[opendmarc-users] Question about domain parsing

Juri Haberland juri at sapienti-sat.org
Fri Jun 17 12:20:34 PDT 2016


On 16.06.2016 19:51, l at avc.su wrote:
> Hello.

Hi,

> I've noticed that if 'From' header has email in form 'some at contoso.com + ', 
> OpenDMARC parses it as usual, and accepts the message. It gives a possible 
> vector for impersonation attacks.
> Is there any setting in OpenDMARC to drop or mark such messages?

I would have thought that it would fail on such a From: header, at least if
RequiredHeaders is true (or - if patched - RejectRequiredHeadersFailures is
true).
I'd consider this a bug.

Please be so kind and open a bug report.

Cheers,
  Juri



More information about the opendmarc-users mailing list