Am 04.10.19 um 16:40 schrieb Grant Taylor:
> On 10/4/19 6:43 AM, A. Schulze wrote:
>> that happen from time to time but currently I suspect the sender like to
>> trigger a Bug in OpenDMARC to generate dmarc=pass for messages that
>> otherwise would be classified as dmarc=reject.
>
> Based on my understanding of DMARC, which could be wrong, I don't think this
> is a bug in OpenDMARC, as an implementation, but rather an unexpected
> behavior around the DMARC standard.
>
> My understanding is that the DMARC standard is to check alignment of the
> From: address, which means the part inside angle brackets, outside of the
> optional double quoted friendly name.
>
> From: "John Doe <j...@example.net>" <doe.j...@example.com>
>
> Thus DMARC is supposed to /only/ check <doe.j...@exmaple.com> and /not/ check
> <j...@example.net>.
Hi Grant,
Maybe we're talking about different things :-) The OpenDMARC bug could be
triggered by this RFC5322.From:
From: user <user@yahoo.example>, user <user@badguy.example>
Mallory could send a message which authenticates as badguy.example but
OpenDMARC report "dmarc=pass domain=yahoo.example"
That's fixed with
https://github.com/trusteddomainproject/OpenDMARC/pull/48/commits/f6b615e345037408b88b2ffd1acd03239af8a858
But back to SA:
there is a difference between this comma separated list and the display name
containing a second address ...
Andreas
