How to make dmarc-cat read compressed DMARCS reports

February 16th, 2023

Dmarc reports are send as attachments by several email-services.

DMARC reports are in the XML format, so of course the reports are compressed before sending.

For example, OUTLOOK is sending them as gzip compressed:!<domain>!<timestamp-start>!<timestamp-end>.xml.gz

Other email-servers are sending zipped attachments.

Once the report are saved dmarc-cat seems to be able to decompress .zip reports on the fly, but it fails on gz files.

So this works:


But this fails:


How to make dmarc-cat parse gz dmarc reports?

There is a poorly documented -t switch

dmarc-cat -h

Usage of dmarc-cat:
-D Debug mode
-N Do not resolve IPs
-S string
Sort results (default "\"Count\" \"dsc\"")
-j int
Parallel jobs (default 12)
-t string
File type for stdin mode
-v Verbose mode
Display version

It’s a bit unclear how it should work, but this will do the trick:

dmrac-cat -t .gz!<domain>!<timestamp-start>!<timestamp-end>.xml.gz

And it also miraculously parses zip files, so this works also:

dmrac-cat -t .gz!<domain>!<timestamp-start>!<timestamp-end>

Add dmarc-cat as an alias for dmarc-cat -t .gz

So just add dmarc-cat as an alias in dmrac-cat -t .gz to .bash_aliases and your good to go:

echo "alias dmarc-cat='dmarc-cat -t .gz'" >> ~/.bash_aliases

This will save you some keystrokes the rest of you life!


Leave a Reply