DMARC: some explanations, better display.
This commit is contained in:
parent
e3bbe9ad33
commit
338b3c0811
@ -540,25 +540,33 @@ render state
|
|||||||
state._currentRR.name
|
state._currentRR.name
|
||||||
display_domain_side
|
display_domain_side
|
||||||
, Bulma.box_input "ttlDMARC" "TTL" "600" (updateForm Field_TTL) (show state._currentRR.ttl)
|
, Bulma.box_input "ttlDMARC" "TTL" "600" (updateForm Field_TTL) (show state._currentRR.ttl)
|
||||||
|
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
|
, Bulma.div_content [Bulma.explanation Explanations.dmarc_policy]
|
||||||
, Bulma.selection_field "idDMARCPolicy" "Policy" DMARC_policy (map show DMARC.policies) (show state.dmarc.p)
|
, Bulma.selection_field "idDMARCPolicy" "Policy" DMARC_policy (map show DMARC.policies) (show state.dmarc.p)
|
||||||
|
, Bulma.div_content [Bulma.explanation Explanations.dmarc_sp_policy]
|
||||||
, Bulma.selection_field "idDMARCPolicy_sp" "Policy for subdomains" DMARC_sp_policy
|
, Bulma.selection_field "idDMARCPolicy_sp" "Policy for subdomains" DMARC_sp_policy
|
||||||
(["do not provide policy advice"] <> map show DMARC.policies) (maybe "-" show state.dmarc.sp)
|
(["do not provide policy advice"] <> map show DMARC.policies) (maybe "-" show state.dmarc.sp)
|
||||||
|
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
|
, Bulma.div_content [Bulma.explanation Explanations.dmarc_adkim]
|
||||||
, Bulma.selection_field "idDMARCadkim" "Consistency Policy for DKIM" DMARC_adkim DMARC.consistency_policies_txt_dkim (maybe "-" show state.dmarc.adkim)
|
, Bulma.selection_field "idDMARCadkim" "Consistency Policy for DKIM" DMARC_adkim DMARC.consistency_policies_txt_dkim (maybe "-" show state.dmarc.adkim)
|
||||||
|
, Bulma.div_content [Bulma.explanation Explanations.dmarc_aspf]
|
||||||
, Bulma.selection_field "idDMARCaspf" "Consistency Policy for SPF" DMARC_aspf DMARC.consistency_policies_txt_spf (maybe "-" show state.dmarc.aspf)
|
, Bulma.selection_field "idDMARCaspf" "Consistency Policy for SPF" DMARC_aspf DMARC.consistency_policies_txt_spf (maybe "-" show state.dmarc.aspf)
|
||||||
|
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
, Bulma.box_input "idDMARCpct" "% of dropped emails" "100" DMARC_pct (maybe "100" show state.dmarc.pct)
|
, Bulma.box_input "idDMARCpct" "% of dropped emails" "100" DMARC_pct (maybe "100" show state.dmarc.pct)
|
||||||
|
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
, Bulma.selection_field "idDMARCfo" "When to send a report" DMARC_fo DMARC.report_occasions_txt (maybe "-" show state.dmarc.fo)
|
, Bulma.selection_field "idDMARCfo" "When to send a report" DMARC_fo DMARC.report_occasions_txt (maybe "-" show state.dmarc.fo)
|
||||||
, Bulma.hr
|
, Bulma.hr
|
||||||
, maybe (Bulma.p "no rua") (display_dmarc_mail_addresses DMARC_remove_rua) current_ruas
|
, maybe (Bulma.p "There is no address to send aggragated reports to.") (display_dmarc_mail_addresses DMARC_remove_rua) current_ruas
|
||||||
, maybe (Bulma.p "no ruf") (display_dmarc_mail_addresses DMARC_remove_ruf) current_rufs
|
, maybe (Bulma.p "There is no address to send detailed reports to.") (display_dmarc_mail_addresses DMARC_remove_ruf) current_rufs
|
||||||
, Bulma.box_input "idDMARCmail" "Address to contact" "" DMARC_mail state.dmarc_mail
|
, Bulma.box_input "idDMARCmail" "Address to contact" "admin@example.com" DMARC_mail state.dmarc_mail
|
||||||
, Bulma.box_input "idDMARCmaillimit" "Report size limit (in KB)" "" DMARC_mail_limit (maybe "0" show state.dmarc_mail_limit)
|
, Bulma.box_input "idDMARCmaillimit" "Report size limit (in KB)" "2000" DMARC_mail_limit (maybe "0" show state.dmarc_mail_limit)
|
||||||
, Bulma.level [ Bulma.btn "New address for aggregated report" DMARC_rua_Add
|
, Bulma.level [ Bulma.btn "New address for aggregated report" DMARC_rua_Add
|
||||||
, Bulma.btn "New address for specific report" DMARC_ruf_Add
|
, Bulma.btn "New address for specific report" DMARC_ruf_Add
|
||||||
]
|
] []
|
||||||
]
|
]
|
||||||
|
|
||||||
current_ruas = case state._currentRR.dmarc of
|
current_ruas = case state._currentRR.dmarc of
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
module App.Text.Explanations where
|
module App.Text.Explanations where
|
||||||
import Halogen.HTML as HH
|
import Halogen.HTML as HH
|
||||||
|
import Halogen.HTML.Properties as HP
|
||||||
import Bulma as Bulma
|
import Bulma as Bulma
|
||||||
|
|
||||||
expl' :: forall w i. String -> HH.HTML w i
|
expl' :: forall w i. String -> HH.HTML w i
|
||||||
@ -166,6 +167,66 @@ dmarc_introduction =
|
|||||||
"""
|
"""
|
||||||
]
|
]
|
||||||
|
|
||||||
|
dmarc_policy :: forall w i. Array (HH.HTML w i)
|
||||||
|
dmarc_policy =
|
||||||
|
[ Bulma.p """
|
||||||
|
DMARC record allows to tell receivers what to do with a non-conforming message;
|
||||||
|
a message that wasn't properly secured with SPF and DKIM.
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
This message can either be accepted ("None") or rejected, or even quarantined, meaning to be considered as suspicious.
|
||||||
|
This can take different forms, such as being flagged, marked as spam or have a high "spam score", it's up to the receiver.
|
||||||
|
"""
|
||||||
|
]
|
||||||
|
|
||||||
|
dmarc_sp_policy :: forall w i. Array (HH.HTML w i)
|
||||||
|
dmarc_sp_policy =
|
||||||
|
[ Bulma.p """
|
||||||
|
Same as the previous entry, but for sub-domains.
|
||||||
|
"""
|
||||||
|
]
|
||||||
|
|
||||||
|
dmarc_adkim :: forall w i. Array (HH.HTML w i)
|
||||||
|
dmarc_adkim =
|
||||||
|
[ Bulma.p """
|
||||||
|
Consistency policy for DKIM. Tell what should be considered acceptable.
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
This is about the relation between the email "From:" field and the domain field of the DKIM signature ("d:").
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
The policy can be either strict (both should be identical) or relaxed (both in the same Organizational Domain).
|
||||||
|
"""
|
||||||
|
]
|
||||||
|
|
||||||
|
dmarc_aspf :: forall w i. Array (HH.HTML w i)
|
||||||
|
dmarc_aspf =
|
||||||
|
[ Bulma.p """
|
||||||
|
Consistency policy for SPF. Tell what should be considered acceptable.
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
First, SPF should produce a passing result.
|
||||||
|
Then, the "From:" and the "MailFrom:" fields of the received email are checked.
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
In strict mode, both fields should be identical.
|
||||||
|
In relaxed mode, they can be different, but in the same Organizational Domain.
|
||||||
|
"""
|
||||||
|
, Bulma.p """
|
||||||
|
From RFC7489: For example, if a message passes an SPF check with an
|
||||||
|
RFC5321.MailFrom domain of "cbg.bounces.example.com", and the address
|
||||||
|
portion of the RFC5322.From field contains "payments@example.com",
|
||||||
|
the Authenticated RFC5321.MailFrom domain identifier and the
|
||||||
|
RFC5322.From domain are considered to be "in alignment" in relaxed
|
||||||
|
mode, but not in strict mode.
|
||||||
|
"""
|
||||||
|
, HH.p_
|
||||||
|
[ HH.text "See "
|
||||||
|
, HH.a [HP.href "https://publicsuffix.org/"] [ HH.text "publicsuffix.org" ]
|
||||||
|
, HH.text " for a list of organizational domains."
|
||||||
|
]
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
dkim_default_algorithms :: forall w i. Array (HH.HTML w i)
|
dkim_default_algorithms :: forall w i. Array (HH.HTML w i)
|
||||||
dkim_default_algorithms =
|
dkim_default_algorithms =
|
||||||
|
@ -168,15 +168,15 @@ consistency_policies = [Strict, Relaxed]
|
|||||||
consistency_policies_txt_spf :: Array String
|
consistency_policies_txt_spf :: Array String
|
||||||
consistency_policies_txt_spf
|
consistency_policies_txt_spf
|
||||||
= [ "Do not provide policy advice"
|
= [ "Do not provide policy advice"
|
||||||
, "Strict: \"From:\" and SPF domain must be identical"
|
, "Strict: identical domains"
|
||||||
, "Relaxed: \"From:\" and SPF domain must be in the same organizational domain"
|
, "Relaxed: same organizational domain"
|
||||||
]
|
]
|
||||||
|
|
||||||
consistency_policies_txt_dkim :: Array String
|
consistency_policies_txt_dkim :: Array String
|
||||||
consistency_policies_txt_dkim
|
consistency_policies_txt_dkim
|
||||||
= [ "Do not provide policy advice"
|
= [ "Do not provide policy advice"
|
||||||
, "Strict: \"From:\" and DKIM domain (\"d:\") must be identical"
|
, "Strict: same domain"
|
||||||
, "Relaxed: \"From:\" and DKIM domain (\"d:\") must be in the same organizational domain"
|
, "Relaxed: same organizational domain"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user