#107 closed defect (fixed)

DMARCbis should take a stand on multi-valued From fields

Reported by: superuser@… Owned by: todd.herr@…
Priority: minor Milestone: Deliverable #2 (DMARC improvements to better support indirect email flows)
Component: dmarc-bis Version:
Severity: Active WG Document Keywords:
Cc:

Description

RFC 7489 says two things about a multi-valued From field:

1) Most services don't accept these anyway;

2) If you do, run all the domains, and enact the most restrictive result.

The document should take a normative position; if we like (2), take out the commentary on (1).

A second concern, however, is that doing (2) is a possible denial of service attack. I could craft a From field with 1209381 addresses, and the filter implementing DMARC would have to check every one of them. This takes up filter resources as well as doing a large number of DNS queries.

I suggest something like "only if all the domains are the same", or "only if there are no more than N distinct domain names" for some small (or at least configurable) value of N.

Change History (5)

comment:1 Changed 20 months ago by todd.herr@…

  • Owner set to todd.herr@…
  • Status changed from new to assigned

comment:2 Changed 20 months ago by todd.herr@…

  • Status changed from assigned to started

comment:3 Changed 20 months ago by todd.herr@…

  • Status changed from started to infoneeded

Proposed new text. Stand taken is "only if all domains are the same".

Pushed to github and merged with main branch.

comment:4 Changed 18 months ago by todd.herr@…

  • Status changed from infoneeded to assigned

Closing ticket, and letting overall discussion of issue play out in context of ongoing document review.

comment:5 Changed 18 months ago by todd.herr@…

  • Resolution set to fixed
  • Status changed from assigned to closed
Note: See TracTickets for help on using tickets.