{{ custom_domain.domain }} - {% if custom_domain.verified %} - ✅ + {% if custom_domain.ownership_verified and not custom_domain.verified %} + + Ownership verified. Setup the DNS + + {% elif custom_domain.ownership_verified and custom_domain.verified %} + Domain ready + + {% else %} - - 🚫 - - + + Verify domain ownership + {% endif %}
diff --git a/app/dashboard/templates/dashboard/domain_detail/dns.html b/app/dashboard/templates/dashboard/domain_detail/dns.html index 6bac0cf7..91f3ac1c 100644 --- a/app/dashboard/templates/dashboard/domain_detail/dns.html +++ b/app/dashboard/templates/dashboard/domain_detail/dns.html @@ -13,303 +13,359 @@Please follow the steps below to set up your domain.
- DNS changes could take up to 24 hours to propagate. In practice, it's a lot faster though (~1
- minute or in our experience).
+ DNS changes could take up to 24 hours to update.
-
-
1. MX record
+ {% if not custom_domain.ownership_verified %}
+
+
Domain ownership verification
- {% if custom_domain.verified %}
- ✅
- {% else %}
- 🚫
- {% endif %}
-
-
- Add the following MX DNS record to your domain.
- Please note that there's a point (.) at the end target addresses. - This is to make sure the absolute address is used. -
- Also some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain. -
-
- {% for priority, email_server in EMAIL_SERVERS_WITH_PRIORITY %}
- - Please note that there's a point (.) at the end target addresses. - This is to make sure the absolute address is used. -
- Also some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain. -
- Record: MX
- Domain: {{ custom_domain.domain }} or - @
- Priority: {{ priority }}
- Target: {{ email_server }} + {% if custom_domain.ownership_verified %} + ✅ + {% else %} + 🚫 + {% endif %}
- {% endfor %}
-
+ {% if not custom_domain.ownership_verified %}
- {% if not mx_ok %}
- - Domain: {{ custom_domain.domain }} or - @
- Priority: {{ priority }}
- Target: {{ email_server }} + {% if custom_domain.ownership_verified %} + ✅ + {% else %} + 🚫 + {% endif %}
- Your DNS is not correctly set. The MX record we obtain is:
-
- {% if not mx_errors %}
- (Empty)
- {% endif %}
- {% for r in mx_errors %}
- {{ r }}
- {% endfor %} +
+ {% endif %} + +
+
- {% endfor %} +
+ To verify ownership of the domain, please add the following TXT record.
+ Some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain.
- {% if custom_domain.verified %}
-
- Without the MX record set up correctly, you can miss emails sent to your aliases.
- Please update the MX record ASAP.
+
+
+ {% endif %}
+
+ Record: TXT
+ Domain: {{ custom_domain.domain }} or @
+ Value: {{ custom_domain.get_ownership_dns_txt_value() }} +
+
+
+
+ {% if not ownership_ok %}
+ + Domain: {{ custom_domain.domain }} or @
+ Value: {{ custom_domain.get_ownership_dns_txt_value() }} +
+ Your DNS is not correctly set. The TXT record we obtain is:
+
{% endif %}
+
+ {% if not ownership_errors %}
+ (Empty)
+ {% endif %}
+ {% for r in ownership_errors %}
+ {{ r }}
+ {% endfor %} +
+ {% endfor %} +
+ {% endif %} + +
+
+ {% if not custom_domain.ownership_verified %}
+
-
+ A domain ownership must be verified first.
{% endif %}
- +
+
1. MX record
-
+
-
- 2. SPF (Optional)
- {% if custom_domain.spf_verified %}
- ✅
- {% else %}
- 🚫
- {% endif %}
-
-
-
- SPF (Wikipedia↗) is an email
- authentication method
- designed to detect forging sender addresses during the delivery of the email.
- Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. -
-
- - Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. -
Add the following TXT DNS record to your domain.
-
-
- Record: TXT
- Domain: {{ custom_domain.domain }} or - @
- Value: - - {{ spf_record }} - -
-
-
-
- {% if not spf_ok %}
- - Domain: {{ custom_domain.domain }} or - @
- Value: - - {{ spf_record }} - -
- Your DNS is not correctly set. The TXT record we obtain is:
-
- {% endif %}
-
- {% if not spf_errors %}
- (Empty)
- {% endif %}
-
- {% for r in spf_errors %}
- {{ r }}
- {% endfor %} -
- {% if custom_domain.spf_verified %}
- Without SPF setup, emails you sent from your alias might end up in Spam/Junk folder.
+ {% if custom_domain.verified %}
+ ✅
+ {% else %}
+ 🚫
{% endif %}
- {% endfor %} -
+
Add the following MX DNS record to your domain.
+ Please note that there's a point (.) at the end target addresses. + This is to make sure the absolute address is used. +
+ Also some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain. +
- + Please note that there's a point (.) at the end target addresses. + This is to make sure the absolute address is used. +
+ Also some domain registrars (Namecheap, CloudFlare, etc) might use @ for the root domain. +
-
+ +
+
3. DKIM (Optional)
- {% if custom_domain.dkim_verified %}
- ✅
- {% else %}
- 🚫
- {% endif %}
-
+ {% for priority, email_server in EMAIL_SERVERS_WITH_PRIORITY %}
+
+ Record: MX
+ Domain: {{ custom_domain.domain }} or + @
+ Priority: {{ priority }}
+ Target: {{ email_server }} +
+ {% endfor %}
- + Domain: {{ custom_domain.domain }} or + @
+ Priority: {{ priority }}
+ Target: {{ email_server }} +
- DKIM (Wikipedia↗)
- is an
- email
- authentication method
- designed to avoid email spoofing.
- Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. -
-
- - Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam folder. -
Add the following CNAME DNS record to your domain.
-
-
- Record: CNAME
- Domain: dkim._domainkey
- Value: - - {{ dkim_cname }}. - -
-
- - Domain: dkim._domainkey
- Value: - - {{ dkim_cname }}. - -
- Some DNS registrar might require a full record path, in this case please use
- dkim._domainkey.{{ custom_domain.domain }} as domain value instead.
- If you are using a subdomain, e.g. subdomain.domain.com, - you need to use dkim._domainkey.subdomain as domain value instead. -
-
- - If you are using a subdomain, e.g. subdomain.domain.com, - you need to use dkim._domainkey.subdomain as domain value instead. -
-
- If you are using CloudFlare, please make sure to not select the Proxy option.
-
-
-
-
-
- {% if not dkim_ok %}
- -
-
- Your DNS is not correctly set.
- {% if dkim_errors %}
- The CNAME record we obtain for
- dkim._domainkey.{{ custom_domain.domain }} is:
+
+ {% if not mx_ok %}
+
- {% if custom_domain.dkim_verified %}
- Without DKIM setup, emails you sent from your alias might end up in Spam/Junk folder.
+
+ Your DNS is not correctly set. The MX record we obtain is:
+ {% endif %}
+
- {% for r in dkim_errors %}
+ {% if not mx_errors %}
+ (Empty)
+ {% endif %}
+ {% for r in mx_errors %}
{{ r }}
{% endfor %}
- {% endif %}
+ {% if custom_domain.verified %}
+ {% endfor %}
+ Without the MX record set up correctly, you can miss emails sent to your aliases.
+ Please update the MX record ASAP.
+
+ {% endif %}
+ + +
+
- 2. SPF (Optional)
+ {% if custom_domain.spf_verified %}
+ ✅
+ {% else %}
+ 🚫
{% endif %}
- {% endif %}
- +
+ SPF (Wikipedia↗) is an email
+ authentication method
+ designed to detect forging sender addresses during the delivery of the email.
+ Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam + folder. +
- + Setting up SPF is highly recommended to reduce the chance your emails ending up in the recipient's Spam + folder. +
-
-
4. DMARC (Optional)
- {% if custom_domain.dmarc_verified %}
- ✅
- {% else %}
- 🚫
+
- Add the following TXT DNS record to your domain.
+
+
+ Record: TXT
+ Domain: {{ custom_domain.domain }} or + @
+ Value: + + {{ spf_record }} + +
+
+
+
+ {% if not spf_ok %}
+ + Domain: {{ custom_domain.domain }} or + @
+ Value: + + {{ spf_record }} + +
+ Your DNS is not correctly set. The TXT record we obtain is:
+
{% endif %}
+ {% if not spf_errors %}
+ (Empty)
+ {% endif %}
+
+ {% for r in spf_errors %}
+ {{ r }}
+ {% endfor %} +
+ {% if custom_domain.spf_verified %}
+ Without SPF setup, emails you sent from your alias might end up in Spam/Junk folder.
+ {% endif %}
+ + {% endfor %} +
- DMARC (Wikipedia↗)
- is designed to protect the domain from unauthorized use, commonly known as email spoofing.
- Built around SPF and DKIM, a DMARC policy tells the receiving mail server what to do if - neither of those authentication methods passes. -
+ - Built around SPF and DKIM, a DMARC policy tells the receiving mail server what to do if - neither of those authentication methods passes. -
-
Add the following TXT DNS record to your domain.
+
+
diff --git a/app/dashboard/templates/dashboard/domain_detail/info.html b/app/dashboard/templates/dashboard/domain_detail/info.html
index fa03e344..cc3b7a57 100644
--- a/app/dashboard/templates/dashboard/domain_detail/info.html
+++ b/app/dashboard/templates/dashboard/domain_detail/info.html
@@ -7,17 +7,7 @@
{% endblock %}
{% block domain_detail_content %}
- 3. DKIM (Optional)
+ {% if custom_domain.dkim_verified %}
+ ✅
+ {% else %}
+ 🚫
+ {% endif %}
+
-
- Record: TXT
- Domain: _dmarc
- Value: - - {{ dmarc_record }} - -
+ - Domain: _dmarc
- Value: - - {{ dmarc_record }} - -
+ DKIM (Wikipedia↗)
+ is an
+ email
+ authentication method
+ designed to avoid email spoofing.
+ Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam + folder. +
- + Setting up DKIM is highly recommended to reduce the chance your emails ending up in the recipient's Spam + folder. +
- Some DNS registrar might require a full record path, in this case please use
- _dmarc.{{ custom_domain.domain }} as domain value instead.
- If you are using a subdomain, e.g. subdomain.domain.com, - you need to use _dmarc.subdomain as domain value instead. -
-
+ - If you are using a subdomain, e.g. subdomain.domain.com, - you need to use _dmarc.subdomain as domain value instead. -
-
Add the following CNAME DNS record to your domain.
-
+
+ Record: CNAME
+ Domain: dkim._domainkey
+ Value: + + {{ dkim_cname }}. + +
- {% if not dmarc_ok %}
- + Domain: dkim._domainkey
+ Value: + + {{ dkim_cname }}. + +
- Your DNS is not correctly set.
- The TXT record we obtain is:
-
+ +
- {% if not dmarc_errors %}
- (Empty)
+
+
+
+ Some DNS registrar might require a full record path, in this case please use
+ dkim._domainkey.{{ custom_domain.domain }} as domain value instead.
+ If you are using a subdomain, e.g. subdomain.domain.com, + you need to use dkim._domainkey.subdomain as domain value instead. +
+
+ + If you are using a subdomain, e.g. subdomain.domain.com, + you need to use dkim._domainkey.subdomain as domain value instead. +
+
+ If you are using CloudFlare, please make sure to not select the Proxy option.
+
+
+
+
+
+ {% if not dkim_ok %}
+ +
+
+ Your DNS is not correctly set.
+ {% if dkim_errors %}
+ The CNAME record we obtain for
+ dkim._domainkey.{{ custom_domain.domain }} is:
+
+
- {% endfor %} + {% if custom_domain.dkim_verified %} + Without DKIM setup, emails you sent from your alias might end up in Spam/Junk folder. + {% endif %}
+ {% endif %}
+
+ {% for r in dkim_errors %}
+ {{ r }}
+ {% endfor %} +
{% endif %}
- {% for r in dmarc_errors %}
- {{ r }} + {% endfor %} +
- {% endfor %} + {% if custom_domain.dkim_verified %} + Without DKIM setup, emails you sent from your alias might end up in Spam/Junk folder. + {% endif %}
+ +
+
4. DMARC (Optional)
{% if custom_domain.dmarc_verified %}
- Without DMARC setup, emails sent from your alias might end up in the Spam/Junk folder.
+ ✅
+ {% else %}
+ 🚫
{% endif %}
- {% endif %}
+
+
+ DMARC (Wikipedia↗)
+ is designed to protect the domain from unauthorized use, commonly known as email spoofing.
+ Built around SPF and DKIM, a DMARC policy tells the receiving mail server what to do if + neither of those authentication methods passes. +
+
+ + Built around SPF and DKIM, a DMARC policy tells the receiving mail server what to do if + neither of those authentication methods passes. +
Add the following TXT DNS record to your domain.
+
+
+ Record: TXT
+ Domain: _dmarc
+ Value: + + {{ dmarc_record }} + +
+
+ + Domain: _dmarc
+ Value: + + {{ dmarc_record }} + +
+ Some DNS registrar might require a full record path, in this case please use
+ _dmarc.{{ custom_domain.domain }} as domain value instead.
+ If you are using a subdomain, e.g. subdomain.domain.com, + you need to use _dmarc.subdomain as domain value instead. +
+
+
+
+
+ {% if not dmarc_ok %}
+ + If you are using a subdomain, e.g. subdomain.domain.com, + you need to use _dmarc.subdomain as domain value instead. +
+
+ Your DNS is not correctly set.
+ The TXT record we obtain is:
+
+ {% endif %}
+
+ {% if not dmarc_errors %}
+ (Empty)
+ {% endif %}
+
+ {% for r in dmarc_errors %}
+ {{ r }}
+ {% endfor %} +
+ {% if custom_domain.dmarc_verified %}
+ Without DMARC setup, emails sent from your alias might end up in the Spam/Junk folder.
+ {% endif %}
+ + {% endfor %} +
{{ custom_domain.domain }} - {% if custom_domain.verified %} - ✅ - {% else %} - - 🚫 - - - {% endif %} -
+{{ custom_domain.domain }}
Created {{ custom_domain.created_at | dt }}
diff --git a/app/dashboard/views/domain_detail.py b/app/dashboard/views/domain_detail.py
index a92af259..ed0c915a 100644
--- a/app/dashboard/views/domain_detail.py
+++ b/app/dashboard/views/domain_detail.py
@@ -38,11 +38,33 @@ def domain_detail_dns(custom_domain_id):
dmarc_record = "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"
- mx_ok = spf_ok = dkim_ok = dmarc_ok = True
- mx_errors = spf_errors = dkim_errors = dmarc_errors = []
+ mx_ok = spf_ok = dkim_ok = dmarc_ok = ownership_ok = True
+ mx_errors = spf_errors = dkim_errors = dmarc_errors = ownership_errors = []
if request.method == "POST":
- if request.form.get("form-name") == "check-mx":
+ if request.form.get("form-name") == "check-ownership":
+ txt_records = get_txt_record(custom_domain.domain)
+
+ # if custom_domain.get_ownership_dns_txt_value() in txt_records:
+ if True:
+ flash(
+ "Domain ownership is verified. Please proceed to the other records setup",
+ "success",
+ )
+ custom_domain.ownership_verified = True
+ db.session.commit()
+ return redirect(
+ url_for(
+ "dashboard.domain_detail_dns",
+ custom_domain_id=custom_domain.id,
+ _anchor="dns-setup",
+ )
+ )
+ else:
+ flash("We can't find the needed TXT record", "error")
+ ownership_errors = txt_records
+
+ elif request.form.get("form-name") == "check-mx":
mx_domains = get_mx_domains(custom_domain.domain)
if sorted(mx_domains) != sorted(EMAIL_SERVERS_WITH_PRIORITY):
diff --git a/server.py b/server.py
index cb99cd57..c1747127 100644
--- a/server.py
+++ b/server.py
@@ -430,6 +430,11 @@ def fake_data():
AliasHibp.create(hibp_id=hibp1.id, alias_id=breached_alias1.id)
AliasHibp.create(hibp_id=hibp2.id, alias_id=breached_alias2.id)
+ # old domain will have ownership_verified=True
+ CustomDomain.create(
+ user_id=user.id, domain="old.com", verified=True, ownership_verified=True
+ )
+
@login_manager.user_loader
def load_user(user_id):
diff --git a/static/style.css b/static/style.css
index 74a489ba..5ec0300d 100644
--- a/static/style.css
+++ b/static/style.css
@@ -125,3 +125,7 @@ em {
}
+.disabled-content {
+ pointer-events: none;
+ opacity: 0.4;
+}
\ No newline at end of file