checkdmarc

A Python module and command line parser for SPF and DMARC records

Project description

checkdmarc

A Python module and command line utility for validating SPF and DMARC DNS records

usage: checkdmarc  [-h] [-p] [--ns NS [NS ...]] [--mx MX [MX ...]] [-d]
                   [-f FORMAT] [-o OUTPUT [OUTPUT ...]]
                   [-n NAMESERVER [NAMESERVER ...]] [-t TIMEOUT] [-v]
                   [-w WAIT] [--skip-tls] [--debug]
                   domain [domain ...]

 Validates and parses SPF amd DMARC DNS records

 positional arguments:
   domain                one or more domains, or a single path to a file
                         containing a list of domains

 optional arguments:
   -h, --help            show this help message and exit
   -p, --parked          indicate that the domains are parked
   --ns NS [NS ...]      approved nameserver substrings
   --mx MX [MX ...]      approved MX hostname substrings
   -d, --descriptions    include descriptions of DMARC tags in the JSON output
   -f FORMAT, --format FORMAT
                         specify JSON or CSV screen output format
   -o OUTPUT [OUTPUT ...], --output OUTPUT [OUTPUT ...]
                         one or more file paths to output to (must end in .json
                         or .csv) (silences screen output)
   -n NAMESERVER [NAMESERVER ...], --nameserver NAMESERVER [NAMESERVER ...]
                         nameservers to query (Default is Cloudflare's
   -t TIMEOUT, --timeout TIMEOUT
                         number of seconds to wait for an answer from DNS
                         (default 6.0)
   -v, --version         show program's version number and exit
   -w WAIT, --wait WAIT  number of seconds to wait between checking domains
                         (default 0.0)
   --skip-tls            skip TLS/SSL testing
   --debug               enable debugging output

Warning

It is strongly recommended to not use the --nameserver/-n setting. By default, checkdmarc uses Cloudflare’s public resolvers, which are much faster and more reliable than Google, Cisco OpenDNS, or even most local resolvers.

The --nameservers/-n option should only be used if your network blocks DNS requests to outside resolvers.

$ checkdmarc fbi.gov

{
  "domain": "fbi.gov",
  "base_domain": "fbi.gov",
  "ns": {
    "hostnames": [
      "a1.fbi.gov",
      "a2.fbi.gov",
      "a3.fbi.gov"
    ],
    "warnings": []
  },
  "mx": {
    "hosts": [
      {
        "preference": 10,
        "hostname": "mx-east.fbi.gov",
        "addresses": [
          "153.31.160.5"
        ],
        "tls": true,
        "starttls": true
      }
    ],
    "warnings": []
  },
  "spf": {
    "record": "v=spf1 +mx ip4:153.31.0.0/16 -all",
    "valid": true,
    "dns_lookups": 1,
    "warnings": [],
    "parsed": {
      "pass": [
        {
          "value": "mx-east.fbi.gov",
          "mechanism": "mx"
        },
        {
          "value": "153.31.0.0/16",
          "mechanism": "ip4"
        }
      ],
      "neutral": [],
      "softfail": [],
      "fail": [],
      "include": [],
      "redirect": null,
      "exp": null,
      "all": "fail"
    }
  },
  "dmarc": {
    "record": "v=DMARC1; p=reject; rua=mailto:dmarc-feedback@fbi.gov,mailto:reports@dmarc.cyber.dhs.gov; ruf=mailto:dmarc-feedback@fbi.gov; pct=100",
    "valid": true,
    "location": "fbi.gov",
    "warnings": [],
    "tags": {
      "v": {
        "value": "DMARC1",
        "explicit": true
      },
      "p": {
        "value": "reject",
        "explicit": true
      },
      "rua": {
        "value": [
          {
            "scheme": "mailto",
            "address": "dmarc-feedback@fbi.gov",
            "size_limit": null
          },
          {
            "scheme": "mailto",
            "address": "reports@dmarc.cyber.dhs.gov",
            "size_limit": null
          }
        ],
        "explicit": true
      },
      "ruf": {
        "value": [
          {
            "scheme": "mailto",
            "address": "dmarc-feedback@fbi.gov",
            "size_limit": null
          }
        ],
        "explicit": true
      },
      "pct": {
        "value": 100,
        "explicit": true
      },
      "adkim": {
        "value": "r",
        "explicit": false
      },
      "aspf": {
        "value": "r",
        "explicit": false
      },
      "fo": {
        "value": [
          "0"
        ],
        "explicit": false
      },
      "rf": {
        "value": [
          "afrf"
        ],
        "explicit": false
      },
      "ri": {
        "value": 86400,
        "explicit": false
      },
      "sp": {
        "value": "reject",
        "explicit": false
      }
    }
  }
}

Installation

checkdmarc requires Python 3.

On Debian or Ubuntu systems, run:

$ sudo apt-get install python3-pip

Python 3 installers for Windows and macOS can be found at https://www.python.org/downloads/

To install or upgrade to the latest stable release of checkdmarc on macOS or Linux, run

$ sudo -H pip3 install -U checkdmarc

Or, install the latest development release directly from GitHub:

$ sudo -H pip3 install -U git+https://github.com/domainaware/checkdmarc.git

Note

On Windows, pip3 is pip, even with Python 3. So on Windows, simply substitute pip as an administrator in place of sudo pip3, in the above commands.

Documentation

https://domainaware.github.io/checkdmarc

Bug reports

Please report bugs on the GitHub issue tracker

https://github.com/domainaware/checkdmarc/issues

Resources

DMARC guides

Demystifying DMARC - A complete guide to SPF, DKIM, and DMARC

Project details

Release history Release notifications

This version

4.1.10

May 19, 2019

4.1.9

Apr 14, 2019

4.1.8

Apr 2, 2019

4.1.7

Mar 24, 2019

4.1.6

Mar 4, 2019

4.1.5

Mar 4, 2019

4.1.4

Mar 4, 2019

4.1.3

Feb 25, 2019

4.1.2

Feb 18, 2019

4.1.1

Feb 14, 2019

4.0.2

Feb 12, 2019

4.0.1

Feb 11, 2019

4.0.0

Feb 11, 2019

3.1.2

Feb 10, 2019

3.1.1

Jan 31, 2019

3.1.0

Jan 23, 2019

3.0.3

Jan 7, 2019

3.0.2

Nov 26, 2018

3.0.1

Nov 21, 2018

3.0.0

Nov 20, 2018

2.9.2

Nov 16, 2018

2.9.1

Nov 16, 2018

2.9.0

Nov 16, 2018

2.8.0

Nov 9, 2018

2.7.3

Sep 29, 2018

2.7.2

Sep 26, 2018

2.7.1

Sep 24, 2018

2.7.0

Sep 19, 2018

2.6.3

Sep 19, 2018

2.6.2

Aug 18, 2018

2.6.1

Jul 30, 2018

2.6.0

Jul 29, 2018

2.5.1

Jul 26, 2018

2.5.0

Jul 26, 2018

2.4.0

Jul 18, 2018

2.3.0

Jun 10, 2018

2.2.0

Jun 9, 2018

2.1.15

Feb 7, 2018

2.1.14

Feb 7, 2018

2.1.13

Feb 2, 2018

2.1.12

Jan 29, 2018

2.1.11

Jan 28, 2018

2.1.10

Jan 28, 2018

2.1.9

Jan 28, 2018

2.1.8

Jan 28, 2018

2.1.7

Jan 28, 2018

2.1.6

Jan 28, 2018

2.1.5

Jan 28, 2018

2.1.4

Jan 27, 2018

2.1.3

Jan 27, 2018

2.1.2

Jan 26, 2018

2.1.1

Jan 25, 2018

2.1.0

Jan 20, 2018

2.0.0

Jan 16, 2018

1.8.1

Jan 15, 2018

1.8.0

Jan 14, 2018

1.7.10

Jan 9, 2018

1.7.9

Jan 8, 2018

1.7.8

Jan 1, 2018

1.7.7

Dec 31, 2017

1.7.6

Dec 31, 2017

1.7.5

Dec 30, 2017

1.7.4

Dec 30, 2017

1.7.3

Dec 30, 2017

1.7.2

Dec 29, 2017

1.7.1

Dec 28, 2017

1.7.0

Dec 27, 2017

1.6.1

Dec 25, 2017

1.6.0

Dec 23, 2017

1.5.4

Dec 23, 2017

1.5.3

Dec 23, 2017

1.5.1

Dec 23, 2017

1.4.0

Dec 23, 2017

1.3.8

Dec 22, 2017

1.3.7

Dec 21, 2017

1.3.6

Dec 21, 2017

1.3.5

Dec 21, 2017

1.3.4

Dec 21, 2017

1.3.3

Dec 21, 2017

1.3.2

Dec 21, 2017

1.3.1

Dec 20, 2017

1.3.0

Dec 20, 2017

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help	File type	Python version	Upload date
checkdmarc-4.1.10-py3-none-any.whl (25.9 kB) Copy SHA256 hash SHA256	Wheel	py3	May 19, 2019
checkdmarc-4.1.10.tar.gz (22.8 kB) Copy SHA256 hash SHA256	Source	None	May 19, 2019