Hello, Olivier, and thank you for your email. Per RFC 7489, dmarc-request isn't actually required for some valid DMARC records.
I direct your attention to https://datatracker.ietf.org/doc/html/rfc7489#section-7.1, Verifying External Destinations, in which a third-party domain that is going to receive reports for a different domain is directed to publish a DMARC record that contains only "v=DMARC1;". On Thu, Apr 21, 2022 at 11:40 AM Olivier Hureau < olivier.hur...@univ-grenoble-alpes.fr> wrote: > Hello, > > I am doing some research related to DMARC and I found some errors in the > RFC7489 and dmarcbis-07 for ABNF rules > > - dmarc-percent RFC7489 : > The rule 'dmarc-percent = "pct" *WSP "=" *WSP 1*3DIGIT' allow '999' as a > value. > a corretion could be : 'dmarc-percent = "pct" *WSP "=" *WSP ("100" / > 1*2DIGIT)' > > - dmarc-record RFC7489 : > The rule 'dmarc-record = dmarc-version dmarc-sep > [dmarc-request] > [dmarc-sep dmarc-srequest] > [dmarc-sep dmarc-auri] > [dmarc-sep dmarc-furi] > [dmarc-sep dmarc-adkim] > [dmarc-sep dmarc-aspf] > [dmarc-sep dmarc-ainterval] > [dmarc-sep dmarc-fo] > [dmarc-sep dmarc-rfmt] > [dmarc-sep dmarc-percent] > [dmarc-sep]' > have dmarc-request as optional but in 6.3 it says that p is "required" > > Then i did take a look at draft-ietf-dmarc-dmarcbis-07 and the problem is > still there : > > - dmarc-record dmarcbis-07 ! > 'darc-record = dmarc-version dmarc-sep *(dmarc-tag dmarc-sep) > dmarc-tag = dmarc-request / > dmarc-test / > dmarc-psd / > dmarc-sprequest / > dmarc-nprequest / > dmarc-adkim / > dmarc-aspf / > dmarc-auri / > dmarc-furi / > dmarc-fo / > dmarc-rfm' > > Should be replaced by : > > 'dmarc-record = dmarc-version dmarc-sep dmarc-request dmarc-sep > *(dmarc-tag dmarc-sep) > dmarc-tag = dmarc-test / > dmarc-psd / > dmarc-sprequest / > dmarc-nprequest / > dmarc-adkim / > dmarc-aspf / > dmarc-auri / > dmarc-furi / > dmarc-fo / > dmarc-rfm' > > Moreover, On rfc7489 the last "dmarc-sep" is optional meaning that for all > txt records > such as the one for gmail.com "v=DMARC1; p=none; sp=quarantine; > rua=mailto:mailauth-repo...@google.com <mailauth-repo...@google.com>" the > system administrator > must add a ";" at the end. To avoid this source of error i suggest to change > the ABNF as :dmarc-record = dmarc-version dmarc-sep dmarc-request *( > dmarc-sep dmarc-tag ) [ dmarc-sep ] > - dmarc-fo dmarcbis-07 : > the rule ' dmarc-fo = "fo" *WSP "=" *WSP ( "0" / "1" / ( "d" / "s" / "d:s" / > "s:d" ) )' does not allow the user to have both DMARC failure report > and DKIM/SPF failure report at the same time as '0:d', '1:d' is not allowed. > > Best regards, > > Olivier HUREAU > --- > PhD Student > Laboratoire Informatique Grenoble - UGA - Drakkar > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.h...@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
