search

cisagov / trustymail

Scan domains and return data based on trustworthy email best practices
Creative Commons Zero v1.0 Universal
189 stars 31 forks source link

Incorrect DMARC Check Error #82

Closed malvidin closed 6 years ago

malvidin commented 6 years ago

The RFC states in 6.6.3 item 4 that:

  1. Records that do not start with a "v=" tag that identifies the current version of DMARC are discarded.

The current check only looks at the number of results, not those that start with "v=" and the current DMARC version, "DMARC1".

I recommend inserting something similar to the following before line 352. Any subsequent error about the duplicate DMARC errors will be accurate. [ record for record in records if (record.to_text().startswith('"v=DMARC1;')) ]

https://github.com/dhs-ncats/trustymail/blob/f3209130a930ab5efc4c199daf394f037703ed1a/trustymail/trustymail.py#L350

jsf9k commented 6 years ago

Another great catch, @malvidin! Thank you!