authheaders

Release 0.13.0

A library wrapping email authentication header verification and generation.

Homepage PyPI Python

Keywords
email, headers, SPF, DKIM, DMARC, ARC
License
MIT
Install
pip install authheaders==0.13.0

Documentation

Authentication Headers

This is a Python library for the generation of email authentication headers.

Authentication

The library can perform DKIM, SPF, and DMARC validation, and the results are packaged into the Authentication-Results header.

authenticate_message(message, "example.com", ip='192.168.50.81', mail_from="test.com", helo="domain.of.sender.net")

Authentication-Results: example.com; spf=none smtp.helo=domain.of.sender.net smtp.mailfrom=test.com; 
    dkim=pass header.d=valimail.com; dmarc=pass header.from=valimail.com

Signature

The library can DKIM and ARC sign messages and output the corresponding signature headers.

sign_message(msg, b"dummy", b"example.org", privkey, b"from:to:date:subject:mime-version:arc-authentication-results".split(b':'), sig='ARC', auth_res=auth_res, timestamp="12345")

ARC-Seal: i=1; cv=none; a=rsa-sha256; d=example.org; s=dummy; t=12345; 
    b=FWOEyeRJ8YiqKt9x9GaZF62z/iy9i2606XLlnLC+Mfzf+8M92eWPPb50Pa+9d1iMwVRVeE
     8Rsdh6a7t+on2vLqBzFCuhA48AyQBVOMf4YgYKIxYbVHa5TD7GUOGSNCse8PGblJTcogmTL7
     FhApk4DJZQkuE4EWrMRMpzfxG24l4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=example.org; s=dummy; t=12345; 
    h=from : to : date : subject : mime-version : arc-authentication-results; 
    bh=KWSe46TZKCcDbH4klJPo+tjk5LWJnVRlP5pvjXFZYLQ=; 
    b=LNev0+5hTRq5x+38IWMxbyZBXxZS6Ddacbul1XE7lEBKDXxh9MUvdGvCqdDoSSlUmJyx/s
     PLfucMfmftarx1xVIRPJeUrtuOZuUdQMPVpQcfQJ9pUfE1TG1KS4E2suCz3TF7uxu5OjaP21
     mjquuQP5lQe2fsnwBjBgVFcsSAwPw=
ARC-Authentication-Results: i=1; lists.example.org; spf=pass smtp.mfrom=jqd@d1.example; 
    dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass

Public Suffix List (PSL)

DMARC uses the public suffix list (https://publicsuffix.org) to determine organizational boundaries. An embedded copy of the list is included in the package.

The PSL does not change rapidly. A setup.py extension is provided to download the current revision. This should be run prior to new package releases and may also be run prior to local package installation (if installing via setuptools from a local copy of the package):

$ python3 setup.py pslupdate
$ python3 setup.py install

Some operating systems offer a system copy of the PSL. When available, it should be used, since they are generally kept updated. As an example, in Debian GNU/Linux, prior to installation of this package, one would install the publicsuffix package and then update this package's configuration to use it instead:

$ sudo apt install publicsuffix
$ python3 setup.py psllocal --path='/usr/share/publicsuffix/public_suffix_list.dat'
$ python3 setup.py install

DMARC Policy Flag

As of version 0.12, an optional policy flag (default is False) is provided for authenticate_message. If set, DMARC policy recommendations are included instead of the default raw DMARC result. Results are based on domain (or org domain) policy as modified by subdomain ('sp') policy or non-existent domain ('np') policy. The new 'np' tag is defined in RFC 9091.

dmarc-policy-find script

As of version 0.15, a script to lookup DMARC policy for a domain is included.

By default, it uses RFC 7489's policy or organizational domain approach. It can also use the extended/updated RFC 9091 (PSD DMARC) and DMARCbis designs instead.

PSD (Public Suffix Domain) DMARC

As of version 0.11, support for the experimental PSD DMARC extension is provided (See https://datatracker.ietf.org/doc/rfc9091/ for details). It is not enabled by default.

There are currently two operational sources of PSD DMARC participants (both at psddmarc.org). One is an IANA like registry which can be downloaded at package build time and used locally. It works in a manner similar to the PSL update option above:

$ python3 setup.py psddmarc
$ python3 setup.py install

If the registry file is not present, the alternative DNS lookup mechansin is used.

Both approaches are described at psddmarc.org.

DMARCbis

As of version 0.15, support for the work in progress DMARCbis organizational domain and policy discovery methods is included (up to DMARCbis-29) is provided (See https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/ for details). It is not enbabled by default. It uses neither the PSL nor the PSD regsitry. It is enabled by the dmarcbis flag for authenticate_message (default is False).

Stats

Dependencies
0
Dependent packages
2
Dependent repositories
0
Total releases
42
Latest release
First release
Stars
16
Forks
4
Watchers
30
Contributors
5
Repository size
302 KB
SourceRank
9

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.16.2
0.16.1
0.16.0
0.15.3
0.15.2
0.15.1
0.15.0
0.13.1
0.14.1
0.14.0
See all 42 releases

Contributors

gene Adam Clark Scott Kitterman Andreas Schneider Mark Sapiro


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2024-01-23 01:00:00 UTC

Login to resync this project