Emails can include /\![\d]+[\s]/

[jpstevens]

I'm getting a false positive for the following DMARC record:

v=DMARC1; p=none; sp=none; rua=mailto:dmarc-rua@csirt.tfl.gov.uk!30m,mailto:dmarc-rua@dmarc.service.gov.uk; ruf=mailto:dmarc-ruf@csirt.tfl.gov.uk!30m; pct=100; ri=86400

The output message is:

Invalid email address in 'rua': 'dmarc-rua@csirt.tfl.gov.uk!30m'

According to RFC7489:

Each URI can have associated with it a maximum report size that may be sent to it. This is accomplished by appending an exclamation point (ASCII 0x21), followed by a maximum-size indication, before a separating comma or terminating semicolon.

Thus, a DMARC URI is a URI within which any commas or exclamation points are percent-encoded per [URI], followed by an OPTIONAL exclamation point and a maximum-size specification, and, if there are additional reporting URIs in the list, a comma and the next URI.

For example, the URI "mailto:reports@example.com!50m" would request that a report be sent via email to "reports@example.com" so long as the report payload does not exceed 50 megabytes.

https://tools.ietf.org/html/rfc7489#section-6.2

[niftylettuce]

Can this be fixed? I would award a bug bounty