Open patrickbenkoetter opened 1 month ago
bwbroersma
commented
3 weeks ago Also because of other DMARC parsing issues:
It might be interesting to use an ABNF regex generator package instead. Note there is a package that already encoded RFC 7489 - DMARC, plus uses the referenced RFC's to parse other elements like URI's etc.
uwekamper
commented
1 week ago I added a small PR to fix this particular problem. All it does is checking if URI that is parsed by Python's own urllib.parse contains a scheme (parsed.scheme is not "").
See the PR here: https://github.com/internetstandards/Internet.nl/pull/1493
Currently the internet.nl tool does not detect erroneous URIs in rua or ruf tags and in consequence it doesn't mark the test as failure. Instead it reports the DMARC DNS resource record to be valid and flags the test as passed. But specifying a valid URI is a mandatory RFC requirement:
An invalid DMARC DNS record is a problem, because if the URI is missing, any RFC compliant mail receiver will not send a report and the senderdomain owner will not be able to detect abuse of the senderdomain. Therefore the whole concept to protect a senderdomain with DMARC fails.
The reason internet.n doesn't detect the error probably stems from the fact that the Python standard library
urlparse-function, used by internet.nl, doesn't return an error if the URI is missing:internet.nl therefore doesn't take notice and subsequently it doesn't mark the DNS Resource Record to be invalid.
RFC 7489 specifies one but only one valid URI any mail receiver MUST support which is
mailto:.Examples for valid rua URIs are:
Examples for invalid rua URIs would be:
We believe this is an error and we think it should be fixed. internet.nl should detect an URI error and flag the corresponding test as failed so that people can notice there's something important wrong.