Open AndreyMZ opened 1 year ago
Where in the RFC does it say that clients MUST fail the full authentication results when any method fails?
If the RFC doesnt specify that, wdyt about adding a strict mode? Also see #59
DMARC is not in line with with DKIM and SPF. It is above them.
Probably you were searching for this part of the RFC: https://datatracker.ietf.org/doc/html/rfc7489#section-4.2
A message satisfies the DMARC checks if at least one of the supported authentication mechanisms:
- produces a "pass" result, and
- produces that result based on an identifier that is in alignment, as defined in Section 3.
So, it does not matter how many authentication mechanisms (DKIM, SPF) produces a "pass" result until at least one of them validates the domain in the RFC5322.From address.
Problem description
The authres_status plugin violates RFC 7489 "Domain-based Message Authentication, Reporting, and Conformance (DMARC)"!
Steps to reproduce
Receive an email message with the following headers:
Actual result
The status is:
Expected result
The status is:
Additional information
This issue is has been created as the fix for https://github.com/pimlie/authres_status/issues/42 is incomplete.