- Fix tarball build (#78)
- Fix CSV output
- Always parse RUA and RUF fields, even if other parts of the record are invalid (PR #74)
- Convert documentation to markdown
- Migrate build from setuptools to hatch
- Migrate automated testing from Travis CI to GitHub Actions
- Pass in
nameserver
andtimeout
parameters when callingget_reverse_dns()
(Actually close issue #59)
- Use the system's DNS resolvers by default
- Make DMARC report destination errors warnings instead of fatal errors (Closes issue #54)
- Honor nameserver and DNS timeout settings when querying for PTR records (Closes issue #59)
- Separate
TLS
andSTARTTLS
checks (Closes issue #56) - Fix false positive SPF redirect loop error (Closes issue #55)
- Require the p tag to immediately follow the v tag (Closes issue #57)
- Loosen IP address checks (PR # 53)
- Include
nameservers
in call tocheck_wildcard_dmarc_report_authorization
(PR #51) - Fix
ipv4
validation and addipv6
validation (PR #52) - Fix
User-Agent
string
- Fix
publicsuffix2
minimum version
- Fix Python 3.4 support
- Fix warning introduced in newer versions of
publicsuffix2
(closes issue #46) - Set minimum dependency requirements (closes issue #47)
- Fix typo in Office 365 MX record verification warning
- Add test for DNSSEC (closes issue #44)
- Ignore SPF record content after the
all
mechanism (closes issue #45) - Use UDP instead of TCP for DNS queries
- Reduce default DNS timeout from
6.0
seconds to2.0
seconds - Require
dnspython>=1.16.0
- Make SPF mechanisms and modifiers case insensitive, in compliance with RFC 7208, sections 4.6.1 and 12 (#42)
- Raise a warning instead of an error when a MX hostname does not exist
- Raise a specific warning when a Office 365 MX domain validation record is detected
- Fix typo in DMARC authorization record warning (#38)
- Add support for validating wildcard DMARC report authorization records
- Support reserved TLDs in
get_base_domain()
(#39)
- Still check STARTTLS when reverse DNS lookup fails
- Disable STARTTLS/TLS checks when running on Windows to avoid
timeout_decorator
Windows incompatibility
- Better DNS exception handling
- Show errors instead of warnings when checking NS and MX records for non-existent domains
- Fix TLS/STARTTLS failure output
- Add warning if MX hosts are missing A or AAAA records
- Timeout SMTP TLS check after 5 seconds
- Debug output fixes
- Fix
--skip-tls
option - Replace
publicsuffix
withpublicsuffix2
- Fix
tls
andstarttls
CSV fields
- Test for SSL/TLS over port 465 if
STARTTLS
is not supported - Fix display of SSL/TLS errors
- Improve
STARTTLS
test
- Add option to CLI and API to skip STARTTLS testing
- Fix CSV output
- Fix debug logging
- Documentation fixes
- Refactor API and CLI
- Save
public_suffix_list.dat
to a temporary folder instead of the current working directory (CWD) - Emulate a browser HTTP
User-Agent
sting when downloadingpublic_suffix_list.dat
- Add requirement
requests
- Change list separator within CSV fields from
,
to|
- Fix returning
STARTTLS
results upon exception
- Fix debug output
- Fix crash when checking domains with more than 10 MX records
- Cache
STARTTLS
failures - Add warning for duplicate hostnames in MX records
- Increase cache sizes
- Disable check for SPF records on MX hostnames - too noisy
- Catch
BlockingIOError
exception when testingSTARTTLS
- Add warning if PTR records for MX do not match the hostname's A/AAAA records
- Use output path file extension to set output format
- Use substrings for matching approved 'MX' and 'NS' records, rather than the full string
- Add
get_nameservers()
to the API - Add
NS
record lookup to output asns
- Add
--ns
option to CLI for listing approved nameservers
- Fix
--mx
CLI option
- Bugfix: STARTTLS caching
- Add MX warnings for parked domains
- Increase default DNS timeout from 2.0 seconds to 6.0 seconds
- Bugfix: CSV format
-f csv
for starttls header - Bugfix: Always properly close a SMTP connection
- Cache DNS and STARTTLS results in memory
- Use python3 in docs Makefile for Sphinx build
- Add
--debug
option - Make warning about proper SPF records for MX hosts a only show with
--debug
(Very noisy - Many hosts use DKIM without SPF to DMARC align bouncebacks)
- Bugfix: Always raise warning when SPF type DNS records are found
- Add check for proper SPF records for MX hosts
- Add check for STARTTLS
- Add option
-p/--parked
to check for best practices for parked domains - Add option
--mx
to provide a list of approved MX hostnames - Add
query_bimi_record()
to the API
- Fix parsing of TXT records over multiple lines (PR #36)
- Fix false-negative SPF validation of
ipv4
mechanisms with a single digit CIDR notation (PR #35)
- Fix false-negative SPF and DMARC validations
- Fix report destination verification
- Reduce default DNS timeout to 2.0 seconds
- Always use
\n
as the newline when generating output
- Properly concatenate multi-line TXT records
- Fix exception generation
- Refactored
DMARCError
andSPFError
exceptions to support adding data to the results (seanthegeek) - Close #18 - include
dns_lookups
inspf
results when number of SPF lookups are exceeded (seanthegeek) - Added timeout rounding to the Exception classes (malvidin)
- Refactored
DMARCError
andSPFError
exceptions to support adding data to the results (seanthegeek) - Close #18 - include
dns_lookups
inspf
results when number of SPF lookups are exceeded (seanthegeek) - Added timeout rounding to the Exception classes (malvidin)
- PEP 8 fixes
- Close #32 - Raise
SPFSyntaxError
when an invalid value is encountered for anip4
SPF mechanism - Close #33 - Add
python3 setup.py sdist
tobuild.sh
, and publish source distribution to PyPI
- Close #31 - Public Suffix List checked before list is available (malvidin)
- Decrease precision of DNS timeout (malvidin)
- Close #15 - Add sorting of A/AAAA records (malvidin)
- Add basic logging of runtime warnings (seanthegeek)
- Use Cloudflare's DNS resolvers by default
- Fix DMARC record location when subdomain is missing record
- Fix typos
- prefix
.
topublic_suffix_list.dat
- Fix typo in help
- Treat
pct
< 1 as invalid - Issue warning if there are more that two URIs for
rua
orruf
(separate count)
- Allow whitespace in DMARC values
- Actually fix DMARC
rua
andruf
CSV output
- Fix DMARC
rua
andruf
CSV output
- More exception handling fixes
- Fix DNS report destination verification error message
- Yet more DNS error handling
- More DNS
SERVFAIL
handling - More descriptive warning if DMARC
pct
< 100
- Handle DNS failures better
- Properly handle a useless DMARC record at the root of a domain
- Use correct example output in documentation
- Replace
accenture.com
output from debugging withfbi.gov
output - That's what I get for copy/pasting without reading :(
- Replace
- Raise an error when multiple
spf1
TXT
records are found
- Fix external DMARC report destination validation
- Update sample output in documentation
- Improve DMARC regex for edge cases
- Use Organizational Domain when checking DMARC URI destination
- Simplify exceptions
- Refactor dome method return values
- Add more unit tests
- Many documentation improvements and fixes
- PEP 8 compliant
- Check for misplaced DMARC records
- Update documentation
- Write unit tests and deploy CI (#12)
- Fix a bug that causes all DMARC lookups to fail
- First unit tests
- Fix SPF loop false-positives (#20)
- Use the base/organizational domain name when validating DMARC report destinations (#21)
- Add more granular exception classes in preparation for unit tests in 2.0.0
- Fix SPF regex regression
- Make DMARC
p
required, as specified in the RFC - Improve SPF regex and syntax error details
- Update
mailto
regex to accept single char mailbox names - Clarify DMARC tag and value descriptions
- Pass in nameservers and timeout when querying for
MX
records
- Fix sample command in documentation
- Raise an error instead of a warning when DMARC reporting URIs cannot receive reports about a domain
- Fix JSON output structure or included/redirected SPF records
- Fix typo in error message
- Detect Requests for
_dmarc
records that actually return SPF records - Correct documentation for
get_mx_hosts(domain, nameservers=None, timeout=6.0)
- Update output sample in documentation
- Change in JSON structure - Separate DMARC URI scheme and address to better support potential future URI schemes
- Change in JSON structure - Parse
mailto:
DMARC URIs, including size limits (if any) - More granular Exception classes
- Updated documentation
- Refactor and simplify DNS queries
- Properly look for DMARC records in base/organizational domains
- Properly count DNS lookups for SPF
- Update sample output in the documentation
- Remove faulty
ruf
tag warning
- Fix another show-stopping bug :(
- Fix show-stopping bug
- Turn
rua
andruf
tag values in to lists - Fix conversion of lists to strings in CSVs
- Raise
DMARCWarning
if the value of thepct
tag is less than 100 - Raise
DMARCError
if the value of thepct
tag is less than 0 or greater than 100
- Proper parsing of DMARC tags
fo
andrf
- Improve regex for the DMARC
mailto:
URI __version__
only needs to be updated in one place now- Fix docstring formatting
- Properly handle DMARC records that are made up of multiple strings
- Allow input file to be a CSV where the domain is the first field; all other fields are ignored
- Better handling of invalid DMARC values
- Rearrange the order of the CSV fields to that the longest entries are to the right
- Documentation improvements
- Fix external DMARC report destination validation
- Count each MX resource record once
- Clarify warning messages
- Pass timeout in for SPF queries when outputting in CSV format
- Raise default timeout to 6 seconds
- Only include hostname in mx SPF mechanism results
- Show MX preference in output
- Sort MX records by preference
- Mark package as supporting Python 3 only (Python 2 was never actually supported because Pyleri does not support it)
- Removed all previous versions from PyPI so someone doesn't think Python 2 was supported when it never was
- Change default timeout to 4 seconds
- Use ; to delimit warnings and MX records in CSV format
- Add MX warnings to output
- Fix DMARC warning CSV output
- Separate SPF MX record limit from SPF DNS mechanism limit
- Fix DMARC CSV output
- Fix more SPF exceptions
- Fix SPF exceptions
- Fix DMARC record discovery
- Rename mx domain key to hostname
- Add example output to README
- Fix PyPI readme display
- Fix typos
- Add MX records to output
- Fix
--timeout/-t
option - Add
--wait/-w
option
- Make SPF loops errors instead of warnings
- Check SPF records for
redirect
loops
- Ignore blank lines/domains in input
- Include the DMARC organizational domain in JSON and CSV output
- Change CSV field order for readability
- Make JSON output order consistent
- Resolve SPF
redirect
- Put include results in a JSON list
- Count
exists
SPF mechanisms in the overall SPF query limit - Make
a
SPF mechanisms count as one lookup instead of twocheckdmarc
actually makes two queries pera
mechanism, one forA
records, and one forAAAA
records. However, RFC 7208, Section 1.6.4 only mentions counting the mechanisms that use lookups (i.e.mx
,a
,exists
,include
, andredirect
), and including eachMX
record returned in the overall count, (since those in turn will need to be resolved). This alignscheckdmarc
with 3rd party SPF validators at MxToolbox and DMARC Analyzer
- Removed from PyPI due to bugs
- Subdomains inherit the DMARC record of the organizational domain
- Removed from PyPI due to bugs
- Validate existence of MX amd A/AAAA records
- Add a
--timeout/-t
option - Improve DMARC record syntax validation
- Check for SPF include loops
- Validate
rua
andruf
URIs - Fail SPF validation if query limit reached RFC 7208, Section 1.6.4
- First release on PyPi (since removed due to bugs)
- Initial commit to GitHub