API reference
parsedmarc
A Python package for parsing DMARC reports
- exception parsedmarc.InvalidAggregateReport[source]
Raised when an invalid DMARC aggregate report is encountered
- exception parsedmarc.InvalidForensicReport[source]
Raised when an invalid DMARC forensic report is encountered
- exception parsedmarc.InvalidSMTPTLSReport[source]
Raised when an invalid SMTP TLS report is encountered
- parsedmarc.email_results(results, host, mail_from, mail_to, mail_cc=None, mail_bcc=None, port=0, require_encryption=False, verify=True, username=None, password=None, subject=None, attachment_filename=None, message=None)[source]
Emails parsing results as a zip file
- Parameters:
results (OrderedDict) – Parsing results
host – Mail server hostname or IP address
mail_from – The value of the message from header
mail_to (list) – A list of addresses to mail to
mail_cc (list) – A list of addresses to CC
mail_bcc (list) – A list addresses to BCC
port (int) – Port to use
require_encryption (bool) – Require a secure connection from the start
verify (bool) – verify the SSL/TLS certificate
username (str) – An optional username
password (str) – An optional password
subject (str) – Overrides the default message subject
attachment_filename (str) – Override the default attachment filename
message (str) – Override the default plain text body
- parsedmarc.extract_report(content)[source]
Extracts text from a zip or gzip file, as a base64-encoded string, file-like object, or bytes.
- Parameters:
content – report file as a base64-encoded string, file-like object or
bytes.
- Returns:
The extracted text
- Return type:
str
- parsedmarc.extract_report_from_file_path(file_path)[source]
Extracts report from a file at the given file_path
- parsedmarc.get_dmarc_reports_from_mailbox(connection: MailboxConnection, reports_folder='INBOX', archive_folder='Archive', delete=False, test=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, nameservers=None, dns_timeout=6.0, strip_attachment_payloads=False, results=None, batch_size=10, since=None, create_folders=True)[source]
Fetches and parses DMARC reports from a mailbox
- Parameters:
connection – A Mailbox connection object
reports_folder – The folder where reports can be found
archive_folder – The folder to move processed mail to
delete (bool) – Delete messages after processing them
test (bool) – Do not move or delete messages after processing them
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
offline (bool) – Do not query online for geolocation or DNS
nameservers (list) – A list of DNS nameservers to query
dns_timeout (float) – Set the DNS query timeout
strip_attachment_payloads (bool) – Remove attachment payloads from forensic report results
results (dict) – Results from the previous run
batch_size (int) – Number of messages to read and process before saving (use 0 for no limit)
since – Search for messages since certain time (units - {“m”:”minutes”, “h”:”hours”, “d”:”days”, “w”:”weeks”})
create_folders (bool) – Whether to create the destination folders (not used in watch)
- Returns:
Lists of
aggregate_reports
andforensic_reports
- Return type:
OrderedDict
- parsedmarc.get_dmarc_reports_from_mbox(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False)[source]
Parses a mailbox in mbox format containing e-mails with attached DMARC reports
- Parameters:
input – A path to a mbox file
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
strip_attachment_payloads (bool) – Remove attachment payloads from forensic report results
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
offline (bool) – Do not make online queries for geolocation or DNS
- Returns:
Lists of
aggregate_reports
andforensic_reports
- Return type:
OrderedDict
- parsedmarc.get_report_zip(results)[source]
Creates a zip file of parsed report output
- Parameters:
results (OrderedDict) – The parsed results
- Returns:
zip file bytes
- Return type:
bytes
- parsedmarc.parse_aggregate_report_file(_input, offline=False, always_use_local_files=None, reverse_dns_map_path=None, reverse_dns_map_url=None, ip_db_path=None, nameservers=None, dns_timeout=2.0, keep_alive=None)[source]
Parses a file at the given path, a file-like object. or bytes as an aggregate DMARC report
- Parameters:
_input – A path to a file, a file like object, or bytes
offline (bool) – Do not query online for geolocation or DNS
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
keep_alive (callable) – Keep alive function
- Returns:
The parsed DMARC aggregate report
- Return type:
OrderedDict
- parsedmarc.parse_aggregate_report_xml(xml, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, nameservers=None, timeout=2.0, keep_alive=None)[source]
Parses a DMARC XML report string and returns a consistent OrderedDict
- Parameters:
xml (str) – A string of DMARC aggregate report XML
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
offline (bool) – Do not query online for geolocation or DNS
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
timeout (float) – Sets the DNS timeout in seconds
keep_alive (callable) – Keep alive function
- Returns:
The parsed aggregate DMARC report
- Return type:
OrderedDict
- parsedmarc.parse_forensic_report(feedback_report, sample, msg_date, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, ip_db_path=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False)[source]
Converts a DMARC forensic report and sample to a
OrderedDict
- Parameters:
feedback_report (str) – A message’s feedback report as a string
sample (str) – The RFC 822 headers or RFC 822 message sample
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
offline (bool) – Do not query online for geolocation or DNS
msg_date (str) – The message’s date header
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
strip_attachment_payloads (bool) – Remove attachment payloads from forensic report results
- Returns:
A parsed report and sample
- Return type:
OrderedDict
- parsedmarc.parse_report_email(input_, offline=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, keep_alive=None)[source]
Parses a DMARC report from an email
- Parameters:
input – An emailed DMARC report in RFC 822 format, as bytes or a string
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map
reverse_dns_map_url (str) – URL to a reverse DNS map
offline (bool) – Do not query online for geolocation on DNS
nameservers (list) – A list of one or more nameservers to use
dns_timeout (float) – Sets the DNS timeout in seconds
strip_attachment_payloads (bool) – Remove attachment payloads from forensic report results
keep_alive (callable) – keep alive function
- Returns:
report_type
:aggregate
orforensic
report
: The parsed report
- Return type:
OrderedDict
- parsedmarc.parse_report_file(input_, nameservers=None, dns_timeout=2.0, strip_attachment_payloads=False, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, keep_alive=None)[source]
Parses a DMARC aggregate or forensic file at the given path, a file-like object. or bytes
- Parameters:
input – A path to a file, a file like object, or bytes
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Sets the DNS timeout in seconds
strip_attachment_payloads (bool) – Remove attachment payloads from forensic report results
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map
reverse_dns_map_url (str) – URL to a reverse DNS map
offline (bool) – Do not make online queries for geolocation or DNS
keep_alive (callable) – Keep alive function
- Returns:
The parsed DMARC report
- Return type:
OrderedDict
- parsedmarc.parsed_aggregate_reports_to_csv(reports)[source]
Converts one or more parsed aggregate reports to flat CSV format, including headers
- Parameters:
reports – A parsed aggregate report or list of parsed aggregate reports
- Returns:
Parsed aggregate report data in flat CSV format, including headers
- Return type:
str
- parsedmarc.parsed_aggregate_reports_to_csv_rows(reports)[source]
Converts one or more parsed aggregate reports to list of dicts in flat CSV format
- Parameters:
reports – A parsed aggregate report or list of parsed aggregate reports
- Returns:
Parsed aggregate report data as a list of dicts in flat CSV format
- Return type:
list
- parsedmarc.parsed_forensic_reports_to_csv(reports)[source]
Converts one or more parsed forensic reports to flat CSV format, including headers
- Parameters:
reports – A parsed forensic report or list of parsed forensic reports
- Returns:
Parsed forensic report data in flat CSV format, including headers
- Return type:
str
- parsedmarc.parsed_forensic_reports_to_csv_rows(reports)[source]
Converts one or more parsed forensic reports to a list of dicts in flat CSV format
- Parameters:
reports – A parsed forensic report or list of parsed forensic reports
- Returns:
Parsed forensic report data as a list of dicts in flat CSV format
- Return type:
list
- parsedmarc.parsed_smtp_tls_reports_to_csv(reports)[source]
Converts one or more parsed SMTP TLS reports to flat CSV format, including headers
- Parameters:
reports – A parsed aggregate report or list of parsed aggregate reports
- Returns:
Parsed aggregate report data in flat CSV format, including headers
- Return type:
str
- parsedmarc.parsed_smtp_tls_reports_to_csv_rows(reports)[source]
Converts one oor more parsed SMTP TLS reports into a list of single layer OrderedDict objects suitable for use in a CSV
- parsedmarc.save_output(results, output_directory='output', aggregate_json_filename='aggregate.json', forensic_json_filename='forensic.json', smtp_tls_json_filename='smtp_tls.json', aggregate_csv_filename='aggregate.csv', forensic_csv_filename='forensic.csv', smtp_tls_csv_filename='smtp_tls.csv')[source]
Save report data in the given directory
- Parameters:
results (OrderedDict) – Parsing results
output_directory (str) – The path to the directory to save in
aggregate_json_filename (str) – Filename for the aggregate JSON file
forensic_json_filename (str) – Filename for the forensic JSON file
smtp_tls_json_filename (str) – Filename for the SMTP TLS JSON file
aggregate_csv_filename (str) – Filename for the aggregate CSV file
forensic_csv_filename (str) – Filename for the forensic CSV file
smtp_tls_csv_filename (str) – Filename for the SMTP TLS CSV file
- parsedmarc.watch_inbox(mailbox_connection: MailboxConnection, callback: Callable, reports_folder='INBOX', archive_folder='Archive', delete=False, test=False, check_timeout=30, ip_db_path=None, always_use_local_files=False, reverse_dns_map_path=None, reverse_dns_map_url=None, offline=False, nameservers=None, dns_timeout=6.0, strip_attachment_payloads=False, batch_size=None)[source]
- Watches the mailbox for new messages and
sends the results to a callback function
- Parameters:
mailbox_connection – The mailbox connection object
callback – The callback function to receive the parsing results
reports_folder – The IMAP folder where reports can be found
archive_folder – The folder to move processed mail to
delete (bool) – Delete messages after processing them
test (bool) – Do not move or delete messages after processing them
check_timeout (int) – Number of seconds to wait for a IMAP IDLE response or the number of seconds until the next mail check
ip_db_path (str) – Path to a MMDB file from MaxMind or DBIP
always_use_local_files (bool) – Do not download files
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to a reverse DNS map file
offline (bool) – Do not query online for geolocation or DNS
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
dns_timeout (float) – Set the DNS query timeout
strip_attachment_payloads (bool) – Replace attachment payloads in forensic report samples with None
batch_size (int) – Number of messages to read and process before saving
parsedmarc.elastic
- exception parsedmarc.elastic.AlreadySaved[source]
Raised when a report to be saved matches an existing report
- parsedmarc.elastic.create_indexes(names, settings=None)[source]
Create Elasticsearch indexes
- Parameters:
names (list) – A list of index names
settings (dict) – Index settings
- parsedmarc.elastic.migrate_indexes(aggregate_indexes=None, forensic_indexes=None)[source]
Updates index mappings
- Parameters:
aggregate_indexes (list) – A list of aggregate index names
forensic_indexes (list) – A list of forensic index names
- parsedmarc.elastic.save_aggregate_report_to_elasticsearch(aggregate_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed DMARC aggregate report to Elasticsearch
- Parameters:
aggregate_report (OrderedDict) – A parsed forensic report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.elastic.save_forensic_report_to_elasticsearch(forensic_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed DMARC forensic report to Elasticsearch
- Parameters:
forensic_report (OrderedDict) – A parsed forensic report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.elastic.save_smtp_tls_report_to_elasticsearch(report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed SMTP TLS report to Elasticsearch
- Parameters:
report (OrderedDict) – A parsed SMTP TLS report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.elastic.set_hosts(hosts, use_ssl=False, ssl_cert_path=None, username=None, password=None, apiKey=None, timeout=60.0)[source]
Sets the Elasticsearch hosts to use
- Parameters:
hosts (str) – A single hostname or URL, or list of hostnames or URLs
use_ssl (bool) – Use a HTTPS connection to the server
ssl_cert_path (str) – Path to the certificate chain
username (str) – The username to use for authentication
password (str) – The password to use for authentication
apiKey (str) – The Base64 encoded API key to use for authentication
timeout (float) – Timeout in seconds
parsedmarc.opensearch
- exception parsedmarc.opensearch.AlreadySaved[source]
Raised when a report to be saved matches an existing report
- parsedmarc.opensearch.create_indexes(names, settings=None)[source]
Create OpenSearch indexes
- Parameters:
names (list) – A list of index names
settings (dict) – Index settings
- parsedmarc.opensearch.migrate_indexes(aggregate_indexes=None, forensic_indexes=None)[source]
Updates index mappings
- Parameters:
aggregate_indexes (list) – A list of aggregate index names
forensic_indexes (list) – A list of forensic index names
- parsedmarc.opensearch.save_aggregate_report_to_opensearch(aggregate_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed DMARC aggregate report to OpenSearch
- Parameters:
aggregate_report (OrderedDict) – A parsed forensic report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.opensearch.save_forensic_report_to_opensearch(forensic_report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed DMARC forensic report to OpenSearch
- Parameters:
forensic_report (OrderedDict) – A parsed forensic report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.opensearch.save_smtp_tls_report_to_opensearch(report, index_suffix=None, index_prefix=None, monthly_indexes=False, number_of_shards=1, number_of_replicas=0)[source]
Saves a parsed SMTP TLS report to OpenSearch
- Parameters:
report (OrderedDict) – A parsed SMTP TLS report
index_suffix (str) – The suffix of the name of the index to save to
index_prefix (str) – The prefix of the name of the index to save to
monthly_indexes (bool) – Use monthly indexes instead of daily indexes
number_of_shards (int) – The number of shards to use in the index
number_of_replicas (int) – The number of replicas to use in the index
- Raises:
- parsedmarc.opensearch.set_hosts(hosts, use_ssl=False, ssl_cert_path=None, username=None, password=None, apiKey=None, timeout=60.0)[source]
Sets the OpenSearch hosts to use
- Parameters:
hosts (str|list) – A hostname or URL, or list of hostnames or URLs
use_ssl (bool) – Use an HTTPS connection to the server
ssl_cert_path (str) – Path to the certificate chain
username (str) – The username to use for authentication
password (str) – The password to use for authentication
apiKey (str) – The Base64 encoded API key to use for authentication
timeout (float) – Timeout in seconds
parsedmarc.splunk
- class parsedmarc.splunk.HECClient(url, access_token, index, source='parsedmarc', verify=True, timeout=60)[source]
Initializes the HECClient
- Parameters:
url (str) – The URL of the HEC
access_token (str) – The HEC access token
index (str) – The name of the index
source (str) – The source name
verify (bool) – Verify SSL certificates
timeout (float) – Number of seconds to wait for the server to send data before giving up
- save_aggregate_reports_to_splunk(aggregate_reports)[source]
Saves aggregate DMARC reports to Splunk
- Parameters:
aggregate_reports – A list of aggregate report dictionaries to save in Splunk
parsedmarc.utils
Utility functions that might be useful for other projects
- exception parsedmarc.utils.DownloadError[source]
Raised when an error occurs when downloading a file
- parsedmarc.utils.convert_outlook_msg(msg_bytes)[source]
Uses the
msgconvert
Perl utility to convert an Outlook MS file to standard RFC 822 format- Parameters:
msg_bytes (bytes) – the content of the .msg file
- Returns:
A RFC 822 string
- parsedmarc.utils.decode_base64(data)[source]
Decodes a base64 string, with padding being optional
- Parameters:
data – A base64 encoded string
- Returns:
The decoded bytes
- Return type:
bytes
- parsedmarc.utils.get_base_domain(domain)[source]
Gets the base domain name for the given domain
Note
Results are based on a list of public domain suffixes at https://publicsuffix.org/list/public_suffix_list.dat.
- Parameters:
domain (str) – A domain or subdomain
- Returns:
The base domain of the given domain
- Return type:
str
- parsedmarc.utils.get_filename_safe_string(string)[source]
Converts a string to a string that is safe for a filename
- Parameters:
string (str) – A string to make safe for a filename
- Returns:
A string safe for a filename
- Return type:
str
- parsedmarc.utils.get_ip_address_country(ip_address, db_path=None)[source]
Returns the ISO code for the country associated with the given IPv4 or IPv6 address
- Parameters:
ip_address (str) – The IP address to query for
db_path (str) – Path to a MMDB file from MaxMind or DBIP
- Returns:
And ISO country code associated with the given IP address
- Return type:
str
- parsedmarc.utils.get_ip_address_info(ip_address, ip_db_path=None, reverse_dns_map_path=None, always_use_local_files=False, reverse_dns_map_url=None, cache=None, reverse_dns_map=None, offline=False, nameservers=None, timeout=2.0)[source]
Returns reverse DNS and country information for the given IP address
- Parameters:
ip_address (str) – The IP address to check
ip_db_path (str) – path to a MMDB file from MaxMind or DBIP
reverse_dns_map_path (str) – Path to a reverse DNS map file
reverse_dns_map_url (str) – URL to the reverse DNS map file
always_use_local_files (bool) – Do not download files
cache (ExpiringDict) – Cache storage
reverse_dns_map (dict) – A reverse DNS map
offline (bool) – Do not make online queries for geolocation or DNS
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
timeout (float) – Sets the DNS timeout in seconds
- Returns:
ip_address
,reverse_dns
- Return type:
OrderedDict
- parsedmarc.utils.get_reverse_dns(ip_address, cache=None, nameservers=None, timeout=2.0)[source]
Resolves an IP address to a hostname using a reverse DNS query
- Parameters:
ip_address (str) – The IP address to resolve
cache (ExpiringDict) – Cache storage
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
timeout (float) – Sets the DNS query timeout in seconds
- Returns:
The reverse DNS hostname (if any)
- Return type:
str
- parsedmarc.utils.get_service_from_reverse_dns_base_domain(base_domain, always_use_local_file=False, local_file_path=None, url=None, offline=False, reverse_dns_map=None)[source]
Returns the service name of a given base domain name from reverse DNS.
- Parameters:
base_domain (str) – The base domain of the reverse DNS lookup
always_use_local_file (bool) – Always use a local map file
local_file_path (str) – Path to a local map file
url (str) – URL ro a reverse DNS map
offline (bool) – Use the built-in copy of the reverse DNS map
reverse_dns_map (dict) – A reverse DNS map
- Returns:
A dictionary containing name and type. If the service is unknown, the name will be the supplied reverse_dns_base_domain and the type will be None
- Return type:
dict
- parsedmarc.utils.human_timestamp_to_datetime(human_timestamp, to_utc=False)[source]
Converts a human-readable timestamp into a Python
datetime
object- Parameters:
human_timestamp (str) – A timestamp string
to_utc (bool) – Convert the timestamp to UTC
- Returns:
The converted timestamp
- Return type:
datetime
- parsedmarc.utils.human_timestamp_to_unix_timestamp(human_timestamp)[source]
Converts a human-readable timestamp into a UNIX timestamp
- Parameters:
human_timestamp (str) – A timestamp in YYYY-MM-DD HH:MM:SS` format
- Returns:
The converted timestamp
- Return type:
float
- parsedmarc.utils.is_mbox(path)[source]
Checks if the given content is an MBOX mailbox file
- Parameters:
path – Content to check
- Returns:
A flag that indicates if the file is an MBOX mailbox file
- Return type:
bool
- parsedmarc.utils.is_outlook_msg(content)[source]
Checks if the given content is an Outlook msg OLE/MSG file
- Parameters:
content – Content to check
- Returns:
A flag that indicates if the file is an Outlook MSG file
- Return type:
bool
- parsedmarc.utils.parse_email(data, strip_attachment_payloads=False)[source]
A simplified email parser
- Parameters:
data – The RFC 822 message string, or MSG binary
strip_attachment_payloads (bool) – Remove attachment payloads
- Returns:
Parsed email data
- Return type:
dict
- parsedmarc.utils.query_dns(domain, record_type, cache=None, nameservers=None, timeout=2.0)[source]
Queries DNS
- Parameters:
domain (str) – The domain or subdomain to query about
record_type (str) – The record type to query for
cache (ExpiringDict) – Cache storage
nameservers (list) – A list of one or more nameservers to use (Cloudflare’s public DNS resolvers by default)
timeout (float) – Sets the DNS timeout in seconds
- Returns:
A list of answers
- Return type:
list