Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#56 Enforce RFC5322 3.6.2 and a few checks on From: header

1.1.3
closed
None
2014-03-15
2013-08-21
Franck Martin
No

Like for openDKIM there should be a switch on by default to enforce required headers occurrence in RFC5322 3.6.2

ref: http://www.opendkim.org/opendkim.conf.5.html set RequiredHeaders to ON

Additionally:
-There should be a switch to ensure, at least one domain name can be extracted from the From: header
-There should be a switch to ensure all the domain names present in the From: header are of the same organizational domain
-There should be a switch to ensure domain names in the From: header are emailable (presence of MX, A or AAAA)

Related

Tickets: #56

Discussion

  • In the multiple From case, I think it would make more sense to process them all and then take the one that has the most negative result.

     
  • Franck Martin
    Franck Martin
    2013-08-22

    Multiple From headers are illegal as per standard. There are no reason to accept them.

    Same an email with no From header is illegal as per standard, again there is no reason as to accept such email

    For multiple emails in one single From header, there are various strategies. I have yet to see in the wild a valid case (not a bug) of multiple mailboxes in From:

    Toute connaissance est une réponse à une question.

    On Aug 21, 2013, at 11:35, "Scott Kitterman" kitterma@users.sf.net wrote:

    In the multiple From case, I think it would make more sense to process them all and then take the one that has the most negative result.

    [tickets:#56] Enforce RFC5322 3.6.2 and a few checks on From: header

    Status: open
    Created: Wed Aug 21, 2013 06:08 PM UTC by Franck Martin
    Last Updated: Wed Aug 21, 2013 06:08 PM UTC
    Owner: nobody

    Like for openDKIM there should be a switch on by default to enforce required headers occurrence in RFC5322 3.6.2

    ref: http://www.opendkim.org/opendkim.conf.5.html set RequiredHeaders to ON

    Additionally:
    -There should be a switch to ensure, at least one domain name can be extracted from the From: header
    -There should be a switch to ensure all the domain names present in the From: header are of the same organizational domain
    -There should be a switch to ensure domain names in the From: header are emailable (presence of MX, A or AAAA)

    Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/opendmarc/tickets/56/

    To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

     

    Related

    Tickets: #56

  • Can you explain why we'd want the second one (for a multi-valued From: field, why should we require all the domains to have the same OD)?

    The third one falls well outside the proposed standard and could introduce enough latency to be a problem. Definitely needs to be off-by-default.

     
    • status: open --> accepted
     
  • Franck Martin
    Franck Martin
    2013-08-29

    2) is just a facility, it simplify the policy decision when there are multiple domains. If all are in the same OD (may be in fact they should be identical), then only one DMARC policy may apply. I have not encountered in the wild a From with multiple domains that made sense...

    3) you can circumvent DMARC easily by just adding one letter to the domain name, it looks close enough and does not need to be emailable, or even in the DNS. This get people easily confused. Besides there is no domain to go after...

    On Aug 28, 2013, at 12:41 PM, Murray S. Kucherawy cm-msk@users.sf.net wrote:

    Can you explain why we'd want the second one (for a multi-valued From: field, why should we require all the domains to have the same OD)?

    The third one falls well outside the proposed standard and could introduce enough latency to be a problem. Definitely needs to be off-by-default.

    [tickets:#56] Enforce RFC5322 3.6.2 and a few checks on From: header

    Status: open
    Created: Wed Aug 21, 2013 06:08 PM UTC by Franck Martin
    Last Updated: Wed Aug 21, 2013 06:35 PM UTC
    Owner: nobody

    Like for openDKIM there should be a switch on by default to enforce required headers occurrence in RFC5322 3.6.2

    ref: http://www.opendkim.org/opendkim.conf.5.html set RequiredHeaders to ON

    Additionally:
    -There should be a switch to ensure, at least one domain name can be extracted from the From: header
    -There should be a switch to ensure all the domain names present in the From: header are of the same organizational domain
    -There should be a switch to ensure domain names in the From: header are emailable (presence of MX, A or AAAA)

    Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/opendmarc/tickets/56/

    To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

     

    Related

    Tickets: #56

  • The main request plus your first "Additionally" are now done for 1.2.0. I'm thinking about the best way to deal with the other two parts of the request. They may go into a later version. I'll ping the opendmarc-users list about them for other advice.

     
    • assigned_to: Murray S. Kucherawy
     
  • Franck, can you please create additional tickets for each of the following, as I'd like to track them separately (they may not make it into 1.2.0, depending on time and effort needed):

    1) Option to reject multi-valued From messages

    2) Option to reject multi-valued From messages unless all of the domains have the same Organizational Domain

    3) Option to ensure that all domains in the From: field have MX, A, or AAAA records

     
  • Franck Martin
    Franck Martin
    2014-01-02

    Not keen on 1), 2) is better.

    I opened 62,63,and 64.

     
  • v1.2.0 released.

     
    • status: accepted --> closed