dotbatmanno / psget-domain-mailinfo Goto Github PK
View Code? Open in Web Editor NEWPowerShell script to get domain mail info and control status such as MX, SPF, DKIM, DMARC and StartTLS.
License: GNU General Public License v3.0
PowerShell script to get domain mail info and control status such as MX, SPF, DKIM, DMARC and StartTLS.
License: GNU General Public License v3.0
The CLI output is not reusable in the pipeline due to use of Write-Host (!).
Need to switch to using Write-Object
The script will not be able to report the correct information if the site has split-dns or you have a need to check records from regional DNS servers.
A command line or configuration file option should be available to specify which DNS server to send the requests to.
[Feature request proposed by colleague]
This test should be on by default, but also be disabled with the flag -CheckSpoofable 0
Output should have a flag for IsSpoofable.
Another graph should be created.
Flag should be True if any of the following conditions are met:
Add support / recommendation for adding a blank DKIM record to domains that are not used for e-mail
*._domainkey. TXT "v=DKIM1; p="
DKIM check should identify blank DKIM record to add to scoring capability.
See https://www.gov.uk/guidance/protect-domains-that-dont-send-email
Clean up main script by moving check to see if CSVFile is available for Write to a function.
To support StartTLS we should also implement and verify DANE.
Add CheckDANE as another option, currently the default could be False
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
The script skips checking for DMARC, and possibly other policies, if there is no MX record.
This could be considered a bug, however the script does say #N/A rather than None.
This default of not checking should be highlighted to users. If possible consider adding an option to force checking of specific / all policies, regardless of MX records.
To recreate the issue run the script against any domain that has a DMARC policy but no MX record.
The domain this was noticed for was coronavirus.gov, see https://internet.nl/mail/coronavirus.gov/399588/.
The documentation needs to be updated to demonstrate the StartTLS testing.
Should also add the testing of StartTLS as an (optional) command line parameter.
One domain may use multiple DKIM selectors, e.g. Microsoft Exchange Online uses Selector1 and Selector2 by default.
Add support for checking DNSSEC
DNSSEC is really required to ensure all the other policies we are verifying are working as intended.
https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
If the queried TXT record is broken over multiple lines the script will not concatenate the parts into one string.
Reproducing the issue
Query a domain that has a TXT record, e.g. SPF, that is long and broken over multiple lines.
Expected behavior
The script should join all lines of the returned TXT record into one string.
Generate a pie-chart showing results in an easily displayed way
Add code to allow the DKIM Selector(s) to be specified per domain in the text file that is read
If a query for _domainkey. domainname. tld returns NOERROR then there is a high probability that there is at least one selectlr. _domainkey entry?!
In the case of Microsoft Online Selector1._domainkey.domainname.tld should be a CNAME pointing to onmicrosoft.com where the actual DKIM Selector TXT record is published.
If so, return Selector1=selector1-domainname-tld._domainkey.domainname.onmicrosoft.com
Add verification that the . (dot) MX record has a preference of 0.
Allow users to check more than one domain from the command line interface.
Use a CSV file to define the score to give, this allows for customization by user.
Combine existence of records with strength of records to give total score.
SPF Qualifier | Policy | Protection
-----------------------------------
+all | Pass | None
~all | Softfail | Weak
-all | Fail | Strong
SPF, DKIM and DMARC existence could score as shown below:
SPF_DKIM_DMARC | Protection
-------------------------------------
False, False, False | None
False, False, True | None
False, True, False | Weak
False, True, True | Weak
True, False, False | Weak
True, False, True | Strong
True, True, False | Strong
True, True, True | Strong
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.