[opendmarc-users] Unable to parse From header field

Murray S. Kucherawy msk at blackops.org
Wed May 20 11:25:17 PDT 2015


On Wed, 20 May 2015, Urban Loesch wrote:
> May 19 10:05:28 mil1 opendkim[5429]: 3lrVBc5GtLz11LwX: mail.isp55.de [213.139.150.150] not internal
> May 19 10:05:28 mil1 opendkim[5429]: 3lrVBc5GtLz11LwX: not authenticated
> May 19 10:05:28 mil1 opendmarc[519]: 3lrVBc5GtLz11LwX: unable to parse From header field
> ...
>
> After some searching I found out that opendmarc does not recognize some combinations in the "From:" field.
>
> For example:
>
> ...
> From: "paket at dhl.com" <hkmlease>
> ...
> or
> ...
> From: ''paket at dhl.com'' <hkmlease>
> (strange windows like double quote signs)
> ...
>
> passes the filter without getting blocked.
>
> I'm still waiting for the original mail from my customer for further analysis.
>
> This behaviour makes it easy to create some crappy formatted mail to bypass opendmarc.
> I have no idea if this is bug or not. What do you think about it?

I would imagine the idea here is that some other component of your mail 
system would identify such a message as clearly bogus and reject it, 
independent of DMARC.

What do others think?  We could easily add an option that will cause 
OpenDMARC to request rejection of messages where From is unparseable.

-MSK


More information about the opendmarc-users mailing list