Stop letting your DMARC and TLS-RPT reports gather dust. Mailweave transforms raw data into actionable insights.

Mailweave empowers you to reclaim control over your email security posture by automating the ingestion and analysis of DMARC and TLS-RPT reports directly within your self-hosted environment, ensuring complete data privacy. Leverage Mailweave's robust parsing engine to transform verbose XML data into structured, queryable datasets, providing granular visibility into your authentication and encryption landscapes. Deploy Mailweave with maximum flexibility, whether via Docker, Kubernetes, or as a single binary, adapting it to your chosen mail server and database stack. Embrace a data-driven approach to email security with Mailweave's comprehensive reporting and analysis capabilities, all within a transparent, open-source framework.

There are so many RFCs that governs how email works. For most enterprises that host their own mail server, some sysadmin (in this case, me) needs to read those bunch of RFCs and make sure we are adhering to what's defined as the standard. One of them being RFC7489: Domain-based Message Authentication, Reporting, and Conformance (DMARC) and RFC8460: SMTP TLS Reporting. In which sysadmins of the said mail servers can monitor the behavior of their users (what they send, does their mail server actually work, delivery status, deducing if there are spammers inside the server, etc) by reading the DMARC and TLS-RPT reports sent by other parties.

When asked on Reddit, what do you guys actually do with your DMARC reports?, the answer for most people would be:

It sparked a question in me: Is it really meant to be ignored? Do DMARC and TLS-RPT reports are actually useful for you?

I started to find open source program that can help me parse & analyze the reports. Sadly, the good ones are not open source and provided as SaaS offering. Mailweave is my attempt to provide a open source solution that can be used by anyone to parse DMARC and TLS-RPT reports.