blob: 1be5da3e228ed2fe9f18ce7b72a08378075b985f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
defmodule Lithium.DMARC do
require Logger
def get_dmarc_record(domain) do
with od <- Lithium.Util.PublicSuffix.get_domain(domain),
{:ok, records} <- Lithium.DNS.fetch_txt("_dmarc." <> od) do
filtered =
records
|> Enum.map(&String.trim/1)
|> Enum.filter(fn found_record ->
# As per Section 7.1, DMARC report authorisations also use a format of "v=DMARC1"
# We should check when we find a tag that it is not *just* a version record.
# It would technically be invalid to serve this DMARC report authorisation from
# _dmarc.domain.com, however from testing some people do peculiar deployments
# using wildcards and it ends up showing there.
# For now, we should probably be lenient and just ignore the report authorisation
# instead of tossing the entire DMARC validation process.
trimmed =
found_record
|> String.replace(" ", "")
String.starts_with?(trimmed, "v=DMARC1;") and trimmed != "v=DMARC1;"
end)
case filtered do
[] ->
{:error, :nxdomain}
[record] ->
{:ok, record}
_ ->
{:error, :multiple_records}
end
else
error ->
error
end
end
end
|
