DMARC report notifier is a headless periodic handler of DMARC aggregate reports. In contrast to other solutions to DMARC report monitoring that pursue elaborate web dashboards designed to guide an organization through policy rollouts and infrastructure changes, this utility is intended to fill the gap for low-volume senders with already aligned infrastructure that just need to do the minimum due diligence of being alerted to unexpected problems.
Intended to be scheduled as a daily job, this uses parsedmarc to read DMARC reports from a specified IMAP folder and then move them to an archive in the same mailbox. If any reports indicate a problem, a notification is sent via Matrix.
Example notification:
⛔ 1 message blocked
Count Sender SPF DKIM DMARC Reporter 1 IP: 192.0.2.1
rDNS:example.com
Envelope:example.com
Header:example.com⛔ example.com: pass⛔ example.com: pass⛔ Example ✅ 12 messages allowed
Count Sender SPF DKIM DMARC Reporter 6 IP: 192.0.2.2
rDNS:example.com
Envelope:example.com
Header:example.com✅ example.com: pass✅ example.com: pass✅ Example 3 IP: 192.0.2.3
rDNS:example.com
Envelope:example.com
Header:example.com✅ example.com: pass✅ example.com: pass✅ Example 2 IP: 192.0.2.3
rDNS:example.com
Envelope:example.com
Header:example.com✅ example.com: pass✅ example.com: pass✅ Example 1 IP: 192.0.2.4
rDNS:example.com
Envelope:example.com
Header:example.com✅ example.com: pass✅ example.com: pass✅ Example
Configuration:
- Incoming reports:
IMAP_HOST: parsedmarcimap.hostIMAP_USERNAME: parsedmarcimap.userIMAP_PASSWORD: parsedmarcimap.passwordIMAP_FOLDER_PROCESSED: parsedmarcmailbox.reports_folderIMAP_FOLDER_UNPROCESSED: parsedmarcmailbox.archive_folder
- Outgoing notifications:
NOTIFICATION_LEVEL: level of DMARC failure to report (INFO/WARN/ERROR)MATRIX_HOMESERVER_URL: base URL of Matrix client-server APIMATRIX_ACCESS_TOKEN: secret access token of user to send notifications fromMATRIX_ROOM_ID: room ID to send notifications to
- Schedule:
SCHEDULE: Supercronic cron expressionTZ: Supercronic time zone