[opendmarc-users] Does my opendmarc 1.3.2 parse domains correctly?

Juri Haberland juri at sapienti-sat.org
Thu Mar 30 04:25:33 PDT 2017


Dominic Raferd wrote:

> I am puzzled looking at the Authentication-Results headers generated by
> mx.google.com compared with our own (timedicer.co.uk) in a recent incoming
> email (text slightly obfuscated):
>
> Return-Path: <conso at skimium.emv5.com>
> ...
> Authentication-Results: mx.google.com;
>        dkim=pass header.i=@emv5.com;
>        spf=fail (google.com: domain of conso at skimium.emv5.com does not
> designate 163.131.228.222 as permitted sender) smtp.mailfrom=
> conso at skimium.emv5.com;
>        dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=emv5.com
> Authentication-Results: timedicer.co.uk/3DEFB428BB; dmarc=pass (p=none
> dis=none) header.from=skimium.emv5.com
> ...
> From: "Skimium.com" <conso at skimium.emv5.com>

> [...] But I am puzzled that - for dmarc -
> mx.google.com has header.from=emv5.com whereas my server (timedicer.co.uk)
> has header.from=skimium.emv5.com. In this case it made no difference (sp
> policy matches p policy, both are NONE), but does this mean my server is
> not parsing the domain name correctly?

Why do you think OpenDMARC does it wrong? Looking at section 11.1 of the
RFC7489 (https://tools.ietf.org/html/rfc7489#page-42) the header.from field
should have:
> Value:  the domain portion of the RFC5322.From field

I read this as the compelete domain part or in your case "skimium.emv5.com",
not the parent domain "emv5.com".

So, IMHO Google has it wrong...

  Juri




More information about the opendmarc-users mailing list