DMARC Checker is a Rust powered asynchronous DMARC lookup engine. It takes a list of domains as its input and generates a CSV output of the parsed DMARC records.
For individual domains, it's simpler to use the dig utility, e.g. dig dmarc.example.org TXT +short.
However, unlike dig, DMARC Check is fast. It averages around 500 lookups per second and can parse the top 1 million domains within 30 minutes.
Please see the Wiki located here.
- Access our Mail Spoofer tool and how-to guides on the Mail Spoofer Wiki.
- For help identifying vulnerable domains, check out our tool DMARC Checker and its Wiki.
DMARC Checker is built in Rust, meaning you can compile it using the Cargo engine on Rust supported platforms. Within the Git directory, use the following commands.
cargo build for debug versions, and
cargo build --release for release versions.
Provide a file of domains with the -i' flag, and specify a file to output for the -o' flag. The domain list needs to be a newline separated list of domains.
domain_list.txt
google.com
cia.gov
nca.gov.uk
dwp.gov.uk
gmail.com
./dmarc_checker -i domain_list.txt -o domain_output.csv
OR
cargo run -- -i domain_list.txt -o domain_output.csv
The tool parses batches of 50,000 domains — it prevents I/O kernel problems — and writes results to the domain_output.csv file.
You can increase or decrease the batch size by specifying -b.
./dmarc_checker -i domain_list.txt -o domain_output.csv -b 100
OR
cargo run -- -i domain_list.txt -o domain_output.csv -b 100
We've tested the DMARC Checker against the following list of domains.
Some DMARC records specify CNAME domains. We list these records with CNAME entries but DO NOT recursively check the CNAME tree.
We felt that the effort required to write the check, especially asynchronously, wasn't worth the time as not many DMARC domains use CNAME records.
We've also added helpful hints where DMARC records are empty if a domain is vulnerable to subdomain spoofing only and inconsistencies arise with the percentage specifier.