coppertone 0.0.6 → 0.0.7

data/lib/coppertone/mechanism.rb

@@ -17,7 +17,7 @@ module Coppertone
     end
 
     def self.register(klass)
-      fail ArgumentError unless klass < self
+      raise ArgumentError unless klass < self
       class_builder.register(klass.label, klass)
     end
 

data/lib/coppertone/modifier/base.rb

@@ -1,10 +1,11 @@
 module Coppertone
-  class Modifier  # rubocop:disable Style/Documentation
+  class Modifier
+    # Base class including logic common to modifiers
     class Base < Modifier
       attr_reader :domain_spec
       def initialize(attributes)
         super(attributes)
-        fail InvalidModifierError if attributes.blank?
+        raise InvalidModifierError if attributes.blank?
         @domain_spec = Coppertone::DomainSpec.new(attributes)
       rescue Coppertone::MacroStringParsingError
         raise Coppertone::InvalidModifierError

data/lib/coppertone/modifier/exp.rb

@@ -1,7 +1,8 @@
 require 'coppertone/modifier/base'
 
 module Coppertone
-  class Modifier  # rubocop:disable Style/Documentation
+  class Modifier
+    # Exp modifier - specifying a message to be returned in case of failure
     class Exp < Coppertone::Modifier::Base
       def self.create(attributes)
         new(attributes)

data/lib/coppertone/modifier/redirect.rb

@@ -1,7 +1,8 @@
 require 'coppertone/modifier/base'
 
 module Coppertone
-  class Modifier  # rubocop:disable Style/Documentation
+  class Modifier
+    # A Redirect modifier found in an SPF record.
     class Redirect < Coppertone::Modifier::Base
       def self.create(attributes)
         new(attributes)
@@ -17,7 +18,7 @@ module Coppertone
       end
 
       def target_domain
-        fail NeedsContextError if context_dependent?
+        raise NeedsContextError if context_dependent?
         arguments
       end
 

data/lib/coppertone/modifier/unknown.rb

@@ -1,5 +1,7 @@
 module Coppertone
-  class Modifier  # rubocop:disable Style/Documentation
+  class Modifier
+    # Object representing unknown modifiers - those that aren't explicitly
+    # defined by the SPF spec
     class Unknown < Modifier
       attr_reader :label
       def initialize(label, attributes)

data/lib/coppertone/null_macro_context.rb

@@ -5,11 +5,11 @@ module Coppertone
     RESERVED_REGEXP = Regexp.new("[^#{URI::PATTERN::UNRESERVED}]")
     %w(s l o d i p v h c r t).each do |m|
       define_method(m.upcase) do
-        fail ArgumentError
+        raise ArgumentError
       end
 
       define_method(m) do
-        fail ArgumentError
+        raise ArgumentError
       end
     end
 

data/lib/coppertone/record.rb

@@ -33,7 +33,7 @@ module Coppertone
       @dns_lookup_term_count ||=
         begin
           base = redirect.nil? ? 0 : 1
-          base + directives.select(&:dns_lookup_term?).size
+          base + directives.count(&:dns_lookup_term?)
         end
     end
 
@@ -60,7 +60,9 @@ module Coppertone
 
     def netblock_mechanisms
       @netblock_mechanisms ||=
-        directives.select { |d| d.mechanism.is_a?(Coppertone::Mechanism::IPMechanism) }
+        directives.select do |d|
+          d.mechanism.is_a?(Coppertone::Mechanism::IPMechanism)
+        end
     end
 
     def netblocks_only?
@@ -84,7 +86,7 @@ module Coppertone
     end
 
     KNOWN_MODS =
-      [Coppertone::Modifier::Exp, Coppertone::Modifier::Redirect]
+      [Coppertone::Modifier::Exp, Coppertone::Modifier::Redirect].freeze
     def unknown_modifiers
       @unknown_modifiers ||=
         modifiers.select { |m| KNOWN_MODS.select { |k| m.is_a?(k) }.empty? }
@@ -92,7 +94,7 @@ module Coppertone
 
     def find_modifier(klass)
       arr = modifiers.select { |m| m.is_a?(klass) }
-      fail DuplicateModifierError if arr.size > 1
+      raise DuplicateModifierError if arr.size > 1
       arr.first
     end
 

data/lib/coppertone/record_evaluator.rb

@@ -53,7 +53,7 @@ module Coppertone
       finder =
         Coppertone::RedirectRecordFinder.new(record.redirect, macro_context,
                                              request_context)
-      fail InvalidRedirectError unless finder.target && finder.record
+      raise InvalidRedirectError unless finder.target && finder.record
       rc = macro_context.with_domain(finder.target)
       RecordEvaluator.new(finder.record).evaluate(rc, request_context)
     end

data/lib/coppertone/record_finder.rb

@@ -22,7 +22,7 @@ module Coppertone
         begin
           if Coppertone::Utils::DomainUtils.valid?(domain)
             dns_client.fetch_txt_records(domain).map { |r| r[:text] }
-              .select { |r| Record.record?(r) }
+                      .select { |r| Record.record?(r) }
           else
             []
           end
@@ -30,7 +30,7 @@ module Coppertone
     end
 
     def validate_txt_records
-      fail AmbiguousSpfRecordError if txt_records.size > 1
+      raise AmbiguousSpfRecordError if txt_records.size > 1
     end
   end
 end

data/lib/coppertone/record_term_parser.rb

@@ -1,7 +1,7 @@
 module Coppertone
   # Parses a record into terms
   class RecordTermParser
-    VERSION_STR =  'v=spf1'
+    VERSION_STR = 'v=spf1'.freeze
     RECORD_REGEXP = /\A#{VERSION_STR}(\s|\z)/i
     ALLOWED_CHARACTERS = /\A([\x21-\x7e ]+)\z/
 
@@ -12,8 +12,8 @@ module Coppertone
 
     attr_reader :text, :terms
     def initialize(text)
-      fail RecordParsingError unless self.class.record?(text)
-      fail RecordParsingError unless ALLOWED_CHARACTERS.match(text)
+      raise RecordParsingError unless self.class.record?(text)
+      raise RecordParsingError unless ALLOWED_CHARACTERS.match(text)
       @text = text
       @terms = Coppertone::TermsParser.new(terms_segment).terms
     end

data/lib/coppertone/request.rb

@@ -11,12 +11,22 @@ module Coppertone
     end
 
     def authenticate
+      process_helo || process_mailfrom || default_value
+    end
+
+    def process_helo
       check_spf_for_helo
-      return helo_result if helo_result && !helo_result.none?
+      return nil if helo_result && helo_result.none?
+      helo_result
+    end
 
+    def process_mailfrom
       check_spf_for_mailfrom
-      return mailfrom_result if mailfrom_result && !mailfrom_result.none?
+      return nil if mailfrom_result && mailfrom_result.none?
+      mailfrom_result
+    end
 
+    def default_value
       no_matching_record? ? Result.none : Result.neutral
     end
 

data/lib/coppertone/request_count_limiter.rb

@@ -17,7 +17,7 @@ module Coppertone
 
     def check_if_limit_exceeded
       return if limit.nil?
-      fail Coppertone::LimitExceededError, exception_message if exceeded?
+      raise Coppertone::LimitExceededError, exception_message if exceeded?
     end
 
     def exception_message

data/lib/coppertone/sender_identity.rb

@@ -3,7 +3,7 @@ module Coppertone
   # Parses the identity and ensures validity.  Also has accessor methods
   # for the macro letters.
   class SenderIdentity
-    DEFAULT_LOCALPART = 'postmaster'
+    DEFAULT_LOCALPART = 'postmaster'.freeze
     EMAIL_ADDRESS_SPLIT_REGEXP = /^(.*)@(.*?)$/
 
     attr_reader :sender, :localpart, :domain
@@ -12,9 +12,9 @@ module Coppertone
       initialize_localpart_and_domain
     end
 
-    alias_method :s, :sender
-    alias_method :l, :localpart
-    alias_method :o, :domain
+    alias s sender
+    alias l localpart
+    alias o domain
 
     private
 

data/lib/coppertone/terms_parser.rb

@@ -16,7 +16,7 @@ module Coppertone
 
     def parse_token(token)
       term = Term.build_from_token(token)
-      fail RecordParsingError unless term
+      raise RecordParsingError unless term
       term
     end
   end

data/lib/coppertone/utils/domain_utils.rb

@@ -11,6 +11,7 @@ module Coppertone
         return false if labels.length <= 1
         return false if domain.length > 253
         return false if labels.any? { |l| !valid_label?(l) }
+        return false unless valid_tld?(labels.last)
         true
       end
 
@@ -22,18 +23,19 @@ module Coppertone
         labels = to_labels(domain)
         return '.' if labels.size == 1
         labels.shift
-        return labels.join('.')
+        labels.join('.')
       end
 
       def self.to_ascii_labels(domain)
-        Addressable::IDNA.to_ascii(domain).split('.').map { |d| d.downcase }
+        Addressable::IDNA.to_ascii(domain).split('.').map(&:downcase)
       end
 
       def self.normalized_domain(domain)
         to_ascii_labels(domain).join('.')
       end
 
-      NO_DASH_REGEXP = /\A[a-zA-Z0-9]*[a-zA-Z]+[a-zA-Z0-9]*\z/
+      NO_DASH_NONNUMERIC_REGEXP = /\A[a-zA-Z0-9]*[a-zA-Z]+[a-zA-Z0-9]*\z/
+      NO_DASH_REGEXP = /\A[a-zA-Z0-9]+\z/
       DASH_REGEXP = /\A[a-zA-Z0-9]+\-[a-zA-Z0-9\-]*[a-zA-Z0-9]+\z/
 
       def self.valid_hostname_label?(l)
@@ -41,13 +43,20 @@ module Coppertone
         NO_DASH_REGEXP.match(l) || DASH_REGEXP.match(l)
       end
 
+      def self.valid_tld?(l)
+        return false unless valid_label?(l)
+        NO_DASH_NONNUMERIC_REGEXP.match(l) || DASH_REGEXP.match(l)
+      end
+
       def self.valid_ldh_domain?(domain)
         return false unless valid?(domain)
-        to_ascii_labels(domain).all? { |l| valid_hostname_label?(l) }
+        labels = to_ascii_labels(domain)
+        return false unless valid_tld?(labels.last)
+        labels.all? { |l| valid_hostname_label?(l) }
       end
 
       def self.valid_label?(l)
-        (l.length >= 0) && (l.length <= 63)
+        (l.length >= 0) && (l.length <= 63) && !l.match(/\s/)
       end
 
       def self.macro_expanded_domain(domain)

data/lib/coppertone/utils/ip_in_domain_checker.rb

@@ -1,5 +1,8 @@
 module Coppertone
-  module Utils  # rubocop:disable Style/Documentation
+  module Utils
+    # Checks the IP address from the request against an A or AAAA record
+    # for a domain.  Takes optional CIDR arguments so the match can
+    # check subnets
     class IPInDomainChecker
       def initialize(macro_context, request_context)
         @macro_context = macro_context

data/lib/coppertone/utils/validated_domain_finder.rb

@@ -1,5 +1,5 @@
 module Coppertone
-  module Utils  # rubocop:disable Style/Documentation
+  module Utils
     # A class used to find validated domains as defined in
     # section 5.5 of the RFC.
     class ValidatedDomainFinder

data/lib/coppertone/version.rb

@@ -1,3 +1,3 @@
-module Coppertone  # rubocop:disable Style/Documentation
-  VERSION = '0.0.6'.freeze
+module Coppertone
+  VERSION = '0.0.7'.freeze
 end

data/lib/coppertone.rb

@@ -1,4 +1,5 @@
 require 'active_support/core_ext/object/blank'
+require 'active_support/core_ext/object/try'
 
 # A library for evaluating, creating, and analyzing SPF records
 module Coppertone

data/spec/mechanism/a_spec.rb

@@ -199,15 +199,15 @@ describe Coppertone::Mechanism::A do
         dc = double(:dns_client)
         allow(dc).to receive(:fetch_a_records)
           .with(mech_domain).and_return([
-            {
-              type: 'A',
-              address: '74.125.239.117'
-            },
-            {
-              type: 'A',
-              address: '74.125.239.118'
-            }
-          ])
+                                          {
+                                            type: 'A',
+                                            address: '74.125.239.117'
+                                          },
+                                          {
+                                            type: 'A',
+                                            address: '74.125.239.118'
+                                          }
+                                        ])
         dc
       end
 

data/spec/mechanism/exists_spec.rb

@@ -84,11 +84,11 @@ describe Coppertone::Mechanism::Exists do
         dc = double(:dns_client)
         allow(dc).to receive(:fetch_a_records)
           .with(mech_domain).and_return([
-            {
-              type: 'A',
-              address: '74.125.234.117'
-            }
-          ])
+                                          {
+                                            type: 'A',
+                                            address: '74.125.234.117'
+                                          }
+                                        ])
         allow(dc).to receive(:fetch_a_records)
           .with(bad_domain).and_return([])
         dc

data/spec/mechanism/ip6_spec.rb

@@ -45,7 +45,6 @@ describe Coppertone::Mechanism::IP6 do
         Coppertone::Mechanism::IP6.new(':fe80::202:b3ff:fe1e:8329/384')
       end.to raise_error(Coppertone::InvalidMechanismError)
     end
-
   end
 
   context '#create' do

data/spec/open_spf/ALL_mechanism_syntax_spec.rb

@@ -34,5 +34,4 @@ describe 'ALL mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e5.example.com', 'mail.example.com', options)
     expect([:pass]).to include(result.code)
   end
-
 end

data/spec/open_spf/A_mechanism_syntax_spec.rb

@@ -155,5 +155,4 @@ describe 'A mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e13.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/EXISTS_mechanism_syntax_spec.rb

@@ -42,5 +42,4 @@ describe 'EXISTS mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('CAFE:BABE::3', 'foo@e6.example.com', 'mail.example.com', options)
     expect([:temperror]).to include(result.code)
   end
-
 end

data/spec/open_spf/IP4_mechanism_syntax_spec.rb

@@ -55,5 +55,4 @@ describe 'IP4 mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('::FFFF:1.2.3.4', 'foo@e7.example.com', 'mail.example.com', options)
     expect([:fail]).to include(result.code)
   end
-
 end

data/spec/open_spf/IP6_mechanism_syntax_spec.rb

@@ -56,5 +56,4 @@ describe 'IP6 mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e6.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Include_mechanism_semantics_and_syntax_spec.rb

@@ -52,5 +52,4 @@ describe 'Include mechanism semantics and syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e8.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Initial_processing_spec.rb

@@ -80,5 +80,4 @@ describe 'Initial processing' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'actually@fine.example.com', 'hosed', options)
     expect([:fail]).to include(result.code)
   end
-
 end

data/spec/open_spf/MX_mechanism_syntax_spec.rb

@@ -115,5 +115,4 @@ describe 'MX mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e13.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Macro_expansion_rules_spec.rb

@@ -146,5 +146,4 @@ describe 'Macro expansion rules' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo-bar+zip+quux@e12.example.com', 'mail.example.com', options)
     expect([:pass]).to include(result.code)
   end
-
 end

data/spec/open_spf/PTR_mechanism_syntax_spec.rb

@@ -38,5 +38,4 @@ describe 'PTR mechanism syntax' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e5.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Processing_limits_spec.rb

@@ -68,5 +68,4 @@ describe 'Processing limits' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@e11.example.com', 'mail.example.com', options)
     expect([:permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Record_evaluation_spec.rb

@@ -71,5 +71,4 @@ describe 'Record evaluation' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@t12.example.com', '%%%%%%%%%%%%%%%%%%%%%%', options)
     expect([:fail, :permerror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Record_lookup_spec.rb

@@ -44,5 +44,4 @@ describe 'Record lookup' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@alltimeout.example.net', 'mail.example.net', options)
     expect([:temperror]).to include(result.code)
   end
-
 end

data/spec/open_spf/Selecting_records_spec.rb

@@ -57,5 +57,4 @@ describe 'Selecting records' do
     result = Coppertone::SpfService.authenticate_email('1.2.3.4', 'foo@example9.com', 'mail.example1.com', options)
     expect([:softfail]).to include(result.code)
   end
-
 end

data/spec/open_spf/Semantics_of_exp_and_other_modifiers_spec.rb

@@ -165,5 +165,4 @@ describe 'Semantics of exp and other modifiers' do
     result = Coppertone::SpfService.authenticate_email('192.0.2.2', 'bar@e24.example.com', 'e24.example.com', options)
     expect([:pass]).to include(result.code)
   end
-
 end

data/spec/open_spf/Test_cases_from_implementation_bugs_spec.rb

@@ -13,5 +13,4 @@ describe 'Test cases from implementation bugs' do
     result = Coppertone::SpfService.authenticate_email('2001:db8:ff0:100::2', 'test@example.org', 'example.org', options)
     expect([:pass]).to include(result.code)
   end
-
 end

data/spec/record_spec.rb

@@ -138,9 +138,9 @@ describe Coppertone::Record do
 
     it 'should yield a set of the includes, in order' do
       r = Coppertone::Record
-        .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.domain2.com ~all exp=explain._spf.%{d}')
+          .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.domain2.com ~all exp=explain._spf.%{d}')
       includes = r.includes
-      expect(includes.map(&:mechanism).all? {|i| i.is_a?(Coppertone::Mechanism::Include)}).to be_truthy
+      expect(includes.map(&:mechanism).all? { |i| i.is_a?(Coppertone::Mechanism::Include) }).to be_truthy
       expect(includes.map(&:target_domain)).to eq(%w(_spf.domain1.com _spf.domain2.com))
     end
   end
@@ -148,19 +148,19 @@ describe Coppertone::Record do
   context '#context_dependent_evaluation?' do
     it 'should be false when the record is not context dependent' do
       r = Coppertone::Record
-        .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.domain2.com ~all exp=explain._spf.source.com')
+          .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.domain2.com ~all exp=explain._spf.source.com')
       expect(r).not_to be_context_dependent_evaluation
     end
 
     it 'should be false when the record has a context dependent redirect' do
       r = Coppertone::Record
-        .new('v=spf1 redirect=explain._spf.%{h}')
+          .new('v=spf1 redirect=explain._spf.%{h}')
       expect(r).to be_context_dependent_evaluation
     end
 
     it 'should be false when the record has a context dependent directive' do
       r = Coppertone::Record
-        .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.%{l}.domain2.com ~all exp=explain._spf.static.com')
+          .new('v=spf1 include:_spf.domain1.com ip4:1.2.3.4 include:_spf.%{l}.domain2.com ~all exp=explain._spf.static.com')
       expect(r).to be_context_dependent_evaluation
     end
   end

data/spec/utils/domain_utils_spec.rb

@@ -11,6 +11,11 @@ describe Coppertone::Utils::DomainUtils do
       expect(subject.valid?('abc.bit.ly')).to eq(true)
     end
 
+    it 'should validate domains with numeric labels' do
+      expect(subject.valid?('abc.126.com')).to eq(true)
+      expect(subject.valid?('37.com')).to eq(true)
+    end
+
     it 'should validate domains when they are dot-terminated' do
       expect(subject.valid?('gmail.com.')).to eq(true)
       expect(subject.valid?('fermion.mit.edu.')).to eq(true)
@@ -26,6 +31,19 @@ describe Coppertone::Utils::DomainUtils do
       expect(subject.valid?('清华大学.cn')).to eq(true)
       expect(subject.valid?('ジェーピーニック.jp')).to eq(true)
     end
+
+    it 'should reject labels containing whitespace' do
+      expect(subject.valid?('mail mike.net')).to eq(false)
+    end
+
+    it 'should validate domains with underscores' do
+      expect(subject.valid?('_dmarc.126.com')).to eq(true)
+      expect(subject.valid?('abcd._domainkey.gmail.com')).to eq(true)
+    end
+
+    it 'should reject IP addresses' do
+      expect(subject.valid?('192.38.7.14')).to eq(false)
+    end
   end
 
   context '#macro_expanded_domain' do
@@ -53,7 +71,7 @@ describe Coppertone::Utils::DomainUtils do
     end
 
     it 'truncates overlong domains' do
-      domain_candidate_labels = 50.times.map { "a-#{SecureRandom.hex(2)}" }
+      domain_candidate_labels = Array.new(50) { "a-#{SecureRandom.hex(2)}" }
       domain_candidate = domain_candidate_labels.join('.')
       truncated_labels = domain_candidate_labels.drop(14)
       truncated_domain = truncated_labels.join('.')
@@ -65,7 +83,8 @@ describe Coppertone::Utils::DomainUtils do
 
   context '#parent_domain' do
     it 'should handle hostnames correctly' do
-      expect(subject.parent_domain('abc.xyz.example.com')).to eq('xyz.example.com')
+      expect(subject.parent_domain('abc.xyz.example.com'))
+        .to eq('xyz.example.com')
     end
 
     it 'should handle TLDs correctly' do
@@ -75,12 +94,57 @@ describe Coppertone::Utils::DomainUtils do
 
   context '#normalized_domain' do
     it 'should handle ASCII hostnames correctly' do
-      expect(subject.normalized_domain('abc.xyz.example.com')).to eq('abc.xyz.example.com')
-      expect(subject.normalized_domain('ABc.xYz.exAMPle.COM')).to eq('abc.xyz.example.com')
+      expect(subject.normalized_domain('abc.xyz.example.com'))
+        .to eq('abc.xyz.example.com')
+      expect(subject.normalized_domain('ABc.xYz.exAMPle.COM'))
+        .to eq('abc.xyz.example.com')
     end
 
     it 'should handle Unicode domains correctly' do
-      expect(subject.normalized_domain('FERMIon.清华大学.cn')).to eq('fermion.xn--xkry9kk1bz66a.cn')
+      expect(subject.normalized_domain('FERMIon.清华大学.cn'))
+        .to eq('fermion.xn--xkry9kk1bz66a.cn')
+    end
+  end
+
+  context '#valid_ldh_domain?' do
+    it 'should validate standard domains' do
+      expect(subject.valid_ldh_domain?('gmail.com')).to eq(true)
+      expect(subject.valid_ldh_domain?('fermion.mit.edu')).to eq(true)
+      expect(subject.valid_ldh_domain?('abc.bit.ly')).to eq(true)
+    end
+
+    it 'should validate domains with numeric labels' do
+      expect(subject.valid_ldh_domain?('abc.126.com')).to eq(true)
+      expect(subject.valid_ldh_domain?('37.com')).to eq(true)
+    end
+
+    it 'should validate domains when they are dot-terminated' do
+      expect(subject.valid_ldh_domain?('gmail.com.')).to eq(true)
+      expect(subject.valid_ldh_domain?('fermion.mit.edu.')).to eq(true)
+      expect(subject.valid_ldh_domain?('abc.bit.ly.')).to eq(true)
+    end
+
+    it 'should reject domains with less than two labels' do
+      expect(subject.valid_ldh_domain?('')).to eq(false)
+      expect(subject.valid_ldh_domain?('one')).to eq(false)
+    end
+
+    it 'should handle IDNA domains' do
+      expect(subject.valid_ldh_domain?('清华大学.cn')).to eq(true)
+      expect(subject.valid_ldh_domain?('ジェーピーニック.jp')).to eq(true)
+    end
+
+    it 'should reject labels containing whitespace' do
+      expect(subject.valid_ldh_domain?('mail mike.net')).to eq(false)
+    end
+
+    it 'should reject domains with underscores' do
+      expect(subject.valid_ldh_domain?('_dmarc.126.com')).to eq(false)
+      expect(subject.valid_ldh_domain?('abcd._domainkey.gmail.com')).to eq(false)
+    end
+
+    it 'should reject IP addresses' do
+      expect(subject.valid_ldh_domain?('192.38.7.14')).to eq(false)
     end
   end
 end