GCA Intern: Improve DMARC and SPF advice #22
Conversation
Improved DMARC and SPF advice
Mapped 100% of the DMARC advisor's function with tests Cleaned up advice formatting
|
Hey @SeanM-temp, great first PR! Your DMARC improvements are appreciated; I used your PR as an opportunity to flesh out the existing DMARC tests :) Your SPF improvements are a good start, though I think the existing functionality can be improved (use the DMARC function as a starting point). Additionally, your "10 DNS lookup limit" advice is actually slightly misunderstood. This limit refers to the DNS lookups needed to validate the SPF record, not the quantity of keys found within the record. If you're able to improve this validation further, I'll happily merge this :) |
Added check and advice for DNS lookup limit and cyclic lookup.
Added recursive lookup to SPF advice
wolveix
changed the title
|
Thanks for the changes, @SeanM-temp! The existing separation of the |
-Merged Advisor and Scanner packages into Scanner package -Added MTA-STS scanning and advice -Added DNSSEC scanning -Improved STS advice
|
Hey @SeanM-temp, apologies that this hasn't been properly reviewed and/or merged yet! I intend to look over it soon :) |
# Conflicts: # cmd/dss/main.go # cmd/dss/scan.go # cmd/dss/serve.go # pkg/http/server.go # pkg/mail/server.go # pkg/mail/template.go # pkg/model/scan.go # pkg/scanner/requests.go # pkg/scanner/scanner.go
Adds additional checks for DMARC and SPF records.
DMARC
-Check for v=DMARC1
-Check for p= tag
-Verify akim and aspf values
SPF
-Warning for ptr mechanism
-Check for exceeding dns lookup limit