DMARC Aggregate Report parsing?
Question asked by Douglas Foster - 11/17/2022 at 7:01 AM
DMARC reports arrive an email attachment (.GZ, .ZIP, or rarely .XML file extensions).   The steps to process them are:
1) Open the email and export the attachment.
2) Extract the .GZ or .ZIP file to a .XML file
3) Parse the XML file (in my case into SQL)

I have tools to do step 2 and step 3, but the first step is currently a tedious manual process, and I am not a REST API programmer.   Does someone have code to do the first step?   I would be happy to share my code that pulls the XML into SQL tables.

2 Replies

Reply to Thread
Zach Sylvester Replied
Employee Post
Hey Doug, 

Thanks for the question. I don't have a script on hand to do this. But it seems like it would be pretty easy to do with python. 
Check out this learning material. 

Please let me know if this helps. 

Kind Regards, 

Zach Sylvester

System/Network Administrator
SmarterTools Inc.
(877) 357-6278
Douglas Foster Replied
The XML piece is solved.   Microsoft SQL has specific features for importing XML, so the hardest part was learning the correct syntax.

My current problem is automating the process of walking the inbox to export the attachments on new messages.

As it turns out, the ideal tool needs to capture message metadata as well as the attachment, as these values can also be significant for some messages sources.   The additional data to be captured is:
The message From address
The subject text, which should be in form:  Report Domain: example.com Submitter: google.com Report-ID: <random-unique-string>

I suppose solving this part of the problem would require creating two messages from every email, the attachment file itself and a text file with the metadata and a pointer to the attachment file.   Then the import process becomes more complicated as well.

Reply to Thread