https://github.com/cloudflare/dmarc-email-worker

DMARC reports processor using Cloudflare Workers and Email Workers
https://github.com/cloudflare/dmarc-email-worker

cloudflare dmarc workers

Last synced: 1 day ago
JSON representation

DMARC reports processor using Cloudflare Workers and Email Workers

• Host: GitHub
• URL: https://github.com/cloudflare/dmarc-email-worker
• Owner: cloudflare
• License: mit
• Created: 2023-03-07T15:50:06.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2024-10-01T14:27:20.000Z (4 months ago)
• Last Synced: 2025-01-20T22:07:42.208Z (8 days ago)
• Topics: cloudflare, dmarc, workers
• Language: TypeScript
• Homepage: https://blog.cloudflare.com/how-we-built-dmarc-management/
• Size: 85 KB
• Stars: 107
• Watchers: 9
• Forks: 13
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# dmarc-email-worker

A Cloudflare worker script to process incoming DMARC reports, store them, and produce analytics.

It makes use of:

- [Cloudflare Workers](https://workers.cloudflare.com/)

- [Email Workers](https://developers.cloudflare.com/email-routing/email-workers/)

- [R2](https://developers.cloudflare.com/r2/)

- [Worker Analytics](https://developers.cloudflare.com/workers/analytics/)

More details on the [blog post](https://blog.cloudflare.com/how-we-built-dmarc-management/).

## Install instructions

1. Clone this repo

1. Install dependencies with `npm install`

1. Login to your Cloudflare account with `npx wrangler login`

1. Ensure that the names of the R2 buckets used and Worker Analytics dataset are correct in `wrangler.toml`

1. Run `npx wrangler publish` to publish the worker

1. Configure an Email Routing rule to forward the email from a destinattion address to this worker `dmarc-email-worker`

1. Add this address as RUA to your domain's DMARC record

## Inspecting the data

After obtaining the `account_id` and `token` from the [API Tokens](https://dash.cloudflare.com/profile/api-tokens) page, you can run the following query to get the DMARC reports:

```bash

curl -X POST 'https://api.cloudflare.com/client/v4/accounts//analytics_engine/sql' \

-H 'Authorization: Bearer ' \

-d 'SELECT

    timestamp,

    blob1 AS reportMetadataReportId,

    blob2 AS reportMetadataOrgName,

    toDateTime(double1) AS reportMetadataDateRangeBegin,

    toDateTime(double2) AS reportMetadataDateRangeEnd,

    blob3 AS reportMetadataError,

    blob4 AS policyPublishedDomain,

    double3 AS policyPublishedADKIM,

    double4 AS policyPublishedASPF,

    double5 AS policyPublishedP,

    double6 AS policyPublishedSP,

    double7 AS policyPublishedPct,

    blob5 AS recordRowSourceIP,

    toUInt32(double8) AS recordRowCount,

    double9 AS recordRowPolicyEvaluatedDKIM,

    double10 AS recordRowPolicyEvaluatedSPF,

    double11 AS recordRowPolicyEvaluatedDisposition,

    double12 AS recordRowPolicyEvaluatedReasonType,

    blob6 AS recordIdentifiersEnvelopeTo,

    blob7 AS recordIdentifiersHeaderFrom

FROM dmarc_reports

WHERE timestamp > NOW() - INTERVAL '\''24'\'' DAY'

```