@vlayer/sdk 0.1.0-nightly-20250127-5ee6ca8 → 0.1.0-nightly-20250128-0a32cfc

package/package.json

@@ -27,7 +27,7 @@
       "default": "./dist/config/index.js"
     }
   },
-  "version": "0.1.0-nightly-20250127-5ee6ca8",
+  "version": "0.1.0-nightly-20250128-0a32cfc",
   "scripts": {
     "build": "bun tsc --project tsconfig.build.json && bun tsc-alias",
     "test:unit": "vitest --run",
@@ -62,6 +62,7 @@
   },
   "files": [
     "dist/",
+    "src/",
     "package.json",
     "README.md"
   ]

package/src/api/email/dnsResolver.test.ts

@@ -0,0 +1,19 @@
+import { describe, expect, test } from "vitest";
+import { DnsResolver } from "./dnsResolver";
+
+const resolver = new DnsResolver("https://dns.google/resolve");
+
+describe("resolveDkimDns Integration", () => {
+  test("resolves vlayer DNS", async () => {
+    const resolved = await resolver.resolveDkimDns("google", "vlayer.xyz");
+    const expected =
+      "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDLLSKLb3eyflXzeHwBz8qqg9mfpmMY+f1tp+HpwlEOeN5iHO0s4sCd2QbG2i/DJRzryritRnjnc4i2NJ/IJfU8XZdjthotcFUY6rrlFld20a13q8RYBBsETSJhYnBu+DMdIF9q3YxDtXRFNpFCpI1uIeA/x+4qQJm3KTZQWdqi/BVnbsBA6ZryQCOOJC3Ae0oodvz80yfEJUAi9hAGZWqRn+Mprlyu749uQ91pTOYCDCbAn+cqhw8/mY5WMXFqrw9AdfWrk+MwXHPVDWBs8/Hm8xkWxHOqYs9W51oZ/Je3WWeeggyYCZI9V+Czv7eF8BD/yF9UxU/3ZWZPM8EWKKQIDAQAB";
+    expect(resolved.dnsRecord.data).toBe(expected);
+  });
+
+  test("throws error if dns not found", async () => {
+    await expect(
+      resolver.resolveDkimDns("abcd", "not-a-domain.com"),
+    ).rejects.toThrow();
+  });
+});

package/src/api/email/dnsResolver.ts

@@ -0,0 +1,87 @@
+import { toByteArray } from "base64-js";
+import { toHex } from "viem";
+
+interface DnsResponse {
+  Status: number;
+  TC: boolean;
+  RD: boolean;
+  RA: boolean;
+  AD: boolean;
+  CD: boolean;
+  Question: {
+    name: string;
+    type: number;
+  }[];
+  Answer:
+    | {
+        name: string;
+        type: number;
+        TTL: number;
+        data: string;
+      }[]
+    | undefined;
+  VerificationData:
+    | {
+        valid_until: number;
+        signature: string;
+        pub_key: string;
+      }
+    | undefined;
+}
+
+function parseBase64(data: string): `0x${string}` {
+  return toHex(toByteArray(data));
+}
+
+function parseVerificationData(response: DnsResponse) {
+  if (!response.VerificationData) {
+    console.warn(`No verification data in DNS response`);
+    return {
+      validUntil: 0n,
+      signature: "0x" as const,
+      pubKey: "0x" as const,
+    };
+  }
+  return {
+    validUntil: BigInt(response.VerificationData.valid_until),
+    signature: parseBase64(response.VerificationData.signature),
+    pubKey: parseBase64(response.VerificationData.pub_key),
+  };
+}
+
+function takeLastAnswer(response: DnsResponse) {
+  const answer = response.Answer;
+  if (!answer || answer?.length == 0) {
+    throw new Error(
+      `No DNS answer found\n${JSON.stringify(response, null, 2)}`,
+    );
+  }
+  const record = answer.flat().at(-1)!;
+  return {
+    recordType: record.type,
+    ttl: BigInt(record.TTL),
+    ...record,
+  };
+}
+
+export class DnsResolver {
+  constructor(private host: string) {}
+
+  async resolveDkimDns(selector: string, domain: string) {
+    const response = (await (
+      await fetch(
+        `${this.host}?name=${selector}._domainkey.${domain}&type=TXT`,
+        {
+          headers: {
+            accept: "application/dns-json",
+          },
+        },
+      )
+    ).json()) as DnsResponse;
+
+    return {
+      dnsRecord: takeLastAnswer(response),
+      verificationData: parseVerificationData(response),
+    };
+  }
+}

package/src/api/email/parseEmail.test.ts

@@ -0,0 +1,133 @@
+import { describe, expect, test } from "vitest";
+import { getDkimSigners, parseEmail, parseParams } from "./parseEmail";
+
+const emailHeaders = `From: "John Doe" <john@d.oe>
+To: "Jane Doe" <jane@d.oe>
+Subject: Hello World
+Date: Thu, 1 Jan 1970 00:00:00 +0000
+`;
+
+const dkimHeader =
+  "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; h=from:to:subject; s=selector1; b=abcdef;";
+
+const body = "Hello, World!";
+
+const emailFixture = `${emailHeaders}${dkimHeader}\n\n${body}`;
+
+describe("parseEmail", () => {
+  test("should get dkim header from email", async () => {});
+
+  test("correctly parses untrimmed email", async () => {
+    const untrimmed = `\n   ${emailFixture}    \n`;
+    const email = await parseEmail(untrimmed);
+    expect(email.headers.find((h) => h.key === "dkim-signature")).toBeDefined();
+  });
+
+  test("works well with multiple dkim headers", async () => {
+    const dkimHeader2 =
+      "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=second.signer; h=from:to:subject; s=selector2; b=abcdef;";
+
+    const email = await parseEmail(
+      `${emailHeaders}${dkimHeader}\n${dkimHeader2}\n\n${body}`,
+    );
+    const dkim = email.headers.filter((h) => h.key === "dkim-signature");
+
+    expect(dkim).toHaveLength(2);
+    expect(parseParams(dkim[0].value).s).toBe("selector1");
+    expect(parseParams(dkim[1].value).s).toBe("selector2");
+  });
+});
+
+describe("getDkimSigners", () => {
+  test("should get dkim signers from email", async () => {
+    const email = await parseEmail(emailFixture);
+    const dkim = getDkimSigners(email);
+    expect(dkim).toHaveLength(1);
+    expect(dkim[0].domain).toBe("example.com");
+    expect(dkim[0].selector).toBe("selector1");
+  });
+
+  test("should get multiple dkim signers from email", async () => {
+    const dkimHeader2 =
+      "DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=second.signer; h=from:to:subject; s=selector2; b=abcdef;";
+    const email = await parseEmail(
+      `${emailHeaders}${dkimHeader}\n${dkimHeader2}\n\n${body}`,
+    );
+
+    const dkim = getDkimSigners(email);
+    expect(dkim).toHaveLength(2);
+    expect(dkim[0].domain).toBe("example.com");
+    expect(dkim[0].selector).toBe("selector1");
+    expect(dkim[1].domain).toBe("second.signer");
+    expect(dkim[1].selector).toBe("selector2");
+  });
+
+  test("should throw if no dkim header found", async () => {
+    const email = await parseEmail(emailHeaders);
+    expect(() => getDkimSigners(email)).toThrowError("No DKIM header found");
+  });
+
+  test("should throw if dkim header is invalid", async () => {
+    const email = await parseEmail(
+      `${emailHeaders}DKIM-Signature: invalid\n\n${body}`,
+    );
+    expect(() => getDkimSigners(email)).toThrowError(
+      "DKIM header missing domain",
+    );
+  });
+
+  test("should throw if dkim header is missing domain", async () => {
+    const email = await parseEmail(
+      `${emailHeaders}DKIM-Signature: v=1; s=selector\n\n${body}`,
+    );
+    expect(() => getDkimSigners(email)).toThrowError(
+      "DKIM header missing domain",
+    );
+  });
+
+  test("should throw if dkim header is missing selector", async () => {
+    const email = await parseEmail(
+      `${emailHeaders}DKIM-Signature: v=1; d=example.com\n\n${body}`,
+    );
+    expect(() => getDkimSigners(email)).toThrowError(
+      "DKIM header missing selector",
+    );
+  });
+});
+
+describe("parseParams", () => {
+  test("should parse single parameter", () => {
+    const params = parseParams("a=b");
+    expect(params).toEqual({ a: "b" });
+  });
+
+  test("should parse multiple parameters", () => {
+    const params = parseParams("a=b; c=d; e=f");
+    expect(params).toEqual({ a: "b", c: "d", e: "f" });
+  });
+
+  test("should trim spaces around parameters", () => {
+    const params = parseParams(" a = b ; c = d ; e = f ");
+    expect(params).toEqual({ a: "b", c: "d", e: "f" });
+  });
+
+  test("should handle empty values", () => {
+    const params = parseParams("a=; b=c");
+    expect(params).toEqual({ a: "", b: "c" });
+  });
+
+  test("should handle missing values", () => {
+    const params = parseParams("a; b=c");
+    expect(params).toEqual({ a: undefined, b: "c" });
+  });
+
+  test("should handle empty string", () => {
+    const params = parseParams("");
+    expect(params).toEqual({});
+  });
+
+  test("should handle parameters with extra semicolons", () => {
+    const params = parseParams("a=b;; c=d;");
+    expect(params).toEqual({ a: "b", c: "d" });
+  });
+});

package/src/api/email/parseEmail.ts

@@ -0,0 +1,55 @@
+import PostalMime, { type Email, type Header } from "postal-mime";
+
+export class DkimParsingError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "DkimParsingError";
+  }
+}
+
+export interface DkimDomainSelector {
+  domain: string;
+  selector: string;
+}
+
+export async function parseEmail(mime: string) {
+  return await PostalMime.parse(mime.trim());
+}
+
+export function getDkimSigners(mail: Email): DkimDomainSelector[] {
+  const dkimHeader = mail.headers.filter((h) => h.key === "dkim-signature");
+  if (dkimHeader.length === 0) {
+    throw new DkimParsingError("No DKIM header found");
+  }
+  return dkimHeader.map(parseHeader);
+}
+
+export function parseParams(str: string) {
+  return Object.fromEntries(
+    str.split(";").map((s) =>
+      s
+        .trim()
+        .split("=")
+        .map((v) => v && v.trim()),
+    ),
+  ) as Record<string, string>;
+}
+
+function parseHeader(header: Header): DkimDomainSelector {
+  const params = parseParams(header.value);
+  if (!params) {
+    throw new DkimParsingError(`Invalid DKIM header ${header.value}`);
+  }
+
+  if (!params.d) {
+    throw new DkimParsingError("DKIM header missing domain");
+  }
+
+  if (!params.s) {
+    throw new DkimParsingError("DKIM header missing selector");
+  }
+  return {
+    domain: params.d,
+    selector: params.s,
+  };
+}

package/src/api/email/preverify.test.ts

@@ -0,0 +1,201 @@
+import { describe, expect, test } from "vitest";
+import { readFile } from "testHelpers/readFile";
+import { findIndicesOfMatchingDomains, preverifyEmail } from "./preverify";
+
+const rawEmail = readFile("./src/api/email/testdata/test_email.txt");
+
+describe("Preverify email: integration", () => {
+  test("adds dns record to email mime", async () => {
+    const preverifiedEmail = await preverifyEmail(
+      rawEmail,
+      "https://dns.google/resolve",
+    );
+    expect(preverifiedEmail.email).toBe(rawEmail);
+    expect(preverifiedEmail.dnsRecord).toMatchObject({
+      name: "20230601._domainkey.google.com.",
+      recordType: 16,
+      ttl: expect.any(BigInt), // eslint-disable-line @typescript-eslint/no-unsafe-assignment
+      data: expect.stringContaining("v=DKIM1; k=rsa; p="), // eslint-disable-line @typescript-eslint/no-unsafe-assignment
+    });
+    expect(preverifiedEmail.dnsRecord.data).toContain("v=DKIM1; k=rsa; p=");
+  });
+
+  test("throws error if DKIM not found", async () => {
+    const emailWithNoDkimHeader = 'From: "Alice"\n\nBody';
+    await expect(
+      preverifyEmail(emailWithNoDkimHeader, "https://dns.google/resolve"),
+    ).rejects.toThrow("No DKIM header found");
+  });
+
+  test("throws error if DNS could not be resolved", async () => {
+    const emailWithNoDkimHeader = readFile(
+      "./src/api/email/testdata/test_email_unknown_domain.txt",
+    );
+    await expect(
+      preverifyEmail(emailWithNoDkimHeader, "https://dns.google/resolve"),
+    ).rejects.toThrow();
+  });
+
+  describe("multiple DKIM headers", () => {
+    function addDkimWithDomain(domain: string, email: string) {
+      return `DKIM-Signature: v=1; a=rsa-sha256; d=${domain};
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+${email}`;
+    }
+
+    function addFakeDkimWithDomain(domain: string, email: string) {
+      return `X-${addDkimWithDomain(domain, email)}`;
+    }
+
+    test("looks for DKIM header with the domain matching the sender and removes all other DKIM headers", async () => {
+      const emailWithAddedHeaders = ["example.com", "hello.kitty"].reduce(
+        (email, domain) => addDkimWithDomain(domain, email),
+        rawEmail,
+      );
+      const email = await preverifyEmail(
+        emailWithAddedHeaders,
+        "https://dns.google/resolve",
+      );
+      expect(
+        email.email
+          .startsWith(`X-DKIM-Signature: v=1; a=rsa-sha256; d=hello.kitty;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+X-DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;\r
+ c=simple/simple; d=google.com;`),
+      ).toBeTruthy();
+      expect(email.dnsRecord.data).toEqual(
+        "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zd3nfUoLHWFbfoPZzAb8bvjsFIIFsNypweLuPe4M+vAP1YxObFxRnpvLYz7Z+bORKLber5aGmgFF9iaufsH1z0+aw8Qex7uDaafzWoJOM/6lAS5iI0JggZiUkqNpRQLL7H6E7HcvOMC61nJcO4r0PwLDZKwEaCs8gUHiqRn/SS3wqEZX29v/VOUVcI4BjaOzOCLaz7V8Bkwmj4Rqq4kaLQQrbfpjas1naScHTAmzULj0Rdp+L1vVyGitm+dd460PcTIG3Pn+FYrgQQo2fvnTcGiFFuMa8cpxgfH3rJztf1YFehLWwJWgeXTriuIyuxUabGdRQu7vh7GrObTsHmIHwIDAQAB",
+      );
+    });
+
+    test("throws error if no DNS record domain matches the sender", async () => {
+      const emailWithOneDkimHeader = readFile(
+        "./src/api/email/testdata/test_email_unknown_domain.txt",
+      );
+      const emailWithAddedHeaders = addDkimWithDomain(
+        "otherdomain.com",
+        emailWithOneDkimHeader,
+      );
+      await expect(
+        preverifyEmail(emailWithAddedHeaders, "https://dns.google/resolve"),
+      ).rejects.toThrow("Found 0 DKIM headers matching the sender domain");
+    });
+
+    test("removes signatures from subdomain signers", async () => {
+      const email = await preverifyEmail(
+        addDkimWithDomain("subdomain.google.com", rawEmail),
+        "https://dns.google/resolve",
+      );
+      expect(
+        email.email
+          .startsWith(`X-DKIM-Signature: v=1; a=rsa-sha256; d=subdomain.google.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;\r
+ c=simple/simple; d=google.com;`),
+      ).toBeTruthy();
+    });
+
+    test("removes signatures with mismatching subdomains", async () => {
+      const emailWithAddedHeaders = addDkimWithDomain(
+        "subdomain.google.com",
+        readFile("./src/api/email/testdata/test_email_subdomain.txt"),
+      );
+      await expect(
+        preverifyEmail(emailWithAddedHeaders, "https://dns.google/resolve"),
+      ).rejects.toThrow("Found 0 DKIM headers matching the sender domain");
+    });
+
+    test("throws error if multiple DNS record domains match the sender", async () => {
+      let emailWithAddedHeaders = addDkimWithDomain("google.com", rawEmail);
+      emailWithAddedHeaders = addDkimWithDomain(
+        "google.com",
+        emailWithAddedHeaders,
+      );
+      await expect(
+        preverifyEmail(emailWithAddedHeaders, "https://dns.google/resolve"),
+      ).rejects.toThrow("Found 3 DKIM headers matching the sender domain");
+    });
+
+    test("ignores x-dkim-signature headers", async () => {
+      const emailWithPrefixedDkim = addFakeDkimWithDomain(
+        "example.com",
+        addFakeDkimWithDomain("example.com", rawEmail),
+      );
+      const email = await preverifyEmail(
+        emailWithPrefixedDkim,
+        "https://dns.google/resolve",
+      );
+      expect(
+        email.email
+          .startsWith(`X-DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+X-DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;\r
+ c=simple/simple; d=google.com;`),
+      ).toBeTruthy();
+    });
+
+    test("ignores dkim-signature somewhere inside a header", async () => {
+      const headerWithDkim = `WTF-IS-THIS-HEADER: DKIM-SIGNATURE;`;
+      const emailWithDkimInHeader = `${headerWithDkim}\n${addDkimWithDomain("example.com", rawEmail)}`;
+      const email = await preverifyEmail(
+        emailWithDkimInHeader,
+        "https://dns.google/resolve",
+      );
+      expect(
+        email.email.startsWith(`WTF-IS-THIS-HEADER: DKIM-SIGNATURE;
+X-DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;\r
+ c=simple/simple; d=google.com;`),
+      ).toBeTruthy();
+    });
+
+    test("ignores dkim-signature somewhere inside a body", async () => {
+      const emailWithAddedDkim = addDkimWithDomain("example.com", rawEmail);
+      const emailWithDkimsInBody = `${emailWithAddedDkim}\ndkim-signature   dkim-signature\r\ndkim-signature`;
+      const email = await preverifyEmail(
+        emailWithDkimsInBody,
+        "https://dns.google/resolve",
+      );
+      expect(
+        email.email
+          .startsWith(`X-DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
+ s=selector; c=relaxed/relaxed; q=dns/txt; bh=; h=From:Subject:Date:To; b=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;\r
+ c=simple/simple; d=google.com;`),
+      ).toBeTruthy();
+      expect(
+        email.email.endsWith(
+          `\ndkim-signature   dkim-signature\r\ndkim-signature`,
+        ),
+      ).toBeTruthy();
+    });
+  });
+});
+
+describe("findIndicesOfMatchingDomains", () => {
+  test("returns indices of matching domains", () => {
+    const signers = [
+      { domain: "example.com", selector: "selector1" },
+      { domain: "other.other", selector: "selector2" },
+      { domain: "example.com", selector: "selector3" },
+    ];
+    expect(
+      findIndicesOfMatchingDomains(signers, "some@example.com"),
+    ).toStrictEqual([0, 2]);
+  });
+
+  test("returns empty array if no matching domains", () => {
+    const signers = [
+      { domain: "example.com", selector: "selector1" },
+      { domain: "example.org", selector: "selector2" },
+    ];
+    expect(findIndicesOfMatchingDomains(signers, "other.other")).toStrictEqual(
+      [],
+    );
+  });
+});

package/src/api/email/preverify.ts

@@ -0,0 +1,70 @@
+import {
+  type DkimDomainSelector,
+  getDkimSigners,
+  parseEmail,
+} from "./parseEmail";
+import { DnsResolver } from "./dnsResolver";
+import { prefixAllButNthSubstring } from "../utils/prefixAllButNthSubstring";
+
+export function findIndicesOfMatchingDomains(
+  signers: DkimDomainSelector[],
+  expectedOrigin: string,
+) {
+  return signers
+    .map(({ domain }) => expectedOrigin.endsWith(`@${domain}`))
+    .map((isMatch, index) => (isMatch ? index : -1))
+    .filter((index) => index !== -1);
+}
+
+function requireSameOrigin(
+  mimeEmail: string,
+  signers: DkimDomainSelector[],
+  fromAddress: string,
+) {
+  const matchingIndices = findIndicesOfMatchingDomains(signers, fromAddress);
+
+  if (matchingIndices.length != 1) {
+    throw new Error(
+      `Found ${matchingIndices.length} DKIM headers matching the sender domain`,
+    );
+  }
+
+  const [matchingIndex] = matchingIndices;
+
+  return [
+    prefixAllButNthSubstring(
+      mimeEmail,
+      /^\s*dkim-signature/gim,
+      signers.length,
+      matchingIndex,
+    ),
+    [signers[matchingIndex]] as DkimDomainSelector[],
+  ] as const;
+}
+
+export async function preverifyEmail(
+  mimeEmail: string,
+  dnsResolverUrl: string,
+) {
+  const parsedEmail = await parseEmail(mimeEmail);
+  let signers = getDkimSigners(parsedEmail);
+  const fromAddress = parsedEmail.from.address;
+
+  if (!fromAddress) {
+    throw new Error("No from address found");
+  }
+  if (signers.length === 0) {
+    throw new Error("No DKIM header found");
+  }
+  [mimeEmail, signers] = requireSameOrigin(mimeEmail, signers, fromAddress);
+
+  const [{ domain, selector }] = signers;
+  const resolver = new DnsResolver(dnsResolverUrl);
+
+  const dnsResponse = await resolver.resolveDkimDns(selector, domain);
+
+  return {
+    email: mimeEmail,
+    ...dnsResponse,
+  };
+}

package/src/api/email/testdata/test_email.txt

@@ -0,0 +1,21 @@
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ c=simple/simple; d=google.com;
+ h=Received:From:To:Subject:Date:Message-ID; i=joe@google.com;
+ s=20230601; t=1615825284; v=1;
+ b=Xh4Ujb2wv5x54gXtulCiy4C0e+plRm6pZ4owF+kICpYzs/8WkTVIDBrzhJP0DAYCpnL62T0G
+ k+0OH8pi/yqETVjKtKk+peMnNvKkut0GeWZMTze0bfq3/JUK3Ln3jTzzpXxrgVnvBxeY9EZIL4g
+ s4wwFRRKz/1bksZGSjD8uuSU=
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@google.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.

package/src/api/email/testdata/test_email_multiple_dkims.txt

@@ -0,0 +1,28 @@
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ c=simple/simple; d=google.com;
+ h=Received:From:To:Subject:Date:Message-ID; i=joe@football.example.com;
+ s=20230601; t=1615825284; v=1;
+ b=Xh4Ujb2wv5x54gXtulCiy4C0e+plRm6pZ4owF+kICpYzs/8WkTVIDBrzhJP0DAYCpnL62T0G
+ k+0OH8pi/yqETVjKtKk+peMnNvKkut0GeWZMTze0bfq3/JUK3Ln3jTzzpXxrgVnvBxeY9EZIL4g
+ s4wwFRRKz/1bksZGSjD8uuSU=
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ c=simple/simple; d=google.com;
+ h=Received:From:To:Subject:Date:Message-ID; i=joe@football.example.com;
+ s=20230601; t=1615825284; v=1;
+ b=Xh4Ujb2wv5x54gXtulCiy4C0e+plRm6pZ4owF+kICpYzs/8WkTVIDBrzhJP0DAYCpnL62T0G
+ k+0OH8pi/yqETVjKtKk+peMnNvKkut0GeWZMTze0bfq3/JUK3Ln3jTzzpXxrgVnvBxeY9EZIL4g
+ s4wwFRRKz/1bksZGSjD8uuSU=
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.

package/src/api/email/testdata/test_email_subdomain.txt

@@ -0,0 +1,21 @@
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ c=simple/simple; d=subdomain.google.com;
+ h=Received:From:To:Subject:Date:Message-ID; i=joe@google.com;
+ s=20230601; t=1615825284; v=1;
+ b=Xh4Ujb2wv5x54gXtulCiy4C0e+plRm6pZ4owF+kICpYzs/8WkTVIDBrzhJP0DAYCpnL62T0G
+ k+0OH8pi/yqETVjKtKk+peMnNvKkut0GeWZMTze0bfq3/JUK3Ln3jTzzpXxrgVnvBxeY9EZIL4g
+ s4wwFRRKz/1bksZGSjD8uuSU=
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@google.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.

package/src/api/email/testdata/test_email_unknown_domain.txt

@@ -0,0 +1,21 @@
+DKIM-Signature: a=rsa-sha256; bh=2jUSOH9NhtVGCQWNr9BrIAPreKQjO6Sn7XIkfJVOzv8=;
+ c=simple/simple; d=foobar.xyz;
+ h=Received:From:To:Subject:Date:Message-ID; i=joe@football.example.com;
+ s=wertyu; t=1615825284; v=1;
+ b=Xh4Ujb2wv5x54gXtulCiy4C0e+plRm6pZ4owF+kICpYzs/8WkTVIDBrzhJP0DAYCpnL62T0G
+ k+0OH8pi/yqETVjKtKk+peMnNvKkut0GeWZMTze0bfq3/JUK3Ln3jTzzpXxrgVnvBxeY9EZIL4g
+ s4wwFRRKz/1bksZGSjD8uuSU=
+Received: from client1.football.example.com  [192.0.2.1]
+      by submitserver.example.com with SUBMISSION;
+      Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
+From: Joe SixPack <joe@football.example.com>
+To: Suzie Q <suzie@shopping.example.net>
+Subject: Is dinner ready?
+Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
+Message-ID: <20030712040037.46341.5F8J@football.example.com>
+
+Hi.
+
+We lost the game. Are you hungry yet?
+
+Joe.