doutang1884 2016-10-12 13:54
浏览 683

以编程方式检查SPF,DKIM,DMARC

I have a small program designed to check the existence of these three mail records to counter spoofing. It seems to work on specific domains however they seem to be setup in a case by case basis. My question is whats a more robust way to check these records. The code is here: https://gist.github.com/amlwwalker/f445932d2fdb0f9f9a5e457c1894bf7d Examples:

Ryanair.com:

result:  v=spf1 a mx include:mail1.ryanair.com include:mail2.ryanair.com ~all
err:  lookup _dmarc.ryanair.com on 172.16.4.1:53: no such host
err:  lookup dkim._domainkey.ryanair.com on 172.16.4.1:53: no such host

Ryanair Email header:

Authentication-Results: mx.google.com;
       dkim=pass header.i=@care.ryanair.com;
       spf=pass (google.com: domain of info@care.ryanair.com designates 209.235.250.215 as permitted sender) smtp.mailfrom=info@care.ryanair.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=15below; d=care.ryanair.com; h=MIME-Version:From:To:Date:Subject:Message-ID:Content-Type; i=info@care.ryanair.com; bh=MCorT6FfWGOmISJQSzdv4YLmKfg=; b=eXcQvy0odmzIAYy11bfM8OsoiXziin5E1hbWHvxlY6Q+KSpZr6/5OiUZ4EiNoCpNwFrciKB9Yj8G
   wmZOZwxQd3PW05+2bnu+8oKMPij/AyAEAi2tJ0TBEZxM7BOsno84L3eZ0BQFZvog6bW9UQE1fJCQ
   aoQYXPgsHV6dzWjmHYo=

So to me that looks like it has DKIM and SPF. The code doesn't find a DKIM record though.

marvelapp.com

result:  v=spf1 include:mailgun.org include:spf.mandrillapp.com include:spf1 include:mail.zendesk.com include:spf.mail.intercom.io -all
err:  lookup _dmarc.marvelapp.com on 172.16.4.1:53: no such host
err:  lookup dkim._domainkey.marvelapp.com on 172.16.4.1:53: no such host

Marvelapp Email Header:

Received-SPF: pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) client-ip=31.193.196.244;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ml.mailersend.com;
       spf=pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) smtp.mailfrom=ml-bounce-newsletter@ml.mailersend.com

So what I don't understand is why in some cases dkim._domainkey.domain.TLD is the correct way to find the dkim key, and sometimes its clearly not (google seems to find it, but how? Whats the best way to look the dkim key up?

I bascially want that code snippet to return the same result as going to "Show Original" in Gmail does

Thanks

  • 写回答

1条回答 默认 最新

  • dongzhun8449 2016-10-12 21:36
    关注

    The DKIM selector is not necessarily called dkim. In the Ryanair example, the selector is a rather random 15below (From the s= item in the DKIM signature header), so you would need to look up 15below._domainkey.ryanair.com.

    评论

报告相同问题?

悬赏问题

  • ¥20 idea运行测试代码报错问题
  • ¥15 网络监控:网络故障告警通知
  • ¥15 django项目运行报编码错误
  • ¥15 请问这个是什么意思?
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏
  • ¥15 模糊pid与pid仿真结果几乎一样
  • ¥15 java的GUI的运用
  • ¥15 我想付费需要AKM公司DSP开发资料及相关开发。