DMARC analyzer Conception

Domain-based Message Authentication, Reporting & Conformance analyer

DMARC overview

DMARC is an authentication protocol, its purpose is to protect a domain from being used with spoofing, scam or phishing. DMARC don’t put messages in spam itself. It gives indications to receivers what to do if tests fails.

To implement DMARC, DNS TXT records needs to be published with instructions (to summarize). In that record you specify the policy (none, reject, qurantine) and the amount of message that fails on which to apply the policy. DMARC requires at least one DKIM signature to validate emails and an SPF value to compare.

DMARC is capable of producing two separate types of reports. The reports are xml files and are send to an email specified with the ‘rua’ value.

Example of a dmarc record :

"v=DMARC1; p=reject; rua=mailto:dmarc@example.org; pct=80; adkim=s; aspf=s"

For that record, it indicates that if the tests fails (spf, dkim), 80% of the fails will be rejected, the remaining will fall into qurantine. The reports are send to dmarc@example.org

Purpose of an analyzer

Depending of the number of email you are sending, it can be difficult to read all the reports, especially with XML. Providing a way to download, parse and interpret results are the goals. The ultimate goal is to provide an interface and give an overview of your domain health.

First steps and reflexion

• Multi-tenancy : One db per domain
• Front end (VueJS) allow to link accounts (gmail only at the moment)
• Api (Golang) is responsible of interaction between Front and BD
• CLI (Golang) is the report parser.