Closed cortesce closed 3 years ago
I would have to agree that I do not like this logic. Currently, should one rua or ruf fail validation, the DMARC is not parsed at all. This seems counter-intuitive as a single failed rua/ruf is not necessarily an issue. Should this not be an appended warning as long as at least one valid rua/rufis specified? Even better, a warning and as another attr, maybe "failed_rua" and "failed_ruf" so someone wanting this information can run standard logic tests against those attributes?
I am using this module to parse DMARC records so a large bulk of domains can be analysed / visualised and so I have had to monkey patch the verification out, otherwise I cannot get a partially parsed record which would be useful to at least see the policy ("reject" etc).
import ast
import inspect
s = inspect.getsource(checkdmarc.parse_dmarc_record)
m = ast.parse(s)
del m.body[0].body[18].body[0].body[2].body[7] # Verify dest
del m.body[0].body[18].body[0].body[2].body[5] # Verify mx
del m.body[0].body[18].body[0].body[2].body[4] # Verify not more than 2
del m.body[0].body[19].body[0].body[2].body[7] # Verify dest
del m.body[0].body[19].body[0].body[2].body[5] # Verify mx
del m.body[0].body[19].body[0].body[2].body[4] # Verify not more than 2
co = compile(m, "<string>", "exec")
exec(co, checkdmarc.__dict__)
Hi, when external domain doesn't resolve in NS, raise a fatal DMARC exception, and looses all the DMARC informatión obtained from domain.
Example Domain: vodafonefastforward.es
Run example: checkdmarc.py vodafonefastforward.es result = checkdmarc.get_dmarc_record('vodafonefastforward.es',include_tag_descriptions=True)
Show all information about NS, MX, ... but about DMARC, only a warning message.
gyro.com does not indicate that it accepts DMARC reports about vodafonefastforward.es - Authorization record not found: vodafonefastforward.es._report._dmarc.gyro.com IN TXT "v=DMARC1"
And not return the information obtained previously in the
v=DMARC1; p=quarantine; pct=5; rua=mailto:barto.herron@gyro.com
I don't know if is a bug. I'm working on it, for don't loose the tags (dict) obtained, even though no external domain validation confirmation.
def verify_dmarc_report_destination(source_domain, destination_domain, nameservers=None, timeout=2.0): """ Checks if the report destination accepts reports for the source domain per RFC 7489, section 7.1
Thanks in advance.