NAME¶
Mail::DKIM::DkimPolicy - represents a DKIM Sender Signing Practices record
DESCRIPTION¶
The Sender Signing Practices (SSP) record can be published by any domain to help
a receiver know what to do when it encounters an unsigned message claiming to
originate from that domain.
The record is published as a DNS TXT record at _policy._domainkey.DOMAIN where
DOMAIN is the domain of the message's "From" address.
This record format has been superceded by ADSP. See
Mail::DKIM::AuthorDomainPolicy for information about ADSP. It is implemented
here because at one time it appeared this is what would be standardized by the
IETF. It will be removed from Mail::DKIM at some point in the future. The last
version of the SSP specification can be found at
<
http://tools.ietf.org/html/draft-ietf-dkim-ssp-02>.
CONSTRUCTORS¶
fetch()¶
Lookup a DKIM signing practices record.
my $policy = Mail::DKIM::DkimPolicy->fetch(
Protocol => "dns",
Author => 'jsmith@example.org',
);
new()¶
Construct a default policy object.
my $policy = Mail::DKIM::DkimPolicy->new;
METHODS¶
apply()¶
Apply the policy to the results of a DKIM verifier.
my $result = $policy->apply($dkim_verifier);
The caller must provide an instance of Mail::DKIM::Verifier, one which has
already been fed the message being verified.
Possible results are:
- accept
- The message is approved by the sender signing policy.
- reject
- The message is rejected by the sender signing policy. It
can be considered very suspicious.
- neutral
- The message is neither approved nor rejected by the sender
signing policy. It can be considered somewhat suspicious.
flags()¶
Get or set the flags (t=) tag.
A colon-separated list of flags. Flag values are:
- y
- The entity is testing signing practices, and the Verifier
SHOULD NOT consider a message suspicious based on the record.
- s
- The signing practices apply only to the named domain, and
not to subdomains.
is_implied_default_policy()¶
Is this policy implied?
my $is_implied = $policy->is_implied_default_policy;
If you fetch the policy for a particular domain, but that domain does not have a
policy published, then the "default policy" is in effect. Use this
method to detect when that happens.
location()¶
Where the policy was fetched from.
If the policy is domain-wide, this will be domain where the policy was
published.
If the policy is user-specific, TBD.
If nothing is published for the domain, and the default policy was returned
instead, the location will be "undef".
policy()¶
Get or set the outbound signing policy (dkim=) tag.
my $sp = $policy->policy;
Outbound signing policy for the entity. Possible values are:
- "unknown"
- The default. The entity may sign some or all email.
- "all"
- All mail from the entity is signed. (The DKIM signature can
use any domain, not necessarily matching the From: address.)
- "strict"
- All mail from the entity is signed with Originator
signatures. (The DKIM signature uses a domain matching the From:
address.)
signall()¶
True if policy is "all".
signall_strict()¶
True if policy is "strict".
testing()¶
Checks the testing flag.
my $testing = $policy->testing;
If nonzero, the testing flag is set on the signing policy, and the verify should
not consider a message suspicious based on this policy.
BUGS¶
- •
- If a sender signing policy is not found for a given domain,
the fetch() method should search the parent domains, according to
section 4 of the dkim-ssp Internet Draft.
AUTHOR¶
Jason Long, <jlong@messiah.edu>
COPYRIGHT AND LICENSE¶
Copyright (C) 2006-2007 by Messiah College
This library is free software; you can redistribute it and/or modify it under
the same terms as Perl itself, either Perl version 5.8.6 or, at your option,
any later version of Perl 5 you may have available.