[opendmarc-users] Does my opendmarc 1.3.2 parse domains correctly?
Juri Haberland
juri at sapienti-sat.org
Thu Mar 30 04:25:33 PDT 2017
Dominic Raferd wrote:
> I am puzzled looking at the Authentication-Results headers generated by
> mx.google.com compared with our own (timedicer.co.uk) in a recent incoming
> email (text slightly obfuscated):
>
> Return-Path: <conso at skimium.emv5.com>
> ...
> Authentication-Results: mx.google.com;
> dkim=pass header.i=@emv5.com;
> spf=fail (google.com: domain of conso at skimium.emv5.com does not
> designate 163.131.228.222 as permitted sender) smtp.mailfrom=
> conso at skimium.emv5.com;
> dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=emv5.com
> Authentication-Results: timedicer.co.uk/3DEFB428BB; dmarc=pass (p=none
> dis=none) header.from=skimium.emv5.com
> ...
> From: "Skimium.com" <conso at skimium.emv5.com>
> [...] But I am puzzled that - for dmarc -
> mx.google.com has header.from=emv5.com whereas my server (timedicer.co.uk)
> has header.from=skimium.emv5.com. In this case it made no difference (sp
> policy matches p policy, both are NONE), but does this mean my server is
> not parsing the domain name correctly?
Why do you think OpenDMARC does it wrong? Looking at section 11.1 of the
RFC7489 (https://tools.ietf.org/html/rfc7489#page-42) the header.from field
should have:
> Value: the domain portion of the RFC5322.From field
I read this as the compelete domain part or in your case "skimium.emv5.com",
not the parent domain "emv5.com".
So, IMHO Google has it wrong...
Juri
More information about the opendmarc-users
mailing list