausted handling, Retry-After
  parsing, cooldown state, and the rate-limit warning / recovery-info
  logging around them.
- The Authorization: Bearer header (not documented for Lite).

Kept:

- Lookups against the documented /lite/<ip>?token=<token> endpoint.
- 401/403 treated as a fatal invalid-token (reasonable defensive check).
- Network-error and non-2xx fallback to the bundled/cached MMDB.
- A simple startup probe that validates the token with a single lookup
  and logs "IPinfo API configured" at info level.

Test consolidated to cover only documented paths: success, 401 fatal,
non-2xx fallback, and that auth goes in ?token= (not Authorization).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* AGENTS.md: warn against speculating past external-service docs

New subsection under Configuration spelling out that third-party API
integrations must start with a direct WebFetch of the canonical docs
page, not a subagent query. Calls out the two traps that produced the
IPinfo speculation: (1) asking subagents question shapes that
presuppose the answer exists, and (2) treating feature asks as "build
this" without first checking "does this apply to this service?".

Uses the now-reverted IPinfo speculation as the cautionary tale so the
next session has a concrete example to recognize the shape of the
mistake.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Bump to 9.10.1; put removal under a new CHANGELOG section

Restored the 9.10.0 entry to its as-shipped wording and moved the
speculation-removal note into its own 9.10.1 Fixed section.
Editing the 9.10.0 entry would have misrepresented what was
actually released — the shipped tag does contain the /me probe,
429/402 cooldown, Retry-After parsing, and Bearer auth, and the
changelog should say so.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Sean Whalen <seanthegeek@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 11:51:44 -04:00
.claude
SIGHUP-based configuration reload for watch mode (#697)
2026-03-21 16:14:48 -04:00
.github
Add weekly workflow to refresh the bundled IPinfo Lite MMDB (#718)
2026-04-23 10:25:03 -04:00
.vscode
9.7.0 (#709)
2026-04-19 21:20:41 -04:00
docs
Rename asn_name/asn_domain to as_name/as_domain (#719)
2026-04-23 10:38:04 -04:00
grafana
Add files via upload (#578)
2024-12-25 16:09:43 -05:00
kibana
Fixed a typo in policies.successful_session_count (#654)
2026-02-09 13:57:11 -05:00
opensearch
Fix colors in the OpenSearch Message disposition over time visualization
2026-04-05 21:01:16 -04:00
parsedmarc
IPinfo API: keep only documented behavior (#721)
2026-04-23 11:51:44 -04:00
samples
Add example google SMTP-TLS report email
2024-09-04 20:03:51 -04:00
splunk
Remove extra spaces
2025-06-10 19:05:06 -04:00
.dockerignore
Add Dockerfile & build/push task (#316)
2022-05-05 21:06:38 -04:00
.gitattributes
Add additional samples and ensure git does not touch CRLF (#456)
2024-01-02 16:29:06 -05:00
.gitignore
9.7.0 (#709)
2026-04-19 21:20:41 -04:00
AGENTS.md
IPinfo API: keep only documented behavior (#721)
2026-04-23 11:51:44 -04:00
build.sh
Format on build
2025-12-12 15:56:52 -05:00
CHANGELOG.md
IPinfo API: keep only documented behavior (#721)
2026-04-23 11:51:44 -04:00
ci.ini
Skip DNS lookups in GitHub Actions to prevent test timeouts (#657)
2026-02-18 18:19:28 -05:00
CLAUDE.md
Add AGENTS.md for AI agent guidance and link from CLAUDE.md
2026-03-03 21:00:55 -05:00
codecov.yml
Tune Codecov statuses for small PRs (#678)
2026-03-09 17:43:34 -04:00
CONTRIBUTING.md
Add contributing guide (#685)
2026-03-09 18:16:47 -04:00
docker-compose.dashboard-dev.yml
9.4.0
2026-03-23 17:08:26 -04:00
docker-compose.yml
Update OpenSearch healthcheck to use HTTPS and include authentication
2026-03-16 17:53:37 -04:00
Dockerfile
Updated default python docker base image to 3.13-slim (#618)
2025-10-29 22:34:06 -04:00
LICENSE
First commit
2018-02-05 20:23:07 -05:00
publish-docs.sh
Add publish-docs.sh
2022-10-04 18:45:57 -04:00
pyproject.toml
Replace DB-IP Country Lite with IPinfo Lite (9.8.0) (#711)
2026-04-23 00:31:54 -04:00
README.md
Update sponsorship section in README and documentation
2026-04-04 22:14:38 -04:00
SECURITY.md
Add security policy (#688)
2026-03-09 18:24:16 -04:00
tests.py
IPinfo API: keep only documented behavior (#721)
2026-04-23 11:51:44 -04:00

README.md

parsedmarc

Build Status Code Coverage PyPI Package PyPI - Downloads

A screenshot of DMARC summary charts in Kibana

parsedmarc is a Python module and CLI utility for parsing DMARC reports. When used with Elasticsearch and Kibana (or Splunk), it works as a self-hosted open-source alternative to commercial DMARC report processing services such as Agari Brand Protection, Dmarcian, OnDMARC, ProofPoint Email Fraud Defense, and Valimail.

Note

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol.

Sponsors

This is a project is maintained by one developer. Please consider sponsoring my work if you or your organization benefit from it.

Features

  • Parses draft and 1.0 standard aggregate/rua DMARC reports
  • Parses forensic/failure/ruf DMARC reports
  • Parses reports from SMTP TLS Reporting
  • Can parse reports from an inbox over IMAP, Microsoft Graph, or Gmail API
  • Transparently handles gzip or zip compressed reports
  • Consistent data structures
  • Simple JSON and/or CSV output
  • Optionally email the results
  • Optionally send the results to Elasticsearch, Opensearch, and/or Splunk, for use with premade dashboards
  • Optionally send reports to Apache Kafka

Python Compatibility

This project supports the following Python versions, which are either actively maintained or are the default versions for RHEL or Debian.

Version Supported Reason
< 3.6 End of Life (EOL)
3.6 Used in RHEL 8, but not supported by project dependencies
3.7 End of Life (EOL)
3.8 End of Life (EOL)
3.9 Used in Debian 11 and RHEL 9, but not supported by project dependencies
3.10 Actively maintained
3.11 Actively maintained; supported until June 2028 (Debian 12)
3.12 Actively maintained; supported until May 2035 (RHEL 10)
3.13 Actively maintained; supported until June 2030 (Debian 13)
3.14 Supported (requires imapclient>=3.1.0)
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme Apache-2.0 102 MiB
Languages
Python 96.7%
Shell 3.2%
Dockerfile 0.1%