Ralf Hildebrandt via Mailman-Users writes: > The DMARC record for somenet.org is > "v=DMARC1;p=none;pct=100;rua=mailto:postmas...@somenet.org;mailto:postmas...@somenet.org;ri=3600;fo=1;"; > which is syntactically incorrect. The extra > ";mailto:postmas...@somenet.org"; is wrong, I guess the tag "ruf=" > is missing here!
Seems very likely. > It should probably read > "v=DMARC1;p=none;pct=100;rua=mailto:postmas...@somenet.org;ruf=mailto:postmas...@somenet.org;ri=3600;fo=1;"; > > So, should mm3 somehow "catch" this error somehow? Yes. The parser is in the authheaders package, a 3rd-party package on PyPI. I'll get in touch with the maintainers, but given the season I wouldn't bet on a release soon. Of course you may get lucky with an upgrade if you're not up-to-date (v0.15.3). Upgrade should be safe, the maintainers are reliable authors in this field. The rest of this post is for RFC nerds. :-) > I wonder how a syntactically incorrect DMARC record should be > handled at all Per RFC 7489, Sec. 6.3: A DMARC policy record MUST comply with the formal specification found in Section 6.4 in that the "v" and "p" tags MUST be present and MUST appear in that order. Unknown tags MUST be ignored. Syntax errors in the remainder of the record SHOULD be discarded in favor of default values (if any) or ignored outright. I'm pretty sure the best strategy is to divide the string on ";", check that the first component is exactly "v=DMARC1", the second is a "p=..." specification. If either of those fails, the whole record should be ignored (but the receiver can go ahead and do DMARC processing and make its own decisions based on the result). After that, any component that is not of the form "tag=value" for a tag that is defined in the RFC and a value that is syntactically valid for the tag should be ignored but parsing continues for the remaining components.. There is no default for ruf, so IMO you must ignore it: ruf: ... If not provided, Mail Receivers MUST NOT generate failure reports. Although the evidence for ruf=mailto:postmas...@somenet.org is really strong, given it's the same URL as rua and fo=1; best effort might apply. > (ignore? The whole policy? Definitely not, unless the "v" and "p" tags are missing or syntactically incorrect. Of course it's optional for receivers to participate, but if you participate, best effort is indicated (Sec. 6): A Mail Receiver implementing the DMARC mechanism SHOULD make a best-effort attempt to adhere to the Domain Owner's published DMARC policy when a message fails the DMARC test. ------------------------------------------------------ Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/ Member address: arch...@jab.org
