creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
ccce7d4e068efecc2f98c385c8e5c01d969fc9bc
Anthropic-Cybersecurity-Skills/skills/implementing-email-security-with-dmarc-dkim-spf/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

76 lines
2.2 KiB
Markdown
Raw Blame History

# API Reference: Email Security (SPF/DKIM/DMARC)
## dnspython TXT Query
```python
import dns.resolver
answers = dns.resolver.resolve("example.com", "TXT")
for rdata in answers:
txt = b"".join(rdata.strings).decode("utf-8")
```
## SPF Record Format
```
v=spf1 [mechanisms] [qualifier]all
```
| Mechanism | Example | Description |
|-----------|---------|-------------|
| `include:` | `include:_spf.google.com` | Include other SPF record |
| `ip4:` | `ip4:203.0.113.0/24` | Allow IPv4 range |
| `ip6:` | `ip6:2001:db8::/32` | Allow IPv6 range |
| `a:` | `a:mail.example.com` | Allow A record IP |
| `mx:` | `mx:example.com` | Allow MX record IPs |
| `redirect=` | `redirect=_spf.example.com` | Redirect to another SPF |
| Qualifier | Meaning | Effect |
|-----------|---------|--------|
| `-all` | Fail | Reject unauthorized senders |
| `~all` | Softfail | Accept but mark |
| `?all` | Neutral | No policy |
| `+all` | Pass | Allow all (insecure) |
**Limit**: Max 10 DNS lookups (includes, a, mx, ptr, exists, redirect).
## DKIM Record Query
```
{selector}._domainkey.{domain} TXT
```
```
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEB...
```
| Tag | Description |
|-----|-------------|
| `v` | Version (DKIM1) |
| `k` | Key type (rsa, ed25519) |
| `p` | Public key (Base64) |
| `t` | Flags (y=testing, s=strict) |
Common selectors: `google`, `default`, `selector1`, `selector2`, `k1`, `mail`, `dkim`, `s1`, `s2`, `mandrill`, `smtpapi`
## DMARC Record Query
```
_dmarc.{domain} TXT
```
```
v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100
```
| Tag | Values | Description |
|-----|--------|-------------|
| `p` | none/quarantine/reject | Policy for domain |
| `sp` | none/quarantine/reject | Subdomain policy |
| `pct` | 0-100 | Percentage of messages to apply policy |
| `rua` | mailto:URI | Aggregate report destination |
| `ruf` | mailto:URI | Forensic report destination |
| `adkim` | r/s | DKIM alignment (relaxed/strict) |
| `aspf` | r/s | SPF alignment (relaxed/strict) |
## Risk Scoring
| Condition | Score |
|-----------|-------|
| No SPF record | +40 critical |
| SPF +all | +40 critical |
| SPF ~all | +10 medium |
| No DKIM | +25 high |
| No DMARC | +40 critical |
| DMARC p=none | +25 high |
| DMARC pct < 100 | +10 medium |
Reference in New Issue View Git Blame Copy Permalink