search

Lissy93 / web-check

🕵️‍♂️ All-in-one OSINT tool for analysing any website
https://web-check.xyz
MIT License
21.97k stars 1.67k forks source link

Email Configuration bad results #67

Open Clemv95 opened 10 months ago

Clemv95 commented 10 months ago

I tried with my own domain , i have dmarc, spf and dkim, but web check show only spf I think this is because of the library used, dns, that only show the txt record of spf for a reason that i dont know Maybe change the library for dkim and dmarc

traeblain commented 9 months ago

The issue comes in where dns.resolveTxt(domain) only looks at TXT records assigned to the domain. So for 'example.com' it will only show records aligning with 'example.com'. DMARC and DKIM are assigned to different DNS names, so for DKIM it is "selector._domainkey.example.com" and DMARC is (I believe) "_dmarc.example.com". Same for BIMI as it's scoped as well: "selector._bimi.example.com".

Getting DMARC should be relatively simple in that an additional request for this record @ "_dmarc." + domain. But for accurate BIMI and DKIM, the selector would need to be identified.

I don't think there's a way for node to get "._domainkey" for each domain in order to get all DKIM keys. Same is true for BIMI's need for "._BIMI". So without an additional piece of information, I think this tool will always provide red X for all DKIM/BIMI information.

hernanpopper commented 7 months ago

is there a fix for this or should it simply not be considered accurate?

andreasbrett commented 7 months ago

I agree with @traeblain. DMARC could be fixed quite easily but it's not possible to enumerate DKIM and BIMI selectors without using exhaustive search (basically brute-forcing all possible DKIM/BIMI selectors or using dictionary search).

@Lissy93 Considering these 3 metrics currently don't provide correct results, I would propose to at least remove DKIM and BIMI and to fix DMARC.

Ech0b1t commented 7 months ago

I generally agree with the discussions of my predecessors. For DMARC and BIMI, at least the standard values should be parsed (v=DMARC1 and v=BIMI1). The situation with DKIM is somewhat more complicated without the information about which selector the entry corresponds to. To find this out, I will at least use the most common selectors from mail providers (google, gogle1024, google2048...) and so on. Various lists circulate on the internet that offer at least a starting point for this. If there is no match, then a notification should be issued that either the selector does not exist or cannot be found. I must also say that I am very pleased with the project, and even now, it provides a wealth of information.