Hey, this comes at a perfect time for me.<p>I had posted my app on Betalist about a week ago and received a vulnerability report about incorrectly configured DMARC from a security researcher. I made the fix but wasn't confident about it. Shortly after, I received a couple more similar emails.<p>With this tool, my first check failed, citing an invalid SPF record. (I had an extra `.` at the end of my TXT record). Now, the check shows all passing.<p>I hope all is good now (emails are wild).<p>From my limited understanding:<p><pre><code> SPF <- Should this server be sending emails for this domain?
DKIM <- Was this email tampered with?
DMARC <- What should I, as a recipient, do if SPF or DKIM fails?
</code></pre>
Thanks!
Great tool, one bit of feedback on the log report. Perhaps you can highlight the passing line in the SPF record, I have about 100 of these "The ip4 mechanism does not match." and then a lot of "The include mechanism matches and produces a pass result."<p>Maybe you can highlight the passing statement? - <a href="https://app.screencast.com/Hu5ybB6K3fd9R" rel="nofollow">https://app.screencast.com/Hu5ybB6K3fd9R</a>
I don’t want to take away your spotlight, because it’s a nice project you launched,<p>But I do want to point out to people that <a href="https://github.com/domainaware/checkdmarc">https://github.com/domainaware/checkdmarc</a> exists for quite a while. I use it often and have also integrated it in various automated tooling.<p>(It also does not require handing out email addresses to strangers.)
I've given it a go.<p>I recommend also <a href="https://mxtoolbox.com/dmarc.aspx" rel="nofollow">https://mxtoolbox.com/dmarc.aspx</a><p>I have no affiliation.
Hmm, am I seeing this correctly that the system does receive emails only via IPv4 and no IPv6? This would make the SPF check somewhat misleading as it only checks one option.
This seems similar to <a href="https://www.mail-tester.com" rel="nofollow">https://www.mail-tester.com</a> which I use all the time to quickly diagnose mail issues
A simple reject policy is showing up as an error, despite validating fine with other DMARC checker apps like MX Toolbox,<p><pre><code> The From domain (...) has an invalid DMARC record.
...
DMARC record found: v=DMARC1; p=reject;
The DMARC check result is permerror.
</code></pre>
No explanation as to what permerror means.<p>It might also be useful if the tool attempted to circumvent DNS caching, so users can try tests in succession after updating.
This is a really straightforward tool. Validating spf/dkim/dmarc by receiving an email strikes me as more effective than something that just looks at the DNS records. Thanks for sharing.