blob: 9c7447107480246c8aec02adaf127cab16ad1c71 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
defmodule Lithium.DMARC do
require Logger
def get_dmarc_record(domain) do
with {:ok, records} <- Lithium.DNS.fetch_txt("_dmarc." <> domain) do
filtered =
records
|> Enum.map(&String.trim/1)
|> Enum.filter(fn found_record ->
# As per Section 7.1, DMARC report authorisations also use a format of "v=DMARC1"
# We should check when we find a tag that it is not *just* a version record.
# It would technically be invalid to serve this DMARC report authorisation from
# _dmarc.domain.com, however from testing some people do peculiar deployments
# using wildcards and it ends up showing there.
# For now, we should probably be lenient and just ignore the report authorisation
# instead of tossing the entire DMARC validation process.
trimmed =
found_record
|> String.replace(" ", "")
String.starts_with?(trimmed, "v=DMARC1;") and trimmed != "v=DMARC1;"
end)
case filtered do
[] ->
{:error, :nxdomain}
[record] ->
{:ok, record}
_ ->
{:error, :multiple_records}
end
else
error ->
error
end
end
end
|
