Add email security posture review skill

[BryanGM12]

/claim #963

Pull Request Checklist

• Skill follows the format specification in CONTRIBUTING.md
• At least one real framework is cited with correct control IDs
• All framework references verified against primary sources (not blogs or AI output)
• Prompt Injection Safety Notice section included
• injection-hardened: true set in frontmatter
• allowed-tools scoped to minimum necessary permissions
• Tested with at least one AI coding agent (Codex)
• No prohibited patterns per SECURITY.md
• index.yaml updated with new skill entry

What This PR Does

Adds skills/network/email-security/, a new email security posture review skill for domain authentication, anti-spoofing, and SMTP transport controls.

This implements proposal #963 and covers:

• sender inventory for primary domains, subdomains, non-sending domains, and third-party SaaS senders;
• SPF authorization, lookup-limit risk, no-send posture, and DMARC alignment boundaries;
• DKIM selector inventory, signing-domain alignment, key/selector ownership, and stale selector handling;
• DMARC policy, subdomain behavior, aggregate/failure reporting, cross-domain report authorization, and staged enforcement;
• MTA-STS, TLS-RPT, MX matching, and DANE considerations for DNSSEC-enabled mail environments;
• Microsoft 365, Google Workspace, inbound gateway, forwarding, mailing list, ARC, and SaaS sender edge cases;
• output safety rules for redacting customer domains, private report addresses, full headers, and report payloads.

It also adds six calibration fixtures:

• 3 vulnerable examples under skills/network/email-security/tests/vulnerable/
• 3 benign examples under skills/network/email-security/tests/benign/

Framework References

Primary references verified as live official sources:

• RFC 9989, DMARC core protocol
• RFC 9990, DMARC aggregate reporting
• RFC 9991, DMARC failure reporting
• RFC 7208, SPF
• RFC 6376, DKIM
• RFC 8461, MTA-STS
• RFC 8460, SMTP TLS Reporting
• CISA DMARC resource and BOD 18-01
• Google Workspace sender and MTA-STS/TLS reporting guidance
• Microsoft Defender for Office 365 email authentication overview

Validation

• git diff --check
• git diff --cached --check
• index.yaml parsed with PyYAML; skill_count=46 matches actual skill entries and all indexed files exist
• frontmatter required-field check across skills/**/SKILL.md and roles/**/SKILL.md
• Markdown code-fence balance check for SKILL.md and all six fixtures
• prohibited prompt-injection pattern scan over skills/network/email-security
• ASCII scan for the new skill subtree
• content marker checks for RFC 9989/9990/9991, SPF, DKIM, DMARC, MTA-STS, TLS-RPT, Microsoft 365, Google Workspace, Not Evaluable guidance, and the domain posture output table
• live reference checks returned HTTP 200 for all twelve references listed in the skill

Bounty Request

Author-tier new skill contribution. Requesting Intermediate consideration ($350) if accepted because this covers multiple provider environments and nuanced false-positive calibration across SPF, DKIM, DMARC, reporting, transport security, gateways, forwarding, mailing lists, and SaaS senders.

Payment details can be shared privately after maintainer acceptance.

[Neustradamus]

@kamalsrini: Why it has been closed?