doutang1884 2016-10-12 13:54
浏览 683

以编程方式检查SPF,DKIM,DMARC

I have a small program designed to check the existence of these three mail records to counter spoofing. It seems to work on specific domains however they seem to be setup in a case by case basis. My question is whats a more robust way to check these records. The code is here: https://gist.github.com/amlwwalker/f445932d2fdb0f9f9a5e457c1894bf7d Examples:

Ryanair.com:

result:  v=spf1 a mx include:mail1.ryanair.com include:mail2.ryanair.com ~all
err:  lookup _dmarc.ryanair.com on 172.16.4.1:53: no such host
err:  lookup dkim._domainkey.ryanair.com on 172.16.4.1:53: no such host

Ryanair Email header:

Authentication-Results: mx.google.com;
       dkim=pass header.i=@care.ryanair.com;
       spf=pass (google.com: domain of info@care.ryanair.com designates 209.235.250.215 as permitted sender) smtp.mailfrom=info@care.ryanair.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=15below; d=care.ryanair.com; h=MIME-Version:From:To:Date:Subject:Message-ID:Content-Type; i=info@care.ryanair.com; bh=MCorT6FfWGOmISJQSzdv4YLmKfg=; b=eXcQvy0odmzIAYy11bfM8OsoiXziin5E1hbWHvxlY6Q+KSpZr6/5OiUZ4EiNoCpNwFrciKB9Yj8G
   wmZOZwxQd3PW05+2bnu+8oKMPij/AyAEAi2tJ0TBEZxM7BOsno84L3eZ0BQFZvog6bW9UQE1fJCQ
   aoQYXPgsHV6dzWjmHYo=

So to me that looks like it has DKIM and SPF. The code doesn't find a DKIM record though.

marvelapp.com

result:  v=spf1 include:mailgun.org include:spf.mandrillapp.com include:spf1 include:mail.zendesk.com include:spf.mail.intercom.io -all
err:  lookup _dmarc.marvelapp.com on 172.16.4.1:53: no such host
err:  lookup dkim._domainkey.marvelapp.com on 172.16.4.1:53: no such host

Marvelapp Email Header:

Received-SPF: pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) client-ip=31.193.196.244;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ml.mailersend.com;
       spf=pass (google.com: domain of ml-bounce-newsletter@ml.mailersend.com designates 31.193.196.244 as permitted sender) smtp.mailfrom=ml-bounce-newsletter@ml.mailersend.com

So what I don't understand is why in some cases dkim._domainkey.domain.TLD is the correct way to find the dkim key, and sometimes its clearly not (google seems to find it, but how? Whats the best way to look the dkim key up?

I bascially want that code snippet to return the same result as going to "Show Original" in Gmail does

Thanks

  • 写回答

1条回答 默认 最新

  • dongzhun8449 2016-10-12 21:36
    关注

    The DKIM selector is not necessarily called dkim. In the Ryanair example, the selector is a rather random 15below (From the s= item in the DKIM signature header), so you would need to look up 15below._domainkey.ryanair.com.

    评论

报告相同问题?

悬赏问题

  • ¥17 pro*C预编译“闪回查询”报错SCN不能识别
  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 HLs设计手写数字识别程序编译通不过
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向