In recent years the IETF has been making a range of efforts to secure the email infrastructure and its use. Infrastructure protection includes source authentication by RFC 4408 SPF, message integrity authentication by RFC 6376 DKIM, and domain owner feedback on the effectiveness of these tools by DMARC (www.dmarc.org).
The List of Tests
There are currently three tests available, with more planned in the future. One test for senders, and two for receivers. The
tests are triggered by a command in the subject of the email to firstname.lastname@example.org.
The test system allows for 12 test messages a day, with five minutes between tests. This is to prevent the system being used for
abuse. Frequent abuse of the system will result in that sender blacklisted and messages sent to email@example.com will be discarded.
test - See your DNS-based email authentication stance from the outside. Email messages to
firstname.lastname@example.org will have SPF, DKIM checks performed, and a
test for DMARC. A reply will be sent with the findings. The reply is sent to the address in the MAIL FROM of
bad-spf - Ask for a message that will fail SPF checks. A reply (sent to the MAIL FROM address) will be sent from
the test system. This reply will have a spoofed MAIL FROM address, that will result in a failed SPF check. This is to test receiver
SPF checking code.
bad-dkim - Ask for a message that will fail DKIM validation. A reply (sent to the MAIL FROM address) will be sent from
the test system. This reply will have a DKIM signature that cannot be validated by the DKIM key stored in the DNS with the
non-align - Ask for a message that will fail DMARC policy validation. A reply (sent to the MAIL FROM address)
will be sent from the test system. The message has a spoofed "from:" address that should fail DMARC alignment checks.
aggreport - Returns a sample DMARC aggregate report based on the single message sent. It is not exactly in
conformance with the DMARC specification in that the report is sent as text in the message body and not a zipped
attachment. It is also sent as a reply to the sender, not as a regular report to the listed address in any
discovered DMARC RR.