[dmarc-ietf] ABNF errors on RFC7489 and dmarcbis-07

Thu, 21 Apr 2022 08:41:02 -0700 

Hello,

I am doing some research related to DMARC and I found some errors in the 
RFC7489 and dmarcbis-07 for ABNF rules

- dmarc-percent RFC7489 :
The rule 'dmarc-percent = "pct" *WSP "=" *WSP 1*3DIGIT' allow '999' as a value.
a corretion could be : 'dmarc-percent = "pct" *WSP "=" *WSP ("100" / 1*2DIGIT)'

- dmarc-record RFC7489 :
The rule 'dmarc-record = dmarc-version dmarc-sep
                       [dmarc-request]
                       [dmarc-sep dmarc-srequest]
                       [dmarc-sep dmarc-auri]
                       [dmarc-sep dmarc-furi]
                       [dmarc-sep dmarc-adkim]
                       [dmarc-sep dmarc-aspf]
                       [dmarc-sep dmarc-ainterval]
                       [dmarc-sep dmarc-fo]
                       [dmarc-sep dmarc-rfmt]
                       [dmarc-sep dmarc-percent]
                       [dmarc-sep]'
have dmarc-request as optional but in 6.3 it says that p is "required"

Then i did take a look at draft-ietf-dmarc-dmarcbis-07 and the problem is still 
there :

- dmarc-record dmarcbis-07 !
'darc-record    = dmarc-version dmarc-sep *(dmarc-tag dmarc-sep)
 dmarc-tag       = dmarc-request /
                       dmarc-test /
                       dmarc-psd /
                       dmarc-sprequest /
                       dmarc-nprequest /
                       dmarc-adkim /
                       dmarc-aspf /
                       dmarc-auri /
                       dmarc-furi /
                       dmarc-fo /
                       dmarc-rfm'

Should be replaced by :

'dmarc-record    = dmarc-version dmarc-sep dmarc-request dmarc-sep *(dmarc-tag 
dmarc-sep)
dmarc-tag       =      dmarc-test /
                       dmarc-psd /
                       dmarc-sprequest /
                       dmarc-nprequest /
                       dmarc-adkim /
                       dmarc-aspf /
                       dmarc-auri /
                       dmarc-furi /
                       dmarc-fo /
                       dmarc-rfm'

Moreover, On rfc7489 the last "dmarc-sep" is optional meaning that for all txt 
records
such as the one for gmail.com"v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com"; the system administrator must add a ";" at the end. To avoid this source of error i suggest to change the ABNF as : dmarc-record = dmarc-version dmarc-sep dmarc-request *( dmarc-sep dmarc-tag ) [ dmarc-sep ] 
- dmarc-fo dmarcbis-07 :
the rule '  dmarc-fo = "fo" *WSP "=" *WSP ( "0" / "1" / ( "d" / "s" / "d:s" / 
"s:d" ) )' does not allow the user to have both DMARC failure report
and DKIM/SPF failure report at the same time as '0:d', '1:d' is not allowed.

Best regards,

Olivier HUREAU
---
PhD Student
Laboratoire Informatique Grenoble - UGA - Drakkar

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to