generate
Create DNS and email security remediation artifacts including SPF records, DMARC policies, DKIM configs, MTA-STS policies, fix plans, and rollout plans.
Instructions
Generate a DNS/email security remediation artifact. Artifact types: spf_record (build a new SPF record), dmarc_record (create a DMARC policy), dkim_config (DKIM key setup), mta_sts_policy (generate an MTA-STS policy file), fix_plan (prioritized remediation plan for all findings), or rollout_plan (phased DMARC enforcement timeline). Use when asked to generate or create a record or policy.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain (e.g., example.com) | |
| format | No | Output verbosity. Auto-detected if omitted. | |
| policy | No | dmarc_record: policy (default "reject"). | |
| artifact | Yes | Which artifact to generate (e.g., "dmarc_record", "fix_plan"). | |
| mx_hosts | No | mta_sts_policy: MX hosts. Omit to detect from DNS. | |
| provider | No | dkim_config: provider (e.g., "google"). Omit for generic. | |
| timeline | No | rollout_plan: rollout speed (default: standard). | |
| rua_email | No | dmarc_record: report email. Default: dmarc-reports@{domain}. | |
| force_refresh | No | fix_plan: bypass cache and run a fresh scan. | |
| target_policy | No | rollout_plan: target DMARC policy (default: reject). | |
| include_providers | No | spf_record: providers to include (e.g., ["google"]). |