/ 
Mail-DMARC-1.20240314
River stage one • 2 direct dependents • 3 total dependents
/ bin/dmarc_view_reports

SYNOPSIS

dmarc_view_reports [ --option=value ]

Dumps the contents of the DMARC data store to your terminal. The most recent records are show first.

Search Options

author       - report author (Yahoo! Inc, google.com, etc..)
from_dom     - message sender domain
begin        - epoch start time to display messages after
end          - epoch end time to display messages before
disposition  - DMARC disposition (none,quarantine,reject)
dkim         - DKIM alignment result (pass/fail)
spf          - SPF alignment result  (pass/fail)

Other Options

dmarc_view_reports [ --geoip --dns --help --verbose ]

  geoip        - do GeoIP lookups (requires the free Maxmind GeoCityLitev6 database).
  dns          - do reverse DNS lookups and display hostnames
  help         - print this syntax guide
  verbose      - print additional debug info

EXAMPLES

To search for all reports from google.com that failed DMARC alignment:

dmarc_view_reports --author=google.com --dkim=fail --spf=fail

Note that we don't use --disposition. That would only tell us the result of applying DMARC policy, not necessarily if the messages failed DMARC alignment.

To display GeoIP lookup data for the source ip:

dmarc_view_reports --geoip

By default; city, country_code & continent_code are shown. You can optionally pass a comma delimited string to --geoip= with any of the following fields:

country_code country_code3 country_name region region_name city postal_code latitude longitude time_zone area_code continent_code metro_code

dmarc_view_reports --geoip=country_name,continent_code
dmarc_view_reports --geoip=continent_code,country_name # keep order
dmarc_view_reports --geoip=city,city,city              # repeat

SAMPLE OUTPUT

ID             Recipient           From/Sender     Report-Start
 | -- Qty                        Source IP   Disposition    DKIM     SPF

570        theartfarm.com          simerson.net  2013-05-20 09:40:50
 | --   1                   75.126.200.152    quarantine    fail    fail

568              yeah.net              tnpi.net  2013-05-21 09:00:00
 | --   1                   111.176.77.138        reject    fail    fail

567               126.com              tnpi.net  2013-05-21 09:00:00
 | --   1                    49.73.135.125        reject    fail    fail

565            google.com             mesick.us  2013-05-20 17:00:00
 | --  88                   208.75.177.101          none    pass    pass

564            google.com        theartfarm.com  2013-05-20 17:00:00
 | --   3                   208.75.177.101          none    pass    pass

563            google.com          lynboyer.com  2013-05-20 17:00:00
 | --   1          2a00:1450:4010:c03::235          none    pass    fail  forwarded
 | --  12                   208.75.177.101          none    pass    pass
 | --   1                   209.85.217.174          none    pass    fail  forwarded

561            google.com          simerson.net  2013-05-20 17:00:00
 | --   1                   208.75.177.101          none    pass    pass

560            google.com              tnpi.net  2013-05-20 17:00:00
 | --   1                   208.75.177.101          none    pass    pass
 | --   1                    27.20.110.240        reject    fail    fail

559           hotmail.com          lynboyer.com  2013-05-20 20:00:00
 | --   6                   208.75.177.101          none    pass    pass

AUTHORS

  • Matt Simerson <msimerson@cpan.org>

  • Davide Migliavacca <shari@cpan.org>

  • Marc Bradshaw <marc@marcbradshaw.net>