A Go library and tools to authenticate e-mails:
- Create and verify DKIM signatures
- Create and parse Authentication-Results header fields
- Fetch DMARC records
r := strings.NewReader(mailString)
options := &dkim.SignOptions{
Domain: "example.org",
Selector: "brisbane",
Signer: privateKey,
}
var b bytes.Buffer
if err := dkim.Sign(&b, r, options); err != nil {
log.Fatal(err)
}
r := strings.NewReader(mailString)
verifications, err := dkim.Verify(r)
if err != nil {
log.Fatal(err)
}
for _, v := range verifications {
if v.Err == nil {
log.Println("Valid signature for:", v.Domain)
} else {
log.Println("Invalid signature for:", v.Domain, v.Err)
}
}
Why can't I verify a mail.Message
directly? A mail.Message
header is
already parsed, and whitespace characters (especially continuation lines) are
removed. Thus, the signature computed from the parsed header is not the same as
the one computed from the raw header.
How can I publish my public key? You have to add a TXT record to your DNS
zone. See RFC 6376 appendix C.
You can use the dkim-keygen
tool included in go-msgauth to generate the key
and the TXT record.
// Format
results := []authres.Result{
&authres.SPFResult{Value: authres.ResultPass, From: "example.net"},
&authres.AuthResult{Value: authres.ResultPass, Auth: "[email protected]"},
}
s := authres.Format("example.com", results)
log.Println(s)
// Parse
identifier, results, err := authres.Parse(s)
if err != nil {
log.Fatal(err)
}
log.Println(identifier, results)
See the GoDoc page.
A few tools are included in go-msgauth:
dkim-keygen
: generate a DKIM keydkim-milter
: a mail filter to sign and verify DKIM signaturesdkim-verify
: verify a DKIM-signed emaildmarc-lookup
: lookup the DMARC policy of a domain
MIT