For a given occasion I wrote Small Python script to test a domain for DMARC, DKIM and SPF records. Those records are managed in a DNS zone and are typically used in Anti-SPAM techniques.
DKIM requires a so-called DKIM Selector, which can be extracted from the header of an email sent to yourself (or of any other email).
It’s possible to use dig and query those records manually, but for repeating tests I prefer one simple command line tool which do those three test in one go.
For Python, the nice toolkit dnspython exists to do all the DNS query work. I’m importing this toolkit and argparse in my script. The script gets a nice ASCII banner because ASCII banners are cool ;)
This is the first test case which tests for the DMARC record. The test tries to resolve the _dmarc.domain.tldTXT record in DNS. In the returned DNS data the script looks for the string DMARC1. If the string exists, the test is PASSED, if not the test if FAILED.
Similar like for DMARC the script tests for DKIM. The so-called DKIM Selector must be extracted from the email headers. This test tries to resolve [selector]._domainkey.domain.tld. The returned DNS data is then checked for the string DKIM1.
The test for SPF record is performed in the same way. In the returned DNS data the script looks for the string spf1. If the string was found, the test is PASSED, if not the test is FAILED.
As test I checked if the script is running in Windows Subsystem for Linux. As domain I tested microsoft.com with their DKIM selector selector2. The result showed that all three testes are passed and the records are shown. A test against another domain showed failed for DKIM and DMARC, but passed for SPF.