Parse Dmarc

Parse DMARC is an open-source tool for monitoring and analyzing DMARC reports. It automatically retrieves email reports via IMAP and provides a visual dashboard to help users protect their domains from email spoofing and phishing attacks.

Security Monitoring #Email security #DMARC analysis #Domain monitoring #Open-source tool .Go

rating : 3 points

downloads : 3.5K

update time : 2026-03-13

Open Site

What is Parse DMARC?

Parse DMARC is an open-source tool designed to monitor and analyze DMARC (Domain-based Message Authentication, Reporting & Conformance) reports. After you enable DMARC on your domain, email service providers such as Gmail, Outlook, and Yahoo will regularly send reports in XML format to your specified email. These reports contain information about who is sending emails claiming to be from your domain, which emails have passed verification (SPF/DKIM), and whether there are malicious actors trying to impersonate your domain. Parse DMARC automatically retrieves these reports from your email, parses the complex XML data, and displays all key information in a beautiful dashboard.

How to use Parse DMARC?

Using Parse DMARC is very simple and only requires three steps: 1) Add a DMARC record to your domain's DNS to start receiving reports; 2) Deploy a Parse DMARC instance (supports one-click deployment on Docker and cloud platforms, etc.); 3) Configure IMAP connection information (your email account password), and the system will automatically retrieve and analyze the reports. All data is stored in a local SQLite database without additional dependencies.

Use cases

Parse DMARC is suitable for any individual or organization that owns a domain, especially: Enterprise IT administrators need to monitor the email security of the company's domain; Website owners want to prevent their domains from being used in phishing attacks; Developers need to verify the correct configuration of email services; Security teams need to monitor potential domain abuse. No matter how many emails your domain sends, Parse DMARC can provide valuable insights.

Main features

Automatically retrieve reports

Supports automatically retrieving DMARC report attachments from any IMAP email (such as Gmail, Outlook, etc.) without manually downloading and processing XML files.

Visual dashboard

Provides a beautiful web interface that displays key metrics such as email sending statistics, verification pass rates, and sender source analysis in real-time, and supports dark mode.

DNS record generator

Built-in DMARC, SPF, and DKIM DNS record generation tools to help you quickly and correctly configure email security settings.

Lightweight deployment

A single 14MB Docker image with a built-in SQLite database, eliminating the need to install complex components such as Elasticsearch and Kibana.

Production-level monitoring

Built-in Prometheus metric endpoints, providing a complete Grafana dashboard that supports alerts and performance monitoring.

Multi-platform deployment

Supports multiple deployment methods such as Docker, Kubernetes, Railway, Render, and DigitalOcean, and provides a one-click deployment button.

Advantages

Simple and easy to use: Compared with traditional ParseDMARC (which requires Elasticsearch + Kibana), this tool is ready to use out of the box and has simple configuration.

Low resource consumption: A single lightweight binary file with low memory and storage requirements.

Privacy and security: All data is stored locally and not sent to third-party services.

Real-time monitoring: Automatically retrieves the latest reports regularly to keep the data up-to-date.

Multi-platform support: Provides multiple installation methods such as Docker images, binary packages, and Homebrew packages.

Complete documentation: Detailed deployment guides and troubleshooting instructions.

Limitations

Requires IMAP access permission: You must provide the IMAP credentials of your email.

Depends on DNS configuration: You need to correctly configure the DMARC DNS record to receive reports.

Report delay: Email service providers usually send reports every 24 - 48 hours, not in real-time.

Single-user interface: Currently mainly targets the monitoring needs of a single domain or organization.

How to use

Configure DNS records

Add a DMARC TXT record to your domain's DNS management interface. For example, for yourdomain.com, add the name _dmarc, type TXT, and value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com. This will tell the email service provider to send reports to the specified email.

Deploy Parse DMARC

Choose a deployment method that suits you. The simplest way is to use Docker: Run the Docker container and map the ports. You can also use the one-click deployment button on the cloud platform.

Configure IMAP connection

Set environment variables or configuration files to provide the IMAP connection information of your email. For Gmail, you need to use an app-specific password instead of your regular password.

Access the dashboard

After the deployment is completed, access http://localhost:8080 (or your server address) in your browser. The system will automatically start retrieving and analyzing DMARC reports.

Monitor and analyze

View the statistical data in the dashboard to understand who is sending emails from your domain, the verification pass rate, and adjust your DMARC policy accordingly (gradually change from p=none to p=quarantine or p=reject).

Usage examples

Email security monitoring for small businesses

A small business with the domain company.com uses Google Workspace to send emails and SendGrid for marketing emails. They need to ensure that all emails pass verification correctly and detect whether there is any third-party abuse of their domain.

Developers verify email service configuration

A developer builds an application on app.com that needs to send transactional emails (password resets, notifications, etc.) and uses both Amazon SES and Postmark services. They need to verify whether the SPF and DKIM configurations are correct.

Educational institutions prevent domain spoofing

A university with the domain university.edu has students and faculty using multiple email services. Recently, there have been phishing attacks targeting students, where attackers pretended to be the school's official to send emails.

Frequently Asked Questions

I haven't received any DMARC reports. What should I do?

Does Gmail require any special configuration?

What should the DMARC policy be set to?

What is the difference between Parse DMARC and ParseDMARC?

Where is the data stored? Is it secure?

Does it support monitoring multiple domains?

How to set up automatic report retrieval?

How long is the report data retained?

Related resources

GitHub repository

Source code, issue tracking, and latest version releases

Docker Hub image

Official Docker image with all version tags

DMARC official documentation

Detailed explanation of DMARC standards and technical specifications

Gmail app-specific password guide

How to generate an app-specific password for Gmail

DMARC record generator

An online tool to help generate correct DMARC DNS records

Prometheus monitoring guide

Official documentation of the Prometheus monitoring system

Grafana dashboard import

How to import and use Grafana dashboards

🚀 Parse DMARC

Monitor who's sending email on behalf of your domain. Catch spoofing. Stop phishing.

🚀 Quick Start

Step 1: Set Up DNS to Receive DMARC Reports

This is the most important step! Without this, you won't receive any reports to analyze.

Add a DMARC TXT record to your domain's DNS:

Name: _dmarc.yourdomain.com
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

What this means:

p=none - Monitor only (don't block emails yet)
rua=mailto:dmarc@yourdomain.com - Send aggregate reports to this email address

Important: Replace dmarc@yourdomain.com with an actual email inbox you control. This is where Gmail, Outlook, Yahoo, etc. will send your DMARC reports.

DNS Examples:

Cloudflare: DNS > Add record > Type: TXT, Name: _dmarc, Content: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Google Domains: DNS > Custom records > TXT, Name: _dmarc, Data: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
AWS Route53: Create record > Type: TXT, Name: _dmarc.yourdomain.com, Value: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

Reports typically start arriving within 24 - 48 hours.

Step 2: Run Parse DMARC with Docker

Run the container:

docker run -d \
  --name parse-dmarc \
  -p 8080:8080 \
  -e IMAP_HOST=imap.gmail.com \
  -e IMAP_PORT=993 \
  -e IMAP_USERNAME=your-email@gmail.com \
  -e IMAP_PASSWORD=your-app-password \
  -v parse-dmarc:/data \
  meysam81/parse-dmarc

For Gmail users: You'll need an App Password, not your regular Gmail password.

Access the dashboard: Open http://localhost:8080 in your browser.

✨ Features

📧 Auto-fetches reports from any IMAP inbox (Gmail, Outlook, etc.)
📊 Beautiful dashboard with real-time statistics
🔍 See exactly who's sending email as your domain
🔧 Built-in DNS record generator for easy DMARC setup
📦 Single binary - no databases to install, no complex setup
🚀 Tiny 14MB Docker image
🔒 Secure TLS support
🌙 Dark mode support

📦 Installation

Homebrew (macOS/Linux)

brew tap meysam81/tap
brew install parse-dmarc

Docker

docker pull meysam81/parse-dmarc

Binary Downloads

Download pre-built binaries from the Releases page.

💻 Usage Examples

Basic Usage

Once DMARC reports start arriving and Parse DMARC processes them, your dashboard will show:

Total messages analyzed across all reports
DMARC compliance rate (SPF/DKIM pass rates)
Top sending sources (IP addresses and organizations sending as your domain)
Authentication results (which emails passed/failed SPF and DKIM)
Policy actions (how receiving servers handled your email)

This helps you:

Verify your legitimate email services are properly configured
Detect unauthorized use of your domain
Gradually move from monitoring (p=none) to enforcement (p=quarantine or p=reject)

📚 Documentation

Configuration Options

IMAP Settings for Common Providers

Gmail:

{
  "host": "imap.gmail.com",
  "port": 993,
  "username": "your-email@gmail.com",
  "password": "your-app-password",
  "use_tls": true
}

Requires App Password

Outlook/Office 365:

{
  "host": "outlook.office365.com",
  "port": 993,
  "username": "your-email@outlook.com",
  "password": "your-password",
  "use_tls": true
}

Generic IMAP: Most providers use port 993 with TLS. Check your provider's documentation.

Command Line Options

# Fetch once and exit (useful for cron jobs)
docker exec parse-dmarc ./parse-dmarc -fetch-once

# Serve dashboard only (no fetching)
docker exec parse-dmarc ./parse-dmarc -serve-only

# Custom fetch interval (in seconds, default 300)
docker exec parse-dmarc ./parse-dmarc -fetch-interval=600

Frequently Asked Questions

Q: I'm not receiving any reports. What's wrong? A: Check these things in order:

Did you add the _dmarc TXT record to your DNS? (Use a DNS checker like dig _dmarc.yourdomain.com TXT)
Wait 24 - 48 hours - reports aren't instant
Is your domain sending/receiving email? No email = no reports
Check your IMAP credentials are correct in config.json

Q: Do I need SPF and DKIM set up first? A: No! DMARC reports will show you whether SPF and DKIM are passing or failing, which helps you configure them correctly.

Q: What should my DMARC policy be? A: Start with p=none (monitoring only). After reviewing reports and fixing any issues, gradually move to p=quarantine and then p=reject.

Q: How much email traffic do I need? A: Any amount works. Even small domains with a few emails per day will receive useful reports.

Q: Can I use a Gmail account to receive reports? A: Yes! Create a dedicated Gmail like dmarc@yourdomain.com, forward it to your personal Gmail if needed, and use Gmail's IMAP settings.

Advanced

Building from Source

git clone https://github.com/meysam81/parse-dmarc.git
cd parse-dmarc
just install-deps
just build
./bin/parse-dmarc -config=config.json

Docker Compose

See for Docker Compose configuration.

API Endpoints

GET /api/statistics - Dashboard statistics
GET /api/reports - List of reports (paginated)
GET /api/reports/:id - Detailed report view
GET /api/top-sources - Top sending source IPs
GET /metrics - Prometheus metrics endpoint

Prometheus Metrics & Grafana Integration

Parse DMARC includes production-ready Prometheus metrics for monitoring and alerting. Metrics are enabled by default and exposed at /metrics.

Available Metrics

Build Information

Property	Details
`parse_dmarc_build_info`	Build information (version, commit, build_date)

Report Processing

Property	Details
`parse_dmarc_reports_fetched_total`	Total DMARC report emails fetched from IMAP
`parse_dmarc_reports_parsed_total`	Total DMARC reports successfully parsed
`parse_dmarc_reports_stored_total`	Total DMARC reports stored in database
`parse_dmarc_reports_parse_errors_total`	Total parse errors
`parse_dmarc_reports_store_errors_total`	Total storage errors
`parse_dmarc_reports_attachments_total`	Total attachments processed
`parse_dmarc_reports_fetch_duration_seconds`	Duration of fetch operations
`parse_dmarc_reports_last_fetch_timestamp_seconds`	Unix timestamp of last successful fetch
`parse_dmarc_reports_fetch_cycles_total`	Total fetch cycles executed
`parse_dmarc_reports_fetch_errors_total`	Total fetch cycle errors

IMAP Connection

Property	Details	Labels
`parse_dmarc_imap_connections_total`	IMAP connection attempts (success/error)	status
`parse_dmarc_imap_connection_duration_seconds`	IMAP connection establishment duration

DMARC Statistics

Property	Details
`parse_dmarc_dmarc_reports_total`	Total reports in database
`parse_dmarc_dmarc_messages_total`	Total messages across all reports
`parse_dmarc_dmarc_compliant_messages_total`	Total DMARC-compliant messages
`parse_dmarc_dmarc_compliance_rate`	Overall compliance rate (0 - 100)
`parse_dmarc_dmarc_unique_source_ips`	Number of unique source IPs
`parse_dmarc_dmarc_unique_domains`	Number of unique domains

Per-Domain/Org Metrics

Property	Details	Labels
`parse_dmarc_dmarc_messages_by_domain`	Messages per domain	domain
`parse_dmarc_dmarc_compliance_rate_by_domain`	Compliance rate per domain	domain
`parse_dmarc_dmarc_reports_by_org`	Reports per organization	org_name
`parse_dmarc_dmarc_messages_by_disposition`	Messages by disposition type	disposition

Authentication Results

Property	Details	Labels
`parse_dmarc_dmarc_spf_results`	SPF authentication result counts	result
`parse_dmarc_dmarc_dkim_results`	DKIM authentication result counts	result

HTTP Server

Property	Details	Labels
`parse_dmarc_http_requests_total`	Total HTTP requests	method, path, status
`parse_dmarc_http_request_duration_seconds`	HTTP request duration	method, path
`parse_dmarc_http_requests_in_flight`	Current in-flight requests

Go Runtime (Built-in)

Standard Go runtime metrics are also exposed:

go_goroutines - Number of goroutines
go_memstats_* - Memory statistics
go_gc_* - Garbage collection metrics
process_* - Process metrics (CPU, memory, file descriptors)

Disabling Metrics

To disable the metrics endpoint:

# Command line
./parse-dmarc --metrics=false

# Environment variable
export PARSE_DMARC_METRICS=false

# Docker
docker run -e PARSE_DMARC_METRICS=false meysam81/parse-dmarc

Prometheus Configuration

Add Parse DMARC to your prometheus.yml:

scrape_configs:
  - job_name: "parse-dmarc"
    static_configs:
      - targets: ["parse-dmarc:8080"]
    scrape_interval: 30s
    metrics_path: /metrics

For Kubernetes with ServiceMonitor (Prometheus Operator):

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: parse-dmarc
  labels:
    app: parse-dmarc
spec:
  selector:
    matchLabels:
      app: parse-dmarc
  endpoints:
    - port: http
      path: /metrics
      interval: 30s

Grafana Dashboard

A production-ready Grafana dashboard is included in grafana/dashboard.json.

Import Manually

In Grafana, go to Dashboards > Import
Upload grafana/dashboard.json or paste its contents
Select your Prometheus datasource
Click Import

Provision Automatically (Recommended for Production)

# Copy dashboard to Grafana dashboards directory
cp grafana/dashboard.json /var/lib/grafana/dashboards/parse-dmarc/

# Copy provisioning config
cp grafana/provisioning.yaml /etc/grafana/provisioning/dashboards/parse-dmarc.yaml

# Restart Grafana or wait for it to pick up changes
systemctl restart grafana-server

Dashboard Variables

Variable	Purpose
`datasource`	Prometheus datasource to query
`job`	Filter by Prometheus job label
`instance`	Filter by instance(s)
`domain`	Filter by monitored domain(s)

Dashboard Sections

Section	What It Shows
Overview - Golden Signals	Compliance rate, total messages, reports count, time since last fetch
DMARC Authentication Results	SPF/DKIM pass rates, disposition breakdown, per-domain compliance
Report Sources & Organizations	Top reporting organizations (Google, Microsoft, etc.), messages by domain
IMAP & Fetch Operations	Connection health, fetch cycle monitoring, latency heatmaps
Error Tracking	Parse errors, storage errors, fetch failures
HTTP Server	Request rates, latency percentiles, error rates
Go Runtime	Goroutines, memory usage, GC stats, CPU usage

Example Grafana Panels

Compliance Rate Gauge:

parse_dmarc_dmarc_compliance_rate

Messages Over Time:

rate(parse_dmarc_dmarc_messages_total[5m])

Compliance Rate by Domain:

parse_dmarc_dmarc_compliance_rate_by_domain

SPF/DKIM Pass Rate:

# SPF Pass Rate
parse_dmarc_dmarc_spf_results{result="pass"} / ignoring(result) sum(parse_dmarc_dmarc_spf_results) * 100

# DKIM Pass Rate
parse_dmarc_dmarc_dkim_results{result="pass"} / ignoring(result) sum(parse_dmarc_dmarc_dkim_results) * 100

Fetch Success Rate:

1 - (rate(parse_dmarc_reports_fetch_errors_total[1h]) / rate(parse_dmarc_reports_fetch_cycles_total[1h]))

IMAP Connection Health:

rate(parse_dmarc_imap_connections_total{status="success"}[5m]) /
(rate(parse_dmarc_imap_connections_total{status="success"}[5m]) + rate(parse_dmarc_imap_connections_total{status="error"}[5m]))

HTTP Request Latency (p95):

histogram_quantile(0.95, rate(parse_dmarc_http_request_duration_seconds_bucket[5m]))

Reports by Organization:

topk(10, parse_dmarc_dmarc_reports_by_org)

Alerting Rules

Example Prometheus alerting rules:

groups:
  - name: parse-dmarc
    rules:
      - alert: DMARCComplianceLow
        expr: parse_dmarc_dmarc_compliance_rate < 90
        for: 1h
        labels:
          severity: warning
        annotations:
          summary: "DMARC compliance rate is below 90%"
          description: "Current compliance rate: {{ $value }}%"

      - alert: DMARCFetchFailures
        expr: rate(parse_dmarc_reports_fetch_errors_total[15m]) > 0
        for: 30m
        labels:
          severity: critical
        annotations:
          summary: "Parse DMARC fetch failures detected"
          description: "IMAP fetch operations are failing"

      - alert: IMAPConnectionErrors
        expr: rate(parse_dmarc_imap_connections_total{status="error"}[5m]) > 0
        for: 10m
        labels:
          severity: warning
        annotations:
          summary: "IMAP connection errors detected"
          description: "Check IMAP credentials and server connectivity"

      - alert: NoRecentFetch
        expr: time() - parse_dmarc_reports_last_fetch_timestamp_seconds > 600
        for: 5m
        labels:
          severity: warning
        annotations:
          summary: "No recent DMARC report fetch"
          description: "Last fetch was {{ humanizeDuration $value }} ago"

Docker Compose with Prometheus & Grafana

Complete monitoring stack:

version: "3.8"

services:
  parse-dmarc:
    image: meysam81/parse-dmarc
    ports:
      - "8080:8080"
    volumes:
      - ./config.json:/app/config.json
      - ./data:/data

  prometheus:
    image: prom/prometheus
    ports:
      - "9090:9090"
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
    command:
      - "--config.file=/etc/prometheus/prometheus.yml"

  grafana:
    image: grafana/grafana
    ports:
      - "3000:3000"
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin
    volumes:
      - grafana-data:/var/lib/grafana

volumes:
  grafana-data:

With prometheus.yml:

global:
  scrape_interval: 15s

scrape_configs:
  - job_name: "parse-dmarc"
    static_configs:
      - targets: ["parse-dmarc:8080"]

Access:

Parse DMARC Dashboard: http://localhost:8080
Prometheus: http://localhost:9090
Grafana: http://localhost:3000 (admin/admin)

Why Parse DMARC vs ParseDMARC?

This project is inspired by ParseDMARC but built for simplicity:

Single 14MB binary vs Python + Elasticsearch + Kibana stack
Built-in dashboard vs external visualization tools
SQLite vs Elasticsearch (no JVM required)
Zero dependencies vs complex setup

📄 License

Apache-2.0 - see LICENSE for details.

Found this useful? Star the repo! ⭐

Notion Api MCP

Certified

A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.

The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.

Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.

TypeScript

34.6K

5 points

Duckduckgo MCP Server

Certified

The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.

Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.

UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.

31.5K

5 points

Gmail MCP Server

A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.

Context7 MCP is a service that provides real-time, version-specific documentation and code examples for AI programming assistants. It is directly integrated into prompts through the Model Context Protocol to solve the problem of LLMs using outdated information.

TypeScript

97.5K

4.7 points

Zhiqi Future, Your AI Solution Think Tank

English 简体中文繁體中文にほんご

Parse Dmarc

Overview

Content Details

Alternatives

What is Parse DMARC?

How to use Parse DMARC?

Use cases

Main features

How to use

Usage examples

Frequently Asked Questions

Related resources

Installation

🚀 Parse DMARC

🚀 Quick Start

Step 1: Set Up DNS to Receive DMARC Reports

Step 2: Run Parse DMARC with Docker

✨ Features

📦 Installation

Homebrew (macOS/Linux)

Docker

Binary Downloads

💻 Usage Examples

Basic Usage

📚 Documentation

Configuration Options

IMAP Settings for Common Providers

Command Line Options

Frequently Asked Questions

Advanced

Building from Source

Docker Compose

API Endpoints

Prometheus Metrics & Grafana Integration

Available Metrics

Build Information

Report Processing

IMAP Connection

DMARC Statistics

Per-Domain/Org Metrics

Authentication Results

HTTP Server

Go Runtime (Built-in)

Disabling Metrics

Prometheus Configuration

Grafana Dashboard

Import Manually

Provision Automatically (Recommended for Production)

Dashboard Variables

Dashboard Sections

Example Grafana Panels

Alerting Rules

Docker Compose with Prometheus & Grafana

Why Parse DMARC vs ParseDMARC?

📄 License

Alternatives