email-auth 0.1.1

Email authentication library: SPF, DKIM, DMARC, ARC, BIMI
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

# email-auth

A Rust email authentication library implementing SPF, DKIM, DMARC, ARC, and BIMI.

## Installation

```toml
[dependencies]
email-auth = "0.1.0"
```

**Requirements:** Rust 1.63+, Tokio, Ring, Hickory DNS (or custom `DnsResolver` trait impl)

## Usage

```rust
use email_auth::{EmailAuthenticator, AuthenticationResult};

let authenticator = EmailAuthenticator::new(resolver);
let result = authenticator.authenticate(
    "sender@example.com",    // MAIL FROM
    "203.0.113.1",           // client IP
    raw_message.as_bytes(),  // RFC 5322 message
).await?;

// result.spf, result.dkim, result.dmarc, result.disposition
```

## Development

```bash
cargo test
```

## Project Structure

```
specs/              # RFC specifications (source of truth)
src/
  lib.rs           # Library root
  auth.rs          # EmailAuthenticator integration
  common/          # Shared utilities
  spf/             # SPF module
  dkim/            # DKIM module
  dmarc/           # DMARC module
  arc/             # ARC module
  bimi/            # BIMI module
.forge/
  state.yaml       # Forge build state
  lanes.yaml       # Work lane definitions
```

## Security Considerations

- **DNS validation**: Implement DNS response validation at resolver layer
- **RSA key size**: Library enforces minimum 1024-bit, recommends 2048+
- **Clock skew**: Configurable expiration tolerance for DKIM/ARC timestamps
- **SVG parsing**: 32KB size limit, XXE prevention, script injection detection
- **PTR verification**: Forward confirmation required (cache aggressively)

## License

Dual-licensed: MIT OR Apache-2.0