Skip to content

DMARC tools: structured data, OG cards, checker correctness#71

Merged
goetchstone merged 4 commits into
mainfrom
feat/dmarc-tools-discoverability
Jun 19, 2026
Merged

DMARC tools: structured data, OG cards, checker correctness#71
goetchstone merged 4 commits into
mainfrom
feat/dmarc-tools-discoverability

Conversation

@goetchstone

Copy link
Copy Markdown
Owner

What this does

Three focused commits: make the DMARC tools discoverable on Google, and fix two checker correctness bugs.

Correctness — fix: harden DMARC checker DNS and DKIM checks

  • A transient DNS failure (SERVFAIL/timeout) no longer reads as a missing record — the checker returns 503 instead of falsely reporting a domain unprotected. NXDOMAIN/ENODATA still correctly read as "missing."
  • A probed _domainkey TXT counts as DKIM only when it declares v=DKIM1 or p=, not on mere presence at the name.
  • New pure helpers in lib/dmarc-dns.ts with unit tests.

Discoverability — feat: structured data, OG cards, real tool links

  • WebApplication + BreadcrumbList JSON-LD on /tools/dmarc-check and /tools/dmarc-report (free offers, no fabricated ratings).
  • Real branded social-card image (public/og-default.png) wired site-wide via the root layout and explicitly on the tool pages; also fixes the 404 logo.png/og-default.png the blog JSON-LD referenced. Generated by scripts/gen-brand-assets.mjs (reuses the existing next/og dependency).
  • Converted the plain-text "Linked: …" service entries (checker + AI-risk) into real links.
  • Removed the doubled brand suffix in the checker page <title>.

Docs — docs: log checker + OG metadata lessons

  • Two LESSONS.md entries: the Next.js opengraph-image inheritance gotcha, and the DNS-vs-missing / DKIM-validation rules.

Verification

Ran in a node:20-alpine container (no host Node on this machine):

  • tsc --noEmit — clean
  • vitest run — 49 passed (4 new)
  • npm run build — exit 0
  • next start + curl: both tool pages emit og:image, WebApplication, BreadcrumbList; /og-default.png serves 200; checker title renders single-brand.

Deferred (assessment follow-ups)

  • DMARC blog cluster (highest organic ceiling; brand-voice copy).
  • Sender/ESP naming + "ready to enforce?" verdict in the report analyzer (privacy-safe, bundled offline map).
  • Parse pct/sp so p=reject; pct=0 stops scoring "Strong."

🤖 Generated with Claude Code

Transient DNS errors no longer read as a missing record (was
indistinguishable from NXDOMAIN); a probed TXT counts as DKIM only
when it declares v=DKIM1 or p=.
Tool pages had no JSON-LD or social-card image and the blog JSON-LD
pointed at 404 logo/og-default assets; services tool links were plain
text, not anchors.
@goetchstone goetchstone merged commit 6cfd6b3 into main Jun 19, 2026
8 checks passed
@goetchstone goetchstone deleted the feat/dmarc-tools-discoverability branch June 19, 2026 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant