search

internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
175 stars 37 forks source link

Interactive mail test #470

Open gthess opened 4 years ago

gthess commented 4 years ago

Introduce an interactive mail test to thoroughly test SPF, DMARC, DKIM and DANE with actual email communication. The first iteration and testing of the feature is going to be for the batch functionality, and later on brought to the web UI as well.

bwbroersma commented 1 year ago

Also see https://email-security-scans.org/

baknu commented 1 year ago

https://github.com/internetstandards/Internet.nl-interactive-email-test

ffrediani commented 1 week ago

Folks

When testing email domain for DKIM verification it tests _domainkey.domain.tld and expects a NOERROR instead of a NXDOMAIN. This is expected from the authoritative DNS Server but not all reply that and may not be compliant to RFC 2308. And that makes the DKIM test fails.

If the intent of the test is to verify there is a DKIM, (and in most there is) there should be an alternative way to verify the existence of DKIM record that doesn't fail because of a DNS issue.

If the test was to verify authoritative DNS Server compliance that would make more sense, but in the context of email it should not fail as there is an existing DKIM record.

Can you think of another way to validate that, even in the worst case the user have to mention the selector. Another way is to check some popular ones like: default, dkim, mail, etc.

ffrediani commented 3 days ago

This would only work if _domainkey.domain.tld is a subdomain, which in most cases is not. It is a record selector._domainkey