id: dmarc-detect info: name: DNS DMARC Detection author: juliosmelo severity: info description: | DMARC is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks. reference: - https://dmarc.org/ - https://dmarc.org/wiki/FAQ#Why_is_DMARC_important.3F tags: dns,dmarc dns: - name: "_dmarc.{{FQDN}}" type: TXT extractors: - type: regex group: 1 regex: - "IN\tTXT\t(.+)"