Dmarc reports are send as attachments by several email-services.
DMARC reports are in the XML format, so of course the reports are compressed before sending.
For example, OUTLOOK is sending them as gzip compressed:
protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.gzOther email-servers are sending zipped attachments.
Once the report are saved dmarc-cat seems to be able to decompress .zip reports on the fly, but it fails on gz files.
So this works:
dmrac-cat protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xmldmrac-cat protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.zipBut this fails:
dmrac-cat protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.gzHow to make dmarc-cat parse gz dmarc reports?
There is a poorly documented -t switch
dmarc-cat -h
Usage of dmarc-cat:
-D Debug mode
-N Do not resolve IPs
-S string
Sort results (default "\"Count\" \"dsc\"")
-j int
Parallel jobs (default 12)
-t string
File type for stdin mode
-v Verbose mode
-version
Display version
It’s a bit unclear how it should work, but this will do the trick:
dmrac-cat -t .gz protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.gzAnd it also miraculously parses zip files, so this works also:
dmrac-cat -t .gz protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.zipAdd dmarc-cat as an alias for dmarc-cat -t .gz
So just add dmarc-cat as an alias in dmrac-cat -t .gz to .bash_aliases and your good to go:
echo "alias dmarc-cat='dmarc-cat -t .gz'" >> ~/.bash_aliasesThis will save you some keystrokes the rest of you life!
dmrac-cat protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.gz
dmrac-cat protection.outlook.com!<domain>!<timestamp-start>!<timestamp-end>.xml.zip