/
Getting DMARC Queries

Getting DMARC Queries

Owned by Moritz Müller

Description:


DMARC is a mechanism to define policies for email validation, dispositioning and reporting. These policies are defined in a DNS TXT record of a subdomain with the label "_dmarc". The query below filters for each query that asks for a domain name that has the string "_dmarc" as lowest label and asks for a TXT record (qtype 16). The results are ordered by the total number of queries for a qname.


Impala Query:


select qname, count(1) as tot
from dns.staging
where qname ILIKE '_dmarc.%'
and qtype = 16
group by qname
order by tot desc



Example Output:


_dmarc.paypal.nl. 5153
_dmarc.virtuoso.nl. 4492
_dmarc.variate.nl. 4408
_dmarc.thermistor.nl. 4375
...

Related content