[opendmarc-users] Question about domain parsing
Juri Haberland
juri at sapienti-sat.org
Fri Jun 17 12:20:34 PDT 2016
On 16.06.2016 19:51, l at avc.su wrote:
> Hello.
Hi,
> I've noticed that if 'From' header has email in form 'some at contoso.com + ',
> OpenDMARC parses it as usual, and accepts the message. It gives a possible
> vector for impersonation attacks.
> Is there any setting in OpenDMARC to drop or mark such messages?
I would have thought that it would fail on such a From: header, at least if
RequiredHeaders is true (or - if patched - RejectRequiredHeadersFailures is
true).
I'd consider this a bug.
Please be so kind and open a bug report.
Cheers,
Juri
More information about the opendmarc-users
mailing list