Add warning if sp tag is explicitly set for a subdomain

jsf9k · jsf9k · commit 3c1e8f1abaf5 · 2019-04-25T10:06:08.000-04:00
This isn't an error, but according to RFC7489, "'sp' will be ignored for DMARC records published on subdomains of Organizational Domains due to the effect of the DMARC policy discovery mechanism." Therefore we want to warn users that the sp tag they have explicitly set is probably not doing what they intended. See here for more details: https://tools.ietf.org/html/rfc7489#section-6.3
diff --git a/trustymail/trustymail.py b/trustymail/trustymail.py
@@ -493,6 +493,11 @@ def dmarc_scan(resolver, domain):
                 value = options.split('=')[1].strip()
                 tag_dict[tag] = value
 
+            # Before we set sp=p if it is not explicitly contained in
+            # the DMARC record, log a warning if it is explicitly set
+            # for a subdomain of an organizational domain.
+            if 'sp' in tag_dict and not domain.is_base_domain:
+                handle_error('[DMARC]', domain, 'Warning: The sp tag will be ignored for DMARC records published on subdomains. See here for details:  https://tools.ietf.org/html/rfc7489#section-6.3.', syntax_error=False)
             if 'p' not in tag_dict:
                 msg = 'Record missing required policy (p) tag'
                 handle_syntax_error('[DMARC]', domain, '{0}'.format(msg))
