A Go implementation of the DMARC report parser, based on the original Python parsedmarc project.
The conversion to Go was done with Claude AI, adding significant improvements:
β Core enhancements:
- ClickHouse storage with pre-configured Grafana dashboard
- HTTP reporting method (RUA/RUF with https/http scheme URI)
- Prometheus daemon mode monitoring (IMAP + HTTP)
- Directory-based output mode
β Not converted (due to lack of testing capability):
- Elasticsearch/Opensearch/Splunk storage
- Microsoft Graph and Gmail API support
-
β DMARC Aggregate Reports (RFC 7489)
- Draft and 1.0 standard formats
- Compressed file support (GZIP, ZIP)
- Enhanced error reporting with line numbers
-
β Forensic/Failure Reports (RFC 6591 ARF)
- Plain text format parsing
- π MIME multipart email parsing (LinkedIn, Domain.de, Netease)
- π Base64-encoded attachment support
- Automatic format detection and fallback
-
β SMTP TLS Reports (RFC 8460)
- Direct JSON format parsing
- π MIME email format parsing (Google, other providers)
- π Base64 + GZIP compressed attachment pipeline (
application/tlsrpt+gzip) - Legacy compressed file support (GZIP, ZIP)
- β IP address geolocation (MaxMind database integration)
- β Reverse DNS resolution with caching
- β Base domain extraction and normalization
- β Enhanced error diagnostics with precise line numbers
-
β IMAP Email Processing - Monitor mailboxes for incoming reports
- TLS/SSL connection support
- Automatic email archiving/deletion
- Configurable check intervals
-
β HTTP API Server - Receive reports via HTTP POST/PUT (IETF draft)
- Rate limiting and request validation
- Multiple content-type support (
application/xml,application/json,message/rfc822) - File upload size limits and security
- β JSON and CSV output formats with configurable fields
- β
Multiple output modes:
- File mode: Concatenate all reports in single file
- π Directory mode: Save each report as separate timestamped file
- Stdout: Direct console output for piping
- β ClickHouse database storage with optimized schema
- β Email delivery via SMTP with attachment support
- β Kafka streaming for real-time processing pipelines
- β Built-in Prometheus metrics for observability
- β Health check endpoints for load balancer integration
- β Structured logging with configurable levels (JSON/console)
- β Performance metrics (parsing duration, success/failure rates)
# Download and install
curl -L -o parsedmarc-go https://github.com/ZenProjects/parsedmarc-go/releases/latest/download/parsedmarc-go-linux-amd64
chmod +x parsedmarc-go
# Parse a report
./parsedmarc-go -input report.xml
# Run as daemon
./parsedmarc-go -daemon -config config.yamlFor detailed usage instructions, see the π Documentation below.
The program automatically creates optimized production-ready tables with proper indexing, partitioning, and performance optimizations:
Main aggregate report metadata table
- Report metadata (organization, report ID, date range)
- Policy information (DMARC alignment settings)
- Monthly partitioning by report date
- Bloom filter indexes on org_name and report_id
Individual aggregate report records
- Source IP analysis (IP, country, reverse DNS)
- Authentication results (SPF, DKIM, DMARC alignment)
- Message counts and policy evaluation results
- Monthly partitioning with geolocation indexing
Forensic/failure report details
- Authentication failure analysis
- Source information and sample headers
- Parsed sample message content
- Indexed by arrival date and source IP
SMTP TLS report metadata
- Organization and policy information
- Success/failure session counts
- Policy domain and type information
- Time-based partitioning for performance
Detailed SMTP TLS failure analysis
- Failure types and error codes
- MTA connection details (sending/receiving IPs)
- MX hostname and HELO information
- Normalized for efficient failure pattern analysis
- Time-based partitioning: Monthly partitions for optimal query performance
- Bloom filter indexes: Fast lookups on report IDs and domains
- Optimized data types: Efficient storage with proper nullable fields
- Query-optimized structure: Denormalized where appropriate for analytics
parsedmarc-go features industry-leading email format compatibility, automatically handling complex report formats from major email service providers:
Simple feedback reports embedded directly in email body text
Automatically parsed with full provider compatibility:
| Provider | Format | Encoding | Content-Type |
|---|---|---|---|
multipart/report |
Plain text | message/feedback-report |
|
| Domain.de | multipart/report |
Plain text | message/feedback-report; name=report |
| Netease | multipart/mixed |
Base64 | message/feedback-report; name="ATT00001" |
| Others | Auto-detected | Base64/Plain | Various MIME types |
π Advanced Processing Pipeline:
- Multi-line header parsing - Handles wrapped Content-Type headers
- MIME boundary extraction - Robust parsing of complex boundaries
- Base64 decoding - Automatic detection and decoding
- Content-type detection - Intelligent format recognition
- Fallback mechanisms - Plain text parsing if MIME fails
Standard RFC 8460 JSON reports processed natively
Advanced multi-stage processing pipeline:
| Provider | Format | Pipeline | Content-Type |
|---|---|---|---|
multipart/report |
Base64 β GZIP β JSON | application/tlsrpt+gzip |
|
| Others | Auto-detected | Base64 β Compression β JSON | application/tlsrpt+* |
π Processing Pipeline:
Email Input β MIME Parse β Base64 Decode β GZIP Decompress β JSON Parse β Structured Data
parsedmarc-go implements the following email authentication and reporting standards with industry-leading compatibility:
-
RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Aggregate reports (RUA) with enhanced parsing
- Policy configuration and validation
- π Enhanced error diagnostics with line numbers
-
RFC 6591 - Authentication Failure Reporting Using the Abuse Reporting Format
- Forensic/failure reports (RUF) with MIME support
- π Advanced MIME multipart parsing
- π Base64-encoded attachment support
-
RFC 8460 - SMTP TLS Reporting
- TLS connection and policy reporting with email format support
- π Email-based reports with compression support
- π Complete ClickHouse schema for analytics
- π Complete Documentation - Overview and architecture
- β‘ Installation - Installation and initial setup
- βοΈ Configuration - Detailed configuration options
- π‘ Usage - Usage guide and examples
- ποΈ ClickHouse - ClickHouse configuration and optimization
- π Grafana - Dashboards and visualizations
- π Monitoring - Prometheus metrics and monitoring
- π HTTP API - HTTP endpoints and integrations
- π§ DMARC Mailing Lists - Mailing list configuration
- π DMARC Specification - DMARC standards details
- π€ Contributing - Project contribution guide
- Quick Setup - Get started in 5 minutes
- API Examples - Ready-to-use HTTP integrations
- Grafana Dashboards - Pre-configured visualizations
- Prometheus Metrics - Complete monitoring
π‘ Tip: Start with the complete documentation for an overview, then check the installation guide to get started quickly.
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
- Sean Whalen for the original Python parsedmarc project
- Claude AI for comprehensive Go conversion and advanced feature development
π Issues