I have a small program designed to check the existence of these three mail records to counter spoofing. It seems to work on specific domains however they seem to be setup in a case by case basis. My question is whats a more robust way to check these records. The code is here: https://gist.github.com/amlwwalker/f445932d2fdb0f9f9a5e457c1894bf7d Examples:
Ryanair.com:
result: v=spf1 a mx include:mail1.ryanair.com include:mail2.ryanair.com ~all
err: lookup _dmarc.ryanair.com on 172.16.4.1:53: no such host
err: lookup dkim._domainkey.ryanair.com on 172.16.4.1:53: no such host
Ryanair Email header:
Authentication-Results: mx.google.com;
dkim=pass header.i=@care.ryanair.com;
spf=pass (google.com: domain of info@care.ryanair.com designates 209.235.250.215 as permitted sender) smtp.mailfrom=info@care.ryanair.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=15below; d=care.ryanair.com; h=MIME-Version:From:To:Date:Subject:Message-ID:Content-Type; i=info@care.ryanair.com; bh=MCorT6FfWGOmISJQSzdv4YLmKfg=; b=eXcQvy0odmzIAYy11bfM8OsoiXziin5E1hbWHvxlY6Q+KSpZr6/5OiUZ4EiNoCpNwFrciKB9Yj8G
wmZOZwxQd3PW05+2bnu+8oKMPij/AyAEAi2tJ0TBEZxM7BOsno84L3eZ0BQFZvog6bW9UQE1fJCQ
aoQYXPgsHV6dzWjmHYo=
So to me that looks like it has DKIM and SPF. The code doesn't find a DKIM record though.
marvelapp.com
result: v=spf1 include:mailgun.org include:spf.mandrillapp.com include:spf1 include:mail.zendesk.com include:spf.mail.intercom.io -all
err: lookup _dmarc.marvelapp.com on 172.16.4.1:53: no such host
err: lookup dkim._domainkey.marvelapp.com on 172.16.4.1:53: no such host
Marvelapp Email Header:
Received-SPF: pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) client-ip=31.193.196.244;
Authentication-Results: mx.google.com;
dkim=pass header.i=@ml.mailersend.com;
spf=pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) smtp.mailfrom=ml-bounce-newsletter@ml.mailersend.com
So what I don't understand is why in some cases dkim._domainkey.domain.TLD is the correct way to find the dkim key, and sometimes its clearly not (google seems to find it, but how? Whats the best way to look the dkim key up?
I bascially want that code snippet to return the same result as going to "Show Original" in Gmail does
Thanks