/
Getting DMARC Queries

Getting DMARC Queries

Owned by Moritz Müller
Last updated: Oct 06, 2017 by Daniel Stirnimann

Description:


DMARC is a mechanism to define policies for email validation, dispositioning and reporting. These policies are defined in a DNS TXT record of a subdomain with the label "_dmarc". The query below filters for each query that asks for a domain name that has the string "_dmarc" as lowest label and asks for a TXT record (qtype 16). The results are ordered by the total number of queries for a qname.


Impala Query:


select qname, count(1) as tot
from dns.staging
where qname ILIKE '_dmarc.%'
and qtype = 16
group by qname
order by tot desc



Example Output:


_dmarc.paypal.nl. 5153
_dmarc.virtuoso.nl. 4492
_dmarc.variate.nl. 4408
_dmarc.thermistor.nl. 4375
...

Related content

Top N NXDOMAIN
Top N NXDOMAIN
Domain Names
More like this
Queries per day that include the EDNS0 option edns-key-tag
Queries per day that include the EDNS0 option edns-key-tag
DNSSEC
More like this
Get DKIM usage
Get DKIM usage
Domain Names
More like this
Popular labels
Popular labels
Domain Names
More like this
Popular labels alternative version
Popular labels alternative version
Domain Names
More like this
Percentage of potentially validating resolvers in a specific country
Percentage of potentially validating resolvers in a specific country
DNSSEC
More like this