MCPcopy Index your code
hub / github.com/dmarcguardhq/dmarcguard

github.com/dmarcguardhq/dmarcguard @v1.5.4

Chat with this repo
repository ↗ · DeepWiki ↗ · release v1.5.4 ↗ · + Follow
179 symbols 416 edges 28 files 139 documented · 78%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Parse DMARC

CI License GitHub release GitHub Stars GitHub Issues Go Report Card

Made with Go Made with Vue.js Docker Hub Docker Pulls Docker Image Size (tag)

Conventional Commits Renovate

Monitor who's sending email on behalf of your domain. Catch spoofing. Stop phishing.

Parse DMARC

Deploy Your Own Instance

Deploy Parse DMARC to your favorite cloud provider with one click:

Platform as a Service (PaaS)

Provider Deploy Notes
Railway Deploy on Railway Recommended for beginners
Render Deploy to Render Free tier available
Koyeb [Deploy to Koyeb][koyeb-1click] Global edge deployment. Manually mount /data as volume.
Zeabur Deploy on Zeabur Asia-Pacific optimized
Northflank Deploy to Northflank Developer-focused

Self-Hosted

Provider Deploy Notes
CapRover Deploy to CapRover Self-hosted PaaS
Coolify Deploy to Coolify Open-source Heroku alternative
Dokploy Deploy to Dokploy Self-hosted deployment platform
Docker Docker Run anywhere

Infrastructure

Provider Deploy Notes
DigitalOcean Droplet Deploy to DigitalOcean VM with Packer image

Note: All deployments require IMAP credentials. See Configuration for details on setting up Gmail, Outlook, or other email providers.

Why Do I Need This?

DMARC (Domain-based Message Authentication, Reporting & Conformance) helps protect your domain from email spoofing and phishing. When you enable DMARC on your domain, email providers like Gmail, Outlook, and Yahoo send you aggregate reports showing:

  • Who's sending email claiming to be from your domain
  • Which emails passed or failed authentication (SPF/DKIM)
  • How many emails were sent, and from which IP addresses
  • Whether malicious actors are trying to impersonate your domain

The Problem: These reports arrive as compressed XML attachments in your inbox - nearly impossible to read or analyze manually.

The Solution: Parse DMARC automatically fetches these reports from your inbox, parses them, and displays everything in a beautiful dashboard. All in a single 14MB Docker image.

Features

  • 📧 Auto-fetches reports from any IMAP inbox (Gmail, Outlook, etc.)
  • 📊 Beautiful dashboard with real-time statistics
  • 🔍 See exactly who's sending email as your domain
  • 🔧 Built-in DNS record generator for easy DMARC setup
  • 📦 Single binary - no databases to install, no complex setup
  • 🚀 Tiny 14MB Docker image
  • 🔒 Secure TLS support
  • 🌙 Dark mode support

Installation

Homebrew (macOS/Linux)

brew tap meysam81/tap
brew install parse-dmarc

Docker

docker pull meysam81/parse-dmarc

Binary Downloads

Download pre-built binaries from the Releases page.

Quick Start

Step 1: Set Up DNS to Receive DMARC Reports

This is the most important step! Without this, you won't receive any reports to analyze.

Add a DMARC TXT record to your domain's DNS:

Name: _dmarc.yourdomain.com
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

What this means:

  • p=none - Monitor only (don't block emails yet)
  • rua=mailto:dmarc@yourdomain.com - Send aggregate reports to this email address

Important: Replace dmarc@yourdomain.com with an actual email inbox you control. This is where Gmail, Outlook, Yahoo, etc. will send your DMARC reports.

DNS Examples:

  • Cloudflare: DNS > Add record > Type: TXT, Name: _dmarc, Content: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
  • Google Domains: DNS > Custom records > TXT, Name: _dmarc, Data: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
  • AWS Route53: Create record > Type: TXT, Name: _dmarc.yourdomain.com, Value: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

Reports typically start arriving within 24-48 hours.

Step 2: Run Parse DMARC with Docker

Run the container:

docker run -d \
  --name parse-dmarc \
  -p 8080:8080 \
  -e IMAP_HOST=imap.gmail.com \
  -e IMAP_PORT=993 \
  -e IMAP_USERNAME=your-email@gmail.com \
  -e IMAP_PASSWORD=your-app-password \
  -v parse-dmarc:/data \
  meysam81/parse-dmarc

For Gmail users: You'll need an App Password, not your regular Gmail password.

Access the dashboard: Open http://localhost:8080 in your browser.

What You'll See

Once DMARC reports start arriving and Parse DMARC processes them, your dashboard will show:

  • Total messages analyzed across all reports
  • DMARC compliance rate (SPF/DKIM pass rates)
  • Top sending sources (IP addresses and organizations sending as your domain)
  • Authentication results (which emails passed/failed SPF and DKIM)
  • Policy actions (how receiving servers handled your email)

This helps you:

  • Verify your legitimate email services are properly configured
  • Detect unauthorized use of your domain
  • Gradually move from monitoring (p=none) to enforcement (p=quarantine or p=reject)

Configuration Options

IMAP Settings for Common Providers

Gmail:

{
  "host": "imap.gmail.com",
  "port": 993,
  "username": "your-email@gmail.com",
  "password": "your-app-password",
  "use_tls": true
}

Requires App Password

Outlook/Office 365:

{
  "host": "outlook.office365.com",
  "port": 993,
  "username": "your-email@outlook.com",
  "password": "your-password",
  "use_tls": true
}

Generic IMAP: Most providers use port 993 with TLS. Check your provider's documentation.

Command Line Options

# Fetch once and exit (useful for cron jobs)
docker exec parse-dmarc ./parse-dmarc -fetch-once

# Serve dashboard only (no fetching)
docker exec parse-dmarc ./parse-dmarc -serve-only

# Custom fetch interval (in seconds, default 300)
docker exec parse-dmarc ./parse-dmarc -fetch-interval=600

Frequently Asked Questions

Q: I'm not receiving any reports. What's wrong?

A: Check these things in order:

  1. Did you add the _dmarc TXT record to your DNS? (Use a DNS checker like dig _dmarc.yourdomain.com TXT)
  2. Wait 24-48 hours - reports aren't instant
  3. Is your domain sending/receiving email? No email = no reports
  4. Check your IMAP credentials are correct in config.json

Q: Do I need SPF and DKIM set up first?

A: No! DMARC reports will show you whether SPF and DKIM are passing or failing, which helps you configure them correctly.

Q: What should my DMARC policy be?

A: Start with p=none (monitoring only). After reviewing reports and fixing any issues, gradually move to p=quarantine and then p=reject.

Q: How much email traffic do I need?

A: Any amount works. Even small domains with a few emails per day will receive useful reports.

Q: Can I use a Gmail account to receive reports?

A: Yes! Create a dedicated Gmail like dmarc@yourdomain.com, forward it to your personal Gmail if needed, and use Gmail's IMAP settings.

Advanced

Building from Source

git clone https://github.com/meysam81/parse-dmarc.git
cd parse-dmarc
just install-deps
just build
./bin/parse-dmarc -config=config.json

Docker Compose

See compose.yml for Docker Compose configuration.

API Endpoints

  • GET /api/statistics - Dashboard statistics
  • GET /api/reports - List of reports (paginated)
  • GET /api/reports/:id - Detailed report view
  • GET /api/top-sources - Top sending source IPs
  • GET /metrics - Prometheus metrics endpoint

Prometheus Metrics & Grafana Integration

Parse DMARC includes production-ready Prometheus metrics for monitoring and alerting. Metrics are enabled by default and exposed at /metrics.

Available Metrics

Build Information

Metric Type Description
parse_dmarc_build_info Gauge Build information (version, commit, build_date)

Report Processing

Metric Type Description
parse_dmarc_reports_fetched_total Counter Total DMARC report emails fetched from IMAP
parse_dmarc_reports_parsed_total Counter Total DMARC reports successfully parsed
parse_dmarc_reports_stored_total Counter Total DMARC reports stored in database
parse_dmarc_reports_parse_errors_total Counter Total parse errors
parse_dmarc_reports_store_errors_total Counter Total storage errors
parse_dmarc_reports_attachments_total

Extension points exported contracts — how you extend this code

TokenVerifier (Interface)
TokenVerifier validates access tokens and extracts their information. [3 implementers]
internal/mcp/oauth/verifier.go

Core symbols most depended-on inside this repo

Close
called by 12
internal/storage/common.go
GetStatistics
called by 5
internal/storage/common.go
ParseReport
called by 4
internal/parser/dmarc.go
GetTotalMessages
called by 4
internal/parser/dmarc.go
writeJSON
called by 4
internal/api/server.go
RefreshMetrics
called by 4
internal/api/server.go
validateUrl
called by 4
src/stores/settings.js
createApiClient
called by 4
src/lib/api.js

Shape

Method 66
Function 56
Struct 55
Interface 1
TypeAlias 1

Languages

Go91%
TypeScript9%

Modules by API surface

internal/mcp/tools.go22 symbols
internal/parser/dmarc.go20 symbols
internal/storage/common.go19 symbols
internal/mcp/oauth/verifier.go15 symbols
internal/metrics/metrics.go14 symbols
internal/imap/client.go11 symbols
internal/api/server.go11 symbols
internal/config/config.go10 symbols
internal/mcp/oauth/middleware.go9 symbols
src/stores/settings.js8 symbols
internal/mcp/server.go7 symbols
internal/mcp/oauth/config.go6 symbols

For agents

$ claude mcp add dmarcguard \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page