DMARC-SRG is a basic, self-hosted PHP script. It parses aggregate (RUA) DMARC reports and presents them in a web-based interface. It offers a straightforward view of DMARC compliance, showing SPF and DKIM authentication results, and how emails align with your DMARC policy.

Its strength lies in its simplicity and directness, acting as a foundational tool for DMARC visibility. We find it to be a raw, unfiltered look at our DMARC data, which can be both a blessing and a curse depending on our analytical needs.

The Splunk TA-DMARC add-on is designed to ingest DMARC aggregate reports into Splunk, allowing us to leverage Splunk's powerful search, correlation, and dashboarding capabilities. It doesn't offer DMARC report parsing or presentation itself, but acts as a data pipeline.

Its value comes from integrating DMARC data into an existing Security Information and Event Management (SIEM) or observability platform for broader analysis. We see it as a connector, allowing us to weave DMARC insights into our wider security operations framework.

Being a self-hosted PHP script, the DMARC-SRG user experience begins with server setup and configuration. This requires a certain level of technical proficiency and comfort with managing web applications.

Once deployed, the interface is functional but basic, focusing on displaying raw DMARC data with minimal interactive elements. It's a "no-frills" experience, best suited for those comfortable with managing their own web applications and who appreciate direct access to the parsed data. We appreciate its straightforward approach, even if it lacks modern UI polish.

The Splunk TA-DMARC add-on's user experience is entirely dependent on our Splunk environment. For those of us already familiar with Splunk, it's relatively easy to configure the add-on and build custom dashboards.

For new Splunk users, there's a significant learning curve for Splunk itself. The add-on provides the data; we build the visualization and interaction within Splunk, offering high customization but demanding Splunk expertise. It's a blank canvas, but we need to bring our own brushes and paint.

As an open-source project, official support for DMARC-SRG is non-existent. We rely on community forums, GitHub issues, or our own technical skills for troubleshooting and enhancements.

This means "we break it, we bought it" troubleshooting, which can be a significant commitment of time and resources. There's no hotline to call, just our own problem-solving prowess.

The Splunk TA-DMARC add-on is explicitly marked as "Not Supported" and "archived" by the developer. This means there's no official channel for assistance or updates.

Users must be self-sufficient, relying on Splunk's general community support for Splunk issues, but not for the specific add-on's functionality. This makes us feel a bit like we're sailing without a rudder, hoping for favorable community winds.

DMARC-SRG is primarily suitable for individuals or small to medium businesses (SMBs) with technical expertise in server management and PHP. It's a cost-effective choice for those needing basic DMARC visibility without recurring subscription fees.

Managed Service Providers (MSPs) might find it useful if they can integrate and maintain it across multiple clients, but the lack of native multi-tenancy means significant manual effort. For enterprise use, it typically lacks the scalability, advanced features, and dedicated support required for complex DMARC deployments.

The Splunk TA-DMARC add-on is best suited for enterprises or larger organizations already heavily invested in Splunk as their SIEM or data analysis platform. It allows DMARC data to be correlated with other security logs for a holistic view.

SMBs would likely find the overhead of a Splunk instance disproportionate for DMARC alone. MSPs could potentially leverage Splunk's multi-tenant capabilities, but the add-on's "unsupported" status introduces substantial risk. Its archival status also makes it a less ideal choice for new deployments seeking long-term stability.