Commit graph

22 commits

Author SHA1 Message Date
a65b8084ee dns: add ReturnOK check for sender domain reachability
Verify that the From and Return-Path domains can actually receive replies
and bounces, mirroring Fastmail's authentication_milter ReturnOK handler.
Each domain is checked for MX records, falling back to A/AAAA (implicit MX)
and then to the organizational domain, yielding a pass/warn/fail status.
Adds return_ok to DNSResults, a 10-point DNS sub-score penalty per domain
that is wholly unreachable, and a new "Return Address Reachability" card.
2026-06-06 16:44:24 +09:00
e168446b44 dns: add HELO/PTR consistency check
Compare the HELO/EHLO hostname announced by the sending server (first
Received hop) against the sender IP's PTR records, surfacing the same
signal as x-ptr/policy.ptr in Authentication-Results. Adds helo_hostname
and helo_ptr_match to DNSResults, applies a 15-point PTR sub-score
penalty on mismatch, and displays the result in a new HELO/PTR
Consistency card.
2026-06-06 16:13:34 +09:00
1516991057 dmarc: implement RFC 7489 org-domain fallback and RFC 9091 PSD DMARC
DMARC lookup now follows the full RFC 7489 §6.6.3 fallback chain: exact
From domain → organizational domain (eTLD+1 via PSL) → public suffix
domain (RFC 9091, only when psd=y is present). DNS errors abort
immediately without triggering fallback; NXDOMAIN and missing v=DMARC1
records do trigger it. The found domain is exposed in the new
DMARCRecord.domain field for reporting purposes.

Also promote getOrganizationalDomain to a package-level function so both
HeaderAnalyzer and DNSAnalyzer can share it, and fix pre-existing
rbl_test.go compilation errors and stale score expectations.

Closes: #98
2026-05-18 17:03:58 +08:00
ac9b567025 web: Format code files 2026-01-24 19:18:26 +08:00
718b624fb8 Add domain only tests 2025-10-31 11:15:15 +07:00
8769514f1c Don't deduce point on weak SPF all qualifier, when DMARC is configured
All checks were successful
continuous-integration/drone/push Build is passing
2025-10-28 11:42:23 +07:00
0325139461 Add a dark mode 2025-10-26 21:42:58 +07:00
53a48cba07 Fix typescript/svelte checks 2025-10-26 21:42:58 +07:00
7ed347c86e Improve test display in some circonstancies 2025-10-25 03:31:29 +07:00
3588af3267 Add links to section 2025-10-25 03:31:29 +07:00
3d03bfc4fa Handle relaxed domain match 2025-10-25 03:31:29 +07:00
84a504d668 Add reverse lookup and forward confirmation 2025-10-25 03:31:29 +07:00
a6448a1533 Split DnsRecordsCard in several components 2025-10-25 03:28:44 +07:00
e5c678174c Comprehensive DMARC record checks 2025-10-25 03:28:44 +07:00
a97729fea6 Tests design and descriptions 2025-10-24 09:56:35 +07:00
4149a5de92 Truncate DKIM record 2025-10-24 09:56:35 +07:00
8ca4bed875 SPF check return-path 2025-10-24 09:56:35 +07:00
f6a1ea73a2 Check SPF include 2025-10-24 09:56:35 +07:00
a64b866cfa Add grades 2025-10-24 09:56:35 +07:00
abfd1f0155 Add a score to DNS 2025-10-23 18:09:23 +07:00
ec1ab7886e Rework DNS results 2025-10-23 10:40:12 +07:00
d87b0cbcb0 Remove checks 2025-10-23 10:40:12 +07:00