Closed gavsto closed 1 year ago
The p=
tag is active for the top-level domain and also for the subdomains unless the sp=
tag is specified. The sp=
tag is active only for the subdomains. I agree that the top level, the p=
tag can on reject
, and that the script gives a secure DMARC-record output, while the policy for the subdomain may be configured to none
, which is insecure. I will write an update on the script to validate the sp=
tag separately from the =p
tag.
Fixed in version 1.5.2
I've actually been writing a similar project elsewhere and a friend linked me to yours.
On Line 53 you are doing a regex switch for p=reject. Unfortunately, sp=reject is also a valid tag so your switch can potentially trigger even if DMARC is not set to reject. Just thought I'd let you know.