TA-dmarc icon indicating copy to clipboard operation
TA-dmarc copied to clipboard

Published 20 hours ago verified publisher icon jorritfolmer

Attacks on reporting URIs as mentioned in RFC 7489

Open jorritfolmer opened this issue 7 years ago • 2 comments

RFC7489 mentions a number of threats against DMARC reporting URI's in chapter 12.2. Below is a short discussion of the current mitigation scope.

Threat Mitigation
High-volume denial-of-service attacks No: should we handle this? If so: how?
Deliberate construction of malformed reports intended to identify or exploit parsing or processing vulnerabilities Yes: use of defused XML library, and checks against GZ and ZIP bombs
Deliberate construction of reports containing false claims for the Submitter or Reported-Domain fields, including the possibility of false data from compromised but known Mail Receivers. No: should we handle this? If so: how?

Any other threats we should address?

jorritfolmer avatar Dec 24 '17 12:12 jorritfolmer