Created
October 23, 2024 13:17
-
-
Save RichardoC/7f9b9c2a4f93ef93a38a7edee38d8042 to your computer and use it in GitHub Desktop.
Verify if DMARC, DKIM etc set up properly for Google Workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Before running you'll need to do | |
| # pip3 install dnspython | |
| # Run this script by | |
| # python3 check_email_dns.py yourdomain.example.com | |
| # Generated by chatgpt o1-preview, with a few human tweaks. | |
| import dns.resolver | |
| def check_spf(domain): | |
| """Check if the SPF record includes Google's SPF.""" | |
| try: | |
| answers = dns.resolver.resolve(domain, 'TXT') | |
| except dns.resolver.NoAnswer: | |
| print(f"No TXT records found for {domain}") | |
| return False | |
| except dns.resolver.NXDOMAIN: | |
| print(f"Domain {domain} does not exist") | |
| return False | |
| spf_record_found = False | |
| for rdata in answers: | |
| txt = ''.join([s.decode('utf-8') for s in rdata.strings]) | |
| if txt.startswith('v=spf1'): | |
| spf_record_found = True | |
| if 'include:_spf.google.com' in txt: | |
| print(f"SPF record includes Google's SPF: {txt}") | |
| return True | |
| else: | |
| print(f"SPF record does not include Google's SPF: {txt}") | |
| return False | |
| if not spf_record_found: | |
| print(f"No SPF record found for {domain}") | |
| return False | |
| def check_dkim(domain): | |
| """Check if the DKIM record is set up correctly with the default selector 'google'.""" | |
| selector = 'google' | |
| dkim_domain = f"{selector}._domainkey.{domain}" | |
| try: | |
| answers = dns.resolver.resolve(dkim_domain, 'TXT') | |
| for rdata in answers: | |
| txt = ''.join([s.decode('utf-8') for s in rdata.strings]) | |
| if txt.startswith('v=DKIM1'): | |
| print(f"Valid DKIM record found for {dkim_domain}: {txt}") | |
| return True | |
| else: | |
| print(f"Invalid DKIM record for {dkim_domain}: {txt}") | |
| return False | |
| except dns.resolver.NoAnswer: | |
| print(f"No DKIM record found for {dkim_domain}") | |
| return False | |
| except dns.resolver.NXDOMAIN: | |
| print(f"DKIM domain {dkim_domain} does not exist") | |
| return False | |
| def check_dmarc(domain): | |
| """Check if the DMARC record is set up correctly.""" | |
| dmarc_domain = f"_dmarc.{domain}" | |
| try: | |
| answers = dns.resolver.resolve(dmarc_domain, 'TXT') | |
| for rdata in answers: | |
| txt = ''.join([s.decode('utf-8') for s in rdata.strings]) | |
| if txt.startswith('v=DMARC1'): | |
| print(f"Valid DMARC record found: {txt}") | |
| return True | |
| else: | |
| print(f"Invalid DMARC record: {txt}") | |
| return False | |
| except dns.resolver.NoAnswer: | |
| print(f"No DMARC record found for {dmarc_domain}") | |
| return False | |
| except dns.resolver.NXDOMAIN: | |
| print(f"DMARC domain {dmarc_domain} does not exist") | |
| return False | |
| if __name__ == '__main__': | |
| import sys | |
| if len(sys.argv) != 2: | |
| print("Usage: python check_email_dns.py domain.com") | |
| sys.exit(1) | |
| domain = sys.argv[1] | |
| print(f"Checking DNS records for domain: {domain}") | |
| spf_ok = check_spf(domain) | |
| dkim_ok = check_dkim(domain) | |
| dmarc_ok = check_dmarc(domain) | |
| print("\nResults:") | |
| print(f"SPF check passed: {'Yes' if spf_ok else 'No'}") | |
| print(f"DKIM check passed: {'Yes' if dkim_ok else 'No'}") | |
| print(f"DMARC check passed: {'Yes' if dmarc_ok else 'No'}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment