SPF and DKIM checks

vendor/gitlab.com/etke.cc/go/validator/emails.go

@@ -1,14 +1,21 @@
 package validator
 
 import (
+	"net"
 	"net/mail"
 	"strings"
 
+	"blitiri.com.ar/go/spf"
 	"gitlab.com/etke.cc/go/trysmtp"
 )
 
 // Email checks if email is valid
-func (v *V) Email(email string) bool {
+func (v *V) Email(email string, optionalSenderIP ...net.IP) bool {
+	var senderIP net.IP
+	if len(optionalSenderIP) > 0 {
+		senderIP = optionalSenderIP[0]
+	}
+
 	// edge case: email may be optional
 	if email == "" {
 		return !v.enforce.Email
@@ -41,6 +48,12 @@ func (v *V) Email(email string) bool {
 		}
 	}
 
+	if v.enforce.SPF {
+		if v.emailNoSPF(email, senderIP) {
+			return false
+		}
+	}
+
 	if v.enforce.SMTP {
 		if v.emailNoSMTP(email) {
 			return false
@@ -78,3 +91,8 @@ func (v *V) emailNoSMTP(email string) bool {
 
 	return false
 }
+
+func (v *V) emailNoSPF(email string, senderIP net.IP) bool {
+	result, _ := spf.CheckHostWithSender(senderIP, "", email, spf.WithTraceFunc(v.log.Info)) //nolint:errcheck // not a error
+	return result == spf.Fail
+}

vendor/gitlab.com/etke.cc/go/validator/validator.go

@@ -21,6 +21,8 @@ type Enforce struct {
 	Domain bool
 	// SMTP enforces SMTP check (email actually exists on mail server) and rejects non-existing emails
 	SMTP bool
+	// SPF enforces SPF record check (sender allowed to use that email and send emails) and rejects unathorized emails
+	SPF bool
 	// MX enforces MX records check on email's mail server
 	MX bool
 }