Back

Summer Contributions - DMARC Gmail Agent

May 26, 2025 by Jeff Haynie

Community Contributions

There's a lot of cool agents that the community is working on over the summer. We'll be sharing a few of them over the course of the next few months.

What It Does

DMARC reports are critical for email security but incredibly annoying to monitor. These XML data dumps arrive daily from email providers, and most people either ignore them or spend too much time trying to figure out what's actually important. Miss something critical and your domain could get spoofed or your emails could end up in spam. We decided to use LLM calls to analyze these reports in a free-form way and only alert us when there's actually something wrong.

Get it here: https://github.com/agentuity/agent-dmarc

How It Works

The agent monitors Gmail for DMARC reports and uses an agent to intelligently analyze them. Here's what it does:

  1. Fetches DMARC emails from Gmail using the Gmail API
  2. Extracts and parses the XML report data
  3. Uses LLM analysis to understand the significance of the data
  4. Sends Slack notifications only when issues are detected

Code snippet from the agent:

async def analyze_dmarc_report(dmarc_report):
    """
    Analyzes a single DMARC report using an OpenAI GPT model.
    
    Args:
        dmarc_report: The DMARC XML report content to be analyzed.

    Returns:
        A string containing the GPT-generated analysis of the DMARC report.
    """
    template = templates["analyze-dmarc"]
    compiled_prompt = template.substitute(xml=dmarc_report)
    response = await client.chat.completions.create(
        model="gpt-4o",
        messages=[{"role": "user", "content": compiled_prompt}]
    )
    return response.choices[0].message.content

async def summarize_analysis(results, email):
    """
    Generates a concise summary of multiple DMARC analysis results using OpenAI GPT.
    
    Args:
        results: A list of individual DMARC analysis strings.
        email: Metadata or identifying information for the email being summarized.

    Returns:
        A single summarized report string generated by the GPT model.
    """
    if not results:
        summary = "❌ Unable to analyse DMARC report(s) – parsing failed."
        return summary
    template = templates["summarize-analysis"]
    compiled_prompt = template.substitute(analysis=results, email=email)
    response = await client.chat.completions.create(
        model="gpt-4o",
        messages=[
            {"role": "user", "content": compiled_prompt}
        ]
    )
    return response.choices[0].message.content

The beauty is that instead of rigid rules, the LLM can understand context and nuance - like distinguishing between expected email service changes versus potential security threats. It acts like having a security expert constantly monitoring your email authentication without the manual overhead.

How to Use It

Check the README for more details and to make it your own on Agentuity. It's as simple as:

  • Clone the repo
  • agentuity project import
  • agentuity deploy

Community Spotlight

GitHub Profile Summary

Seng Rith's DMARC Gmail Agent is a smart, security-focused project that uses LLMs and Agentuity to automate email threat analysis—turning complex DMARC data into clear, actionable insights.

Want to contribute to our summer series? Share your Agentuity projects with us on Discord or tag us on social media.