Parse DMARC Reports

• Email Monitoring: Connects to an IMAP server to fetch DMARC report emails.
• Attachment Handling: Downloads and processes attachments, specifically zip files containing DMARC reports.
• XML Parsing: Extracts and parses XML data from DMARC reports.
• Data Mapping & Transformation: Selects and formats key data points from the DMARC reports for database insertion.
• Date Formatting: Converts date values to a MySQL-compatible format.
• Database Integration: Inserts processed DMARC data into a MySQL database.
• Conditional Notifications: Triggers notifications (Slack and/or email) for failed DKIM or SPF evaluations.

1. Email Trigger (IMAP): Configure your IMAP account credentials to connect to the mailbox where DMARC reports are received. Ensure downloadAttachments is set to true.
2. Unzip File: This node automatically handles the unzipping of the attachment. The binaryPropertyName should match the output of the IMAP node (e.g., attachment_0).
3. Extract XML data: Extracts data from the unzipped file. The binaryPropertyName should be the output of the previous Unzip File node (e.g., file_0).
4. Parse XML data to JSON: Converts the extracted XML data into a JSON format that n8n can process.
5. If multiple records to parse: This If node checks if there are multiple records within the DMARC report. The condition {{ $json.feedback.record[0] }} checks for the existence of the first record.
   • If True (Multiple Records): The flow goes to Split Out For Separate Entries.
   • If False (Single Record or No Record): The flow goes to Rename column for consistency.
6. Split Out For Separate Entries: Splits the feedback.record field into individual entries if multiple DMARC records are present.
7. Rename Keys: Renames the feedback.record to fbr for easier access in subsequent nodes. This node is crucial for handling multiple DMARC records.
8. Rename column for consistency: This node ensures the feedback.record is available under the fbr key, even if Split Out For Separate Entries was bypassed.
9. Map fields for DB input and parse: This Set node maps and transforms the parsed DMARC data into fields suitable for database insertion. It also prepares date fields for formatting.
10. Begin format date: Formats the date_range_begin field into yyyy-MM-dd hh:mm:ss format.
11. End date format: Formats the date_range_end field into yyyy-MM-dd hh:mm:ss format.
12. Input into database: Connects to your MySQL database and inserts the processed DMARC data into the dmarc table. Ensure your MySQL credentials and database table are correctly configured.
13. If issue with DKIM or SPF: This If node checks if the evaluated_dkim or evaluated_spf fields are not 'pass'.
    • If True (Issue Found): The flow proceeds to the notification nodes.
14. Slack Post Message On Channel: (Disabled by default) If enabled, this node posts a notification message to a Slack channel detailing the DMARC evaluation failure. Configure your Slack credentials and channel.
15. Send Error Notification Email: (Disabled by default) If enabled, this node sends an email notification detailing the DMARC evaluation failure. Configure your email sending credentials and recipient.

Setup Reminders:

• Ensure your IMAP mailbox is correctly set up and accessible.
• Configure your MySQL database credentials and ensure the dmarc table exists with the necessary columns.
• Set up Slack or email notification channels if you wish to receive alerts.