<policy_published><domain> in aggregate reports uses report domain rather than policy published domain

Question

<policy_published><domain> in aggregate reports uses report domain rather than policy published domain

jikamens opened this issue 3 years ago · 1 comments

From https://sourceforge.net/p/opendmarc/tickets/207/:

When sending aggregate reports, the domain used inside <policy_published> should be (per RFC 7490) "The domain at which the DMARC record was found.". The report always uses the from_domain. However, the DMARC record might be found at a parent domain.

The correct domain, I assume, is supposed to be recorded through the "policy_domain" field in the "messages" table. The opendmarc-import script doesn't set that field, and opendmarc-reports justs uses the "domain" field in the "requests" table, wich is set to the "from" domain. Here's a patch to 1.3.2 that resolves this issue.

There's a patch in the Sourceforge ticket. The first half of the patch was already applied in another commit, but the second half of the patch, to fix opendmarc-reports.in to actually use the correct domain, was never applied. Please fix this.

Note that this problem is being actively discussed on the dmarc-discuss@dmarc.org list with OpenDMARC specifically called out as an aggregate report generator that is doing this wrong.

Answer 1 · 2021-12-20T18:56:12.000Z

Source forge is a complicated thing but I’ll see if I can go find that ticket and merge the rest of it into our develop branch in the next day or so.

…

-Dan

Sent from my iPhone

On Dec 20, 2021, at 09:10, Jonathan Kamens ***@***.***> wrote: From https://sourceforge.net/p/opendmarc/tickets/207/: When sending aggregate reports, the domain used inside <policy_published> should be (per RFC 7490) "The domain at which the DMARC record was found.". The report always uses the from_domain. However, the DMARC record might be found at a parent domain. The correct domain, I assume, is supposed to be recorded through the "policy_domain" field in the "messages" table. The opendmarc-import script doesn't set that field, and opendmarc-reports justs uses the "domain" field in the "requests" table, wich is set to the "from" domain. Here's a patch to 1.3.2 that resolves this issue. There's a patch in the Sourceforge ticket. The first half of the patch was already applied in another commit, but the second half of the patch, to fix opendmarc-reports.in to actually use the correct domain, was never applied. Please fix this. Note that this problem is being actively discussed on the ***@***.*** list with OpenDMARC specifically called out as an aggregate report generator that is doing this wrong. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.