DMARC mailto schema should be required

[patrickbenkoetter]

Currently the internet.nl tool does not detect erroneous URIs in rua or ruf tags and in consequence it doesn't mark the test as failure. Instead it reports the DMARC DNS resource record to be valid and flags the test as passed. But specifying a valid URI is a mandatory RFC requirement:

A Mail Receiver MUST implement support for a "mailto:" URI, i.e., the ability to send a DMARC report via electronic mail.
If not provided, Mail Receivers MUST NOT generate failure reports.
-- RFC 7489: 6.3 General Record Format

An invalid DMARC DNS record is a problem, because if the URI is missing, any RFC compliant mail receiver will not send a report and the senderdomain owner will not be able to detect abuse of the senderdomain. Therefore the whole concept to protect a senderdomain with DMARC fails.

The reason internet.n doesn't detect the error probably stems from the fact that the Python standard library urlparse-function, used by internet.nl, doesn't return an error if the URI is missing:

>>> urlparse("[email protected]")
>>> urlparse("mailto:[email protected]")

internet.nl therefore doesn't take notice and subsequently it doesn't mark the DNS Resource Record to be invalid.

RFC 7489 specifies one but only one valid URI any mail receiver MUST support which is mailto:.

Examples for valid rua URIs are:

v=DMARC1; p=none; rua=mailto:[email protected]
v=DMARC1; p=none; rua=mailto:[email protected],mailto:[email protected],
    mailto:[email protected]

Examples for invalid rua URIs would be:

v=DMARC1; p=none; [email protected]
v=DMARC1; p=none; rua=mailto:[email protected],[email protected],
    [email protected]

We believe this is an error and we think it should be fixed. internet.nl should detect an URI error and flag the corresponding test as failed so that people can notice there's something important wrong.

[bwbroersma]

Also because of other DMARC parsing issues:

• DMARC whitespace #1114

It might be interesting to use an ABNF regex generator package instead. Note there is a package that already encoded RFC 7489 - DMARC, plus uses the referenced RFC's to parse other elements like URI's etc.

[uwekamper]

I added a small PR to fix this particular problem. All it does is checking if URI that is parsed by Python's own urllib.parse contains a scheme (parsed.scheme is not "").

See the PR here: #1493