mirror
/
mailsecchk
mirror of https://github.com/jeffbencteux/mailsecchk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
POSIX script for mail security checks of domain names
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.1 MiB
 
Tree: a2ee3ca526
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a2ee3ca526'
${ noResults }
Jeffrey Bencteux a2ee3ca526
add script and example images 		3 years ago
img add script and example images 3 years ago
README.md update readme 3 years ago
dkim_selectors.txt add script and example images 3 years ago
mailsecchk.sh add script and example images 3 years ago

README.md

mailsecchk

A simple POSIX script for mail security checks against domain names.

Usage: ./mailsecchk.sh [OPTIONS]...
check mail security of a given domain

arguments:
  -d domain to be checked
  -h display this help and exit
  -l log file to output to

Current checks

  • SPF DNS record presence
  • SPF not using FAIL mode "-all"
  • DMARC DNS record presence
  • DMARC policy ("p")
  • DMARC subpolicy ("sp")
  • DMARC sample percentage ("pct")
  • DMARC aggregation and forensic reports send to third-parties ("rua" and "ruf")
  • DKIM dictionnary guess for selectors (list is in dkim_selectors.txt)

Specific to Microsoft 365:

  • SPF set to include M365 SPF
  • DKIM presence (selectors are predictable)

Examples

example 1

example 2