Provided by: libmail-dkim-perl_1.20230212-1_all bug

NAME

       Mail::DKIM::AuthorDomainPolicy - represents an Author Domain Signing Practices (ADSP)
       record

VERSION

       version 1.20230212

DESCRIPTION

       The Author Domain Signing Policies (ADSP) record can be published by any domain to help a
       receiver know what to do when it encounters an unsigned message claiming to originate from
       that domain.

       The record is published as a DNS TXT record at _adsp._domainkey.DOMAIN where DOMAIN is the
       domain of the message's "From" address.

       More details about this record can be found by reading the specification itself at
       <http://tools.ietf.org/html/rfc5617>.

CONSTRUCTORS

   fetch()
       Lookup an ADSP record in DNS.

         my $policy = Mail::DKIM::AuthorDomainPolicy->fetch(
                   Protocol => 'dns',
                   Author => 'jsmith@example.org',
                 );

       If the ADSP record is found and appears to be valid, an object containing that record's
       information will be constructed and returned.  If the ADSP record is blank or simply does
       not exist, an object representing the default policy will be returned instead.  (See also
       "is_implied_default_policy()".)  If a DNS error occurs (e.g. SERVFAIL or time-out), this
       method will "die".

   new()
       Construct a default policy object.

         my $policy = Mail::DKIM::AuthorDomainPolicy->new;

   parse()
       Construct an ADSP record from a string.

         my $policy = Mail::DKIM::AuthorDomainPolicy->parse(
                 String => 'dkim=all',
                 Domain => 'aaa.example',
             );

METHODS

   apply()
       Apply the policy to the results of a DKIM verifier.

         my $result = $policy->apply($dkim_verifier);

       The caller must provide an instance of Mail::DKIM::Verifier, one which has already been
       fed the message being verified.

       Possible results are:

       accept
           The message is approved by the sender signing policy.

       reject
           The message is rejected by the sender signing policy.  It can be considered very
           suspicious.

       neutral
           The message is neither approved nor rejected by the sender signing policy. It can be
           considered somewhat suspicious.

       Note: in the future, these values may become:
        none - no ADSP record is published
        pass - a passing signature is present
        fail - ADSP record is "all" and no passing signature is found
        discard - ADSP record is "discardable" and no passing signature is found
        nxdomain - the DNS domain does not exist
        temperror - transient error occurred
        permerror - non-transient error occurred

   is_implied_default_policy()
       Tells whether this policy implied.

         my $is_implied = $policy->is_implied_default_policy;

       If you fetch the policy for a particular domain, but that domain does not have a policy
       published, then the "default policy" is in effect. Use this method to detect when that
       happens.

   location()
       Tells where the policy was fetched from.

       If the policy is domain-wide, this will be domain where the policy was published.

       If the policy is user-specific, TBD.

       If nothing is published for the domain, and the default policy was returned instead, the
       location will be "undef".

   policy()
       Get or set the outbound signing policy (dkim=) tag.

         my $sp = $policy->policy;

       Outbound signing policy for the entity. Possible values are:

       "unknown"
           The default. The entity may sign some or all email.

       "all"
           All mail from the domain is expected to be signed, using a valid Author signature, but
           the author does not suggest discarding mail without a valid signature.

       "discardable"
           All mail from the domain is expected to be signed, using a valid Author signature, and
           the author is so confident that non-signed mail claiming to be from this domain can be
           automatically discarded by the recipient's mail server.

       "NXDOMAIN"
           The domain is out of scope, i.e., the domain does not exist in the DNS.

   signall()
       True if policy is "all".

   signall_discardable()
       True if policy is "strict".

BUGS

       •   Section 4.3 of the specification says to perform a query on the domain itself just to
           see if it exists. This class is not currently doing that, i.e. it might report
           NXDOMAIN because _adsp._domainkey.example.org is nonexistent, but it should not be
           treated the same as example.org being nonexistent.

AUTHORS

       •   Jason Long <jason@long.name>

       •   Marc Bradshaw <marc@marcbradshaw.net>

       •   Bron Gondwana <brong@fastmailteam.com> (ARC)

THANKS

       Work on ensuring that this module passes the ARC test suite was generously sponsored by
       Valimail (https://www.valimail.com/)

COPYRIGHT AND LICENSE

       •   Copyright (C) 2013 by Messiah College

       •   Copyright (C) 2010 by Jason Long

       •   Copyright (C) 2017 by Standcore LLC

       •   Copyright (C) 2020 by FastMail Pty Ltd

       This library is free software; you can redistribute it and/or modify it under the same
       terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of
       Perl 5 you may have available.