Authentication Tools
The Email Deliverability Library provides comprehensive tools for setting up, validating, and analyzing email authentication standards: SPF, DKIM, and DMARC.
SPF (Sender Policy Framework)
SPF allows email receivers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators.
from email_deliverability import DeliverabilityManager
manager = DeliverabilityManager(domain="example.com")
# Check if SPF record exists
if manager.spf.verify_record_exists():
print("SPF record exists")
# Analyze the SPF record
analysis = manager.spf.analyze_record()
print(f"SPF Record: {analysis['record']}")
if analysis['issues']:
print("Issues found:")
for issue in analysis['issues']:
print(f"- {issue}")
else:
print("No SPF record found")
# Generate a basic SPF record
record = manager.spf.generate_record(
authorized_servers=["192.0.2.0/24", "198.51.100.1"],
include_domains=["_spf.google.com", "mailgun.org"],
policy="-all" # Strict policy
)
print(f"Suggested SPF record: {record}")
DKIM (DomainKeys Identified Mail)
DKIM provides a way for senders to digitally sign their emails, allowing receivers to verify that the content hasn’t been altered in transit.
# Generate a new DKIM key pair
private_key, record = manager.dkim.generate_keypair(key_size=2048)
print("Private key (keep this secure!):")
print(private_key[:100] + "...") # Show just the beginning
print("\nDNS TXT record to publish:")
print(record)
# Analyze existing DKIM record
if manager.dkim.verify_record_exists():
analysis = manager.dkim.analyze_record()
if analysis['issues']:
print("DKIM issues:")
for issue in analysis['issues']:
print(f"- {issue}")
# Example of using DKIM to sign an email
email_content = "Subject: Test\r\nFrom: sender@example.com\r\n\r\nThis is a test email."
signature = manager.dkim.sign_email(email_content, private_key)
print(f"DKIM-Signature: {signature}")
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC allows domain owners to publish policies for how email receivers should handle messages that fail SPF and DKIM checks.
# Check if DMARC record exists
if manager.dmarc.verify_record_exists():
analysis = manager.dmarc.analyze_record()
print(f"DMARC Record: {analysis['record']}")
print(f"Policy: {analysis['parsed'].get('p', 'none')}")
if analysis['issues']:
print("DMARC issues:")
for issue in analysis['issues']:
print(f"- {issue}")
else:
# Generate DMARC record
record = manager.dmarc.generate_record(
policy="quarantine", # Suspicious messages go to spam
subdomain_policy="reject", # Strict policy for subdomains
reporting_email="dmarc@example.com",
percentage=100, # Apply to 100% of messages
spf_strict=False, # Relaxed SPF alignment
dkim_strict=False # Relaxed DKIM alignment
)
print(f"Suggested DMARC record: {record}")
Comprehensive Authentication Analysis
Analyze all authentication mechanisms at once:
# Analyze all authentication methods
results = manager.analyze_domain_setup()
print(f"Authentication Score: {results['overall_score']}/100")
for auth_type in ['spf', 'dkim', 'dmarc']:
status = "✓" if results[auth_type]['exists'] else "✗"
print(f"{auth_type.upper()}: {status}")
if results['recommendations']:
print("\nRecommendations:")
for rec in results['recommendations']:
print(f"- {rec}")