mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.4 KiB
1.4 KiB
API Reference: Implementing DMARC/DKIM/SPF Email Security
dnspython Lookups
import dns.resolver
# SPF
answers = dns.resolver.resolve("example.com", "TXT")
# DMARC
answers = dns.resolver.resolve("_dmarc.example.com", "TXT")
# DKIM
answers = dns.resolver.resolve("selector._domainkey.example.com", "TXT")
SPF Record Syntax
| Mechanism | Example | Meaning |
|---|---|---|
include: |
include:_spf.google.com |
Authorize sender |
ip4: |
ip4:203.0.113.0/24 |
Allow IP range |
-all |
End of record | Hard fail others |
~all |
End of record | Soft fail (weak) |
+all |
End of record | Allow all (insecure) |
DMARC Policy Levels
| Policy | Action | Severity if Missing |
|---|---|---|
p=reject |
Reject failing mail | Recommended |
p=quarantine |
Send to spam | Acceptable |
p=none |
Monitor only | HIGH risk |
Recommended DNS Records
# SPF
v=spf1 include:_spf.google.com -all
# DMARC
v=DMARC1; p=reject; pct=100; rua=mailto:dmarc@example.com; adkim=s; aspf=s
# DKIM (provider-specific key)
selector._domainkey.example.com TXT "v=DKIM1; k=rsa; p=MIIBIjAN..."
References
- SPF RFC 7208: https://www.rfc-editor.org/rfc/rfc7208
- DMARC RFC 7489: https://www.rfc-editor.org/rfc/rfc7489
- DKIM RFC 6376: https://www.rfc-editor.org/rfc/rfc6376
- dnspython: https://dnspython.readthedocs.io/