Re: [dmarc-discuss] DMARC implementation

Tue, 07 May 2013 20:00:54 -0700 

On 08.05.2013 4:36, Matt Simerson wrote:


There is this DMARC plugin that is a Qpsmtpd plugin, in perl:


Thanks for the tips; will take a look at your code :-)


We are both running DMARC in production but neither Davide's nor my
modules have the reporting elements completed. I'm writing the report
aggregation functions right now.


I'm planning to write my own; it won't require an external
database.

...cut...


Additionally, if SPF/DKIM check passed it has to pass the
appropriate "alignment" test - this is the new part which was
introduced in DMARC.


Aye.



Thank you for the answers; I had read the draft proposal but some things 
were not clear to me, however I'm glad I was right in my assumptions...



The final result of the DMARC check can be either pass or fail
(when both SPF and DKIM failed, or when SPF passed but SPF
alignment failed, or DKIM passed but alignment failed), no neutral
result. Or what?


https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1

 Section 4.3. It answers your question in precise detail.



Unfortunately it doesn't answer my question directly or I just don't 
understand it. So a yes/no answer would be appreciated :-)



When a message has non-existent/invalid/etc domain in From, should
it be treated as failed the DMARC test, or DMARC is not applicable
here?


https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/?include_text=1

 Section 15.1:

The absence of a single, properly-formed RFC5322.From field renders
the message invalid.


The question was not about From in general but about a domain in it; for

example right now my DMARC test catches lots of Japanese spam with 
From's like this one:

 From: "=?ISO-2022-JP?B?IBskQkFqQnQbKEIgGyRCQ1I6OxsoQiAg?=" 
<eijmynwzuqi...@gotdns.org>



It presents and the syntax is correct but my program fails to find the 
organizaitonal domain for "gotdns.org" since it's in public domain 
suffix list (I use one from

http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat).

However the domain exists, has A and MX records and theoretically can 
send and receive mail. Not to mention simply non-existent domains...


--
Roman
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)























					Reply via email to