turbot/steampipe-mod-net-insights

Control: DMARC should be enabled for your domain

Description

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author ('From:') domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_mx_dmarc_record_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_mx_dmarc_record_enabled --share

Steampipe Tables

SQL

with domain_list as (
select distinct domain from net_dns_record where domain in (select jsonb_array_elements_text(to_jsonb($1::text[]))) order by domain
),
domain_name_with_dmarc as (
select domain as full_domain, concat('_dmarc.', domain) as dmarc_domain from domain_list order by domain
),
domain_dmarc_list as (
select domain, value from net_dns_record where domain in (select dmarc_domain from domain_name_with_dmarc) order by domain
)
select
d.full_domain as resource,
case
when dl.domain is null then 'alarm'
when not dl.value like 'v=DMARC1%' then 'alarm'
else 'ok'
end as status,
case
when dl.domain is null or not dl.value like 'v=DMARC1%' then d.full_domain || ' DMARC is not set.'
else d.full_domain || ' DMARC is set.'
end as reason
from
domain_name_with_dmarc as d
left join domain_dmarc_list as dl on d.dmarc_domain = dl.domain;

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.