Check a list of domains for SPF, DKIM, and DMARC entries #AWS #Utility #Inventory #Security #Public #email

Domain_spf_dkim_dmarc_check.ps1

#Install-Module -name DomainHealthChecker  # Only needed if you don't already have the Module installed
import-module -name DomainHealthChecker
$all = @()
#You need the DKIM selector to pull the correct DKIM record.
$urls_check =  @( [pscustomobject]@{'domain'="domain0.com";'dkim_selector'="s6840"},
[pscustomobject]@{'domain'="domain1.com";'dkim_selector'="cast717"}
)
$runon = Get-date -Format "MM/dd/yyyy HH:mm tt K"
foreach ($url in $urls_check) {
#There is a bug in Invoke-SpfDkimDmarc, v1.6 where it only uses `dkim` as a selector value, so need to use the Get-DKIMRecord cmdlet so you can use the DKIM Selector.
    $all += Invoke-SpfDkimDmarc -Name $url.domain | Select-Object @{N = "Run-On";E = {$runon}},Name, SPFRecord, DMARCRecord, @{n= "DKIM_Selector";e= {$url.dkim_selector} }, @{N = "DKIM_Record";E = { ((Get-DKIMRecord -Name $url.domain -DkimSelector $url.dkim_selector).dkimrecord )} } 
}
$all | sort-object name | clip # replace clip with pbcopy for MacOS - Copies output to clipboard

<#
################################################################################
# #  As an alternative, if you want to run this against all of your RT53 HostedZones, this will poll all of them (Public and Private) and output the details. However because of the DKIM bug, it will only used `dkim` as the selector.

#Install-Module -name DomainHealthChecker  # Only needed if you don't already have the Module installed
import-module -name DomainHealthChecker
$all = @()
$urls_check = Get-R53HostedZoneList 

foreach ($url in $urls_check) {
$all += Invoke-SpfDkimDmarc -Name $url.name | Select-Object @{ name="HostedZoneID";e={$url.id.substring(12)} }, Name , SPFRecord, DMARCRecord, DKIMRecord 
}

$all | sort-object name | Format-Table -AutoSize -Wrap | clip # replace clip with pbcopy for MacOS - Copies output to clipboard
#>