zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-05 23:56:50 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Tighten the screws on spammers with DMARC
Some checks failed
Queries per Second shields.io badge / update-qps-gist (push) Has been cancelled
Details
Nameservers / check-dns (push) Has been cancelled
Details
CI Tests / build (push) Has been cancelled
Details

Browse Source 
From @brakhane:

> While the recent release sets the SPF policy to fail, it might not be
enough to deter spammers, as some services might still deliver mail that
fails the check if no DMARC policy is set.

With this commit, we set DMARC TXT records for both nip.io and
sslip.io., e.g.

```
dig txt _dmarc.nip.io. +short
```

results in

```
"v=DMARC1; p=reject"
```

By the way, this is identical to google.com's DMARC record with the
exception of reporting (`rua=...`). We dispense with reporting. I don't
have time to read DMARC reports.

[fixes #99]
This commit is contained in:
Brian Cunnie
2025-08-28 08:27:28 -07:00
parent 20cdbd668e
commit e79e345453
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
integration_test.go
View File

@@ -342,6 +342,27 @@ var _ = Describe("sslip.io-dns-server", func() {
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeTXT sslip.io. \? \["protonmail-verification=ce0ca3f5010aa7a2cf8bcc693778338ffde73e26"\], \["v=spf1 include:_spf.protonmail.ch mx -all"\]\n`))
})
})
When(`the DMARC records are queried`, func() {
It(`returns the nip.io DMARC TXT record`, func() {
digArgs = "@localhost _dmarc.nip.io. txt +short -p " + strconv.Itoa(port)
digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`"v=DMARC1; p=reject"`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeTXT _dmarc\.nip\.io\. \? \["v=DMARC1; p=reject"\]\n`))
})
It(`returns the sslip.io DMARC TXT record`, func() {
digArgs = "@localhost _dmarc.sslip.io. txt +short -p " + strconv.Itoa(port)
digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`"v=DMARC1; p=reject"`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeTXT _dmarc\.sslip\.io\. \? \["v=DMARC1; p=reject"\]\n`))
})
})
When(`a record for an "_acme-challenge" domain is queried`, func() {
When(`it's an NS record`, func() {
It(`returns the NS record of the query with the "_acme-challenge." stripped`, func() {