A Cloudflare worker script to process incoming DMARC reports, store them, and produce analytics.
It makes use of:
More details on the blog post.
- Clone this repo
- Install dependencies with
npm install - Login to your Cloudflare account with
npx wrangler login - Ensure that the names of the R2 buckets used and Worker Analytics dataset are correct in
wrangler.toml - Run
npx wrangler publishto publish the worker - Configure an Email Routing rule to forward the email from a destinattion address to this worker
dmarc-email-worker - Add this address as RUA to your domain's DMARC record
After obtaining the account_id and token from the API Tokens page, you can run the following query to get the DMARC reports:
curl -X POST 'https://api.cloudflare.com/client/v4/accounts/<account_id>/analytics_engine/sql' \
-H 'Authorization: Bearer <token>' \
-d 'SELECT
timestamp,
blob1 AS reportMetadataReportId,
blob2 AS reportMetadataOrgName,
toDateTime(double1) AS reportMetadataDateRangeBegin,
toDateTime(double2) AS reportMetadataDateRangeEnd,
blob3 AS reportMetadataError,
blob4 AS policyPublishedDomain,
double3 AS policyPublishedADKIM,
double4 AS policyPublishedASPF,
double5 AS policyPublishedP,
double6 AS policyPublishedSP,
double7 AS policyPublishedPct,
blob5 AS recordRowSourceIP,
toUInt32(double8) AS recordRowCount,
double9 AS recordRowPolicyEvaluatedDKIM,
double10 AS recordRowPolicyEvaluatedSPF,
double11 AS recordRowPolicyEvaluatedDisposition,
double12 AS recordRowPolicyEvaluatedReasonType,
blob6 AS recordIdentifiersEnvelopeTo,
blob7 AS recordIdentifiersHeaderFrom
FROM dmarc_reports
WHERE timestamp > NOW() - INTERVAL '\''24'\'' DAY'