search

domainaware / checkdmarc

A parser for SPF and DMARC DNS records
https://domainaware.github.io/checkdmarc
Apache License 2.0
251 stars 77 forks source link

Valid policies throwing Exception #75

Closed egobiah closed 1 year ago

egobiah commented 2 years ago

Hi,

According to the formal definition 'dmarc-version = "v" WSP "=" WSP %x44 %x4d %x41 %x52 %x43 %x31' : Whitespaces between the tag and the policy are allowed. As an example this policy should pass your verification : _dmarc.space.hureau.com. IN TXT "v = DMARC1;p=reject; rua=mailto:olivier@hureau.com; ruf=mailto:olivier@hureau.com; fo=1:s:d;"

According to the definition ABNF RFC8234 (https://datatracker.ietf.org/doc/html/rfc5234#section-2.3) : "ABNF strings are case insensitive and the character set for these strings is US-ASCII". Meaning that if the character is not strictly set to US-ASCII both upper and lower cases are accepted.

As a result, according to the the formal definition 'dmarc-version = "v" WSP "=" WSP %x44 %x4d %x41 %x52 %x43 %x31' and 'dmarc-request = "p" WSP "=" WSP ( "none" / "quarantine" / "reject" )' : v or p tag can be upper case and 'p' value is case insensitive. As an example this policy should pass your verification : _dmarc.case.hureau.com IN TXT "v=DMARC1;p=ReJEct; rua=mailto:olivier@hureau.com; ruf=mailto:olivier@hureau.com; fo=1:s:d; _dmarc.pcase.hureau.com IN TXT "V=DMARC1;P=reject; rua=mailto:olivier@hureau.com; ruf=mailto:olivier@hureau.com; fo=1:s:d;

TLDR :

Those lines should not raise an exception because it is valid : 

checkdmarc.parse_dmarc_record("v=DMARC1;p=ReJect;", "")
checkdmarc.parse_dmarc_record("v = DMARC1;p=reject;", "")
checkdmarc.parse_dmarc_record("V=DMARC1;p=reject;", "")

Regards,