Easily list mail DNS records via this PowerShell script
I get to investigate quite some mail environments in my work as a consultant. At a certain point you see some patterns emerging. One of those patterns is the correct configuration of mail related DNS records. It's one of the first things I check when I must check an unfamiliar environment. I have talked about this anti-spoofing topic on numerous occasions. I would compare it to a ping test when there are network issues.
For several years I have worked on a simple PowerShell script that lists quickly listed the MX, SPF, DMARC DNS records and recently added some DKIM selector checks as well. It is a bit of a hassle to do by hand or to find out checking the DNS configuration. And I decided to share this script to the public. I hope it will help with the correct configuration of those records and limit mail issues and spoofing.
You can download the script at GitHub.
Easily list your domains with this PowerShell script by either using Exchange (Remote) PowerShell. It will automatically check all your accepted domains either on-premises or in the cloud. If you can't connect to an Exchange environment, you can specify a single mail domain just running PowerShell.
You still must work to improve the environment if required, but I found this tool immensely helpful and takes some burden away. As a PowerShell script should do. Feel free to leave comments, issues, feature request and the like. I have some things I want to add such as DANE and MTA-STS and some other things.
It's the first time I've published a script of mine publicly, so my GitHub page might be rough 😉