摘要：Parse, analyze, and visualize DMARC aggregate and forensic reports with this powerful Python CLI tool. Active security community with real discussions about Chronicle UDM output, MTA-STS, and DMARCbis standards.

Email remains one of the most critical attack vectors for organizations worldwide — and DMARC (Domain-based Message Authentication, Reporting & Conformance) is the frontline defense. But parsing the raw XML/JSON reports that mail providers send back? That's a notoriously painful chore. parsedmarc solves exactly that.

parsedmarc is a powerful Python package and CLI tool that automatically parses, analyzes, and visualizes DMARC aggregate and forensic reports. It transforms cryptic XML blobs into actionable intelligence about who's impersonating your domain, which email providers are rejecting your mail, and where your authentication policies are failing.

• Automated DMARC Report Parsing — Supports both aggregate reports (RUA) and failure/forensic reports (RUF) from Gmail, Microsoft, Yahoo, and other major providers. Just point it at your mailbox or IMAP folder and parsedmarc handles the rest.
• Flexible Output Destinations — Send parsed results to Elasticsearch, Splunk, Graphite/Grafana, or any custom destination via a pluggable output architecture. The recent Google SecOps (Chronicle) UDM output module PR brings Chronicle-compatible JSON output, expanding the security ops integration story.
• CLI-First Design — Rich command-line interface with watch mode for continuous monitoring. The dmarc_report, dmarc_aggregate, and dmarc_failure commands make it trivial to process individual reports or batch-process a whole mailbox.

One of the things that sets parsedmarc apart is its active, technically deep GitHub community. Here's a sampling of recent discussions:

36 comments, open

A comprehensive pull request adding Chronicle UDM output. The discussion quickly evolved into documentation review:

@seanthegeek: "@copilot Your example queries in the documentation use splunk SPL. They should use YARA-L"

@Copilot: "Updated the documentation to use YARA-L rules instead of Splunk SPL. The example queries now include proper YARA-L syntax..."

Translation: The maintainer caught that the example SIEM queries should use YARA-L (Chronicle's query language) rather than Splunk SPL — a subtle but important distinction for security ops teams.

39 comments, closed

An early discussion about extending DMARC analysis to cover MTA-STS and TLS-RPT reports (email transport security indicators):

@dragoangel: "all point in self-hosted solutions is that they self-hosted. You not share your personal and company info with 3rd parties when you have possibility host own solution. It will be cool if parsedmarc will have this future 👍"

@seanthegeek: "I just glanced over the RFC. This looks like it would be easy to add. Not sure when I'll get to it though."

Translation: The community pushed for self-hosted email security tooling over third-party SaaS — a core philosophical thread throughout the project.

20 comments, open

A deep technical PR updating the codebase for the IETF DMARCbis drafts — the new standard that renames "forensic reports" to "failure reports" and adds new aggregate report formats:

@seanthegeek: "@copilot fix the ruff check: F401 `parsedmarc.types.ForensicReport` imported but unused; consider removing, adding to `__all__`, or using a redundant alias"

Translation: The maintainer used AI coding tools to drive this large refactor — catching linting issues in real-time during the rename sweep. The discussion also touches on maintaining backwards-compatible Kibana dashboard queries across the rename boundary.

parsedmarc is the go-to open-source tool for organizations serious about email security. With 1,200+ GitHub stars, 90+ open issues, and an active maintainer (seanthegeek) who's clearly engaged with the security community, it's a mature, well-supported project that continues to evolve alongside the DMARC standard itself. Whether you're running a mail admin dashboard, building a security ops pipeline, or just trying to understand who's spoofing your domain — parsedmarc is worth a look.

It's also a good example of how open-source security tooling is increasingly leveraging AI coding assistants (GitHub Copilot, Claude) in real development workflows, as evidenced by the automated code review and documentation generation in recent issues.

@domainaware · github.com/domainaware/parsedmarc · ⭐ 1,234 · MIT License