search

msimerson / mail-dmarc

Mail::DMARC, a complete DMARC implementation in Perl
Other
33 stars 23 forks source link

Disposition is 'reject' but should be 'none' for subdomain #222

Closed lnedry closed 8 months ago

lnedry commented 8 months ago

Disposition is 'reject' but should be 'none' for subdomain

Example:

use Mail::DMARC::PurePerl;
use Data::Dumper;

my $dmarc = Mail::DMARC::PurePerl->new;

$dmarc->envelope_from('trops.infotopnews.com');
$dmarc->header_from('trops.infotopnews.com');
$dmarc->dkim([
    {
        domain      => 'trops.infotopnews.com',
        selector    => 'default',
        result      => 'fail',
    },
] );
$dmarc->spf([
    {   domain => 'trops.infotopnews.com',
        scope  => 'mfrom',
        result => 'permerror',
    },
]);

my $result = $dmarc->validate();
print Dumper($result);

Result:

$VAR1 = bless( {
    'result' => 'fail',
    'disposition' => 'reject',
    'reason' => [],
    'published' => bless( {
        'rua' => 'mailto:rua@trops.infotopnews.com',
        'sp' => 'none',
        'v' => 'DMARC1',
        'ruf' => 'mailto:ruf@trops.infotopnews.com',
        'aspf' => 'r',
        'domain' => 'trops.infotopnews.com',
        'p' => 'reject'
        }, 'Mail::DMARC::Policy' ),
    'spf' => 'fail',
    'dkim' => 'fail'
    }, 'Mail::DMARC::Result' );

Node | v20.11.1 OS | Linux mx 5.10.0-27-amd64 #1 SMP Debian 5.10.205-2 (2023-12-31) x86_64 GNU/Linux Perl (v5.32.1)

msimerson commented 8 months ago

Please explain why you think it should be none.

lnedry commented 8 months ago

The host in the From email address is a subdomain: trops.infotopnews.com. The "sp" tag is "none" for this subdomain.

RFC7489 6.3 - p: ...Policy applies to the domain queried and to subdomains, unless subdomain policy is explicitly described using the "sp" tag.

# dig +short _dmarc.trops.infotopnews.com txt
"v=DMARC1; p=reject; sp=none; aspf=r; ruf=mailto:ruf@trops.infotopnews.com;rua=mailto:rua@trops.infotopnews.com;"
msimerson commented 8 months ago

I think you're confusing the terms domain, subdomain, second level domain, third level domain, etc.

In this case, trops.infotopnews.com is the domain name in question. The fact that it has 3 parts (or levels) is irrelevant. No different than say, bbc.co.uk. Both are domain names. So too is com a domain. It happens to be a special kind of domain, a Top Level Domain, but it's still a valid domain name.

The record you queried applies to the domain trops.infotopnews.com. The DMARC record for trops.infotopnews.com also has a subdomain policy that applies to domains within trops.infotopnews.com, or subdomains of trops.infotopnews.com, which would be *.trops.infotopnews.com.