Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email Configuration bad results #67

Open
Clemv95 opened this issue Nov 28, 2023 · 4 comments
Open

Email Configuration bad results #67

Clemv95 opened this issue Nov 28, 2023 · 4 comments

Comments

@Clemv95
Copy link

Clemv95 commented Nov 28, 2023

I tried with my own domain , i have dmarc, spf and dkim, but web check show only spf
I think this is because of the library used, dns, that only show the txt record of spf for a reason that i dont know
Maybe change the library for dkim and dmarc
@traeblain
Copy link

The issue comes in where dns.resolveTxt(domain) only looks at TXT records assigned to the domain. So for 'example.com' it will only show records aligning with 'example.com'. DMARC and DKIM are assigned to different DNS names, so for DKIM it is "selector._domainkey.example.com" and DMARC is (I believe) "_dmarc.example.com". Same for BIMI as it's scoped as well: "selector._bimi.example.com".

Getting DMARC should be relatively simple in that an additional request for this record @ "_dmarc." + domain. But for accurate BIMI and DKIM, the selector would need to be identified.

I don't think there's a way for node to get "._domainkey" for each domain in order to get all DKIM keys. Same is true for BIMI's need for "._BIMI". So without an additional piece of information, I think this tool will always provide red X for all DKIM/BIMI information.

@hernanpopper
Copy link

is there a fix for this or should it simply not be considered accurate?

@andreasbrett
Copy link

I agree with @traeblain. DMARC could be fixed quite easily but it's not possible to enumerate DKIM and BIMI selectors without using exhaustive search (basically brute-forcing all possible DKIM/BIMI selectors or using dictionary search).

@Lissy93 Considering these 3 metrics currently don't provide correct results, I would propose to at least remove DKIM and BIMI and to fix DMARC.

@Ech0b1t
Copy link

Ech0b1t commented Mar 8, 2024

I generally agree with the discussions of my predecessors. For DMARC and BIMI, at least the standard values should be parsed (v=DMARC1 and v=BIMI1). The situation with DKIM is somewhat more complicated without the information about which selector the entry corresponds to. To find this out, I will at least use the most common selectors from mail providers (google, gogle1024, google2048...) and so on. Various lists circulate on the internet that offer at least a starting point for this. If there is no match, then a notification should be issued that either the selector does not exist or cannot be found. I must also say that I am very pleased with the project, and even now, it provides a wealth of information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@traeblain @andreasbrett @Clemv95 @hernanpopper @Ech0b1t