DKIM should never be inferred from reports

2026-05-20 14:12:57 -03:00
parent c91c3f1023
commit c68ccc8065
4 changed files with 9 additions and 107 deletions
@@ -29,21 +29,11 @@ class ParsedSpfRecord:
    all_mechanism: str | None = None


-@dataclass
-class DkimRecord:
-    selector: str
-    domain: str
-    query_name: str
-    record: str | None = None
-    error: str | None = None
-
-
@dataclass
 class DomainDnsPolicy:
    domain: str
    dmarc: ParsedDmarcRecord = field(default_factory=ParsedDmarcRecord)
    spf: ParsedSpfRecord = field(default_factory=ParsedSpfRecord)
-    dkim: list[DkimRecord] = field(default_factory=list)
    mx_records: list[str] = field(default_factory=list)
    errors: list[str] = field(default_factory=list)

@@ -139,7 +129,6 @@ def parse_spf_records(records: list[str]) -> tuple[ParsedSpfRecord, list[str]]:
 def collect_domain_dns_policy(
    domain: str,
    *,
-    selectors: list[str | tuple[str, str]] | None = None,
    txt_lookup: TxtLookup | None = None,
    mx_lookup: MxLookup | None = None,
 ) -> DomainDnsPolicy:
@@ -165,34 +154,4 @@ def collect_domain_dns_policy(
    except Exception as exc:
        policy.errors.append(f"MX lookup failed: {exc}")

-    selector_domains: set[tuple[str, str]] = set()
-    for item in selectors or []:
-        if isinstance(item, tuple):
-            selector, dkim_domain = item
-        else:
-            selector, dkim_domain = item, domain
-        selector = (selector or "").strip().lower()
-        dkim_domain = (dkim_domain or domain).strip().lower().rstrip(".")
-        if selector and dkim_domain:
-            selector_domains.add((selector, dkim_domain))
-
-    for selector, dkim_domain in sorted(selector_domains):
-        query_name = f"{selector}._domainkey.{dkim_domain}"
-        try:
-            records = txt_lookup(query_name)
-            dkim_records = [record for record in records if record.strip().lower().startswith("v=dkim1")]
-            policy.dkim.append(
-                DkimRecord(
-                    selector=selector,
-                    domain=dkim_domain,
-                    query_name=query_name,
-                    record=dkim_records[0] if dkim_records else None,
-                )
-            )
-            if not dkim_records:
-                policy.errors.append(f"DKIM record not found for selector {selector} on {dkim_domain}")
-        except Exception as exc:
-            policy.dkim.append(DkimRecord(selector=selector, domain=dkim_domain, query_name=query_name, error=str(exc)))
-            policy.errors.append(f"DKIM lookup failed for selector {selector} on {dkim_domain}: {exc}")
-
    return policy