Skip to content

DMARC: pct= tag not enforced #103

Closed
Closed
DMARC: pct= tag not enforced#103
Labels
area:securitySPF/DKIM/DMARC, TLSeffort:SA few hoursprio:P1Highstatus:reviewWaiting for reviewtype:securitySecurity issue or hardening
@Jaro-c

Description

@Jaro-c
Jaro-c
opened on Jun 10, 2026

RFC 7489 §6.6.2 requires that messages outside the pct= percentile be treated as if policy were none, effectively downgrading enforcement. Currently pct= is parsed but silently discarded — every failing message is rejected/quarantined regardless of the percentage.

Fix: parse pct= into Record, apply sampling in evaluate() via ring::rand::SystemRandom. Non-numeric values are a parse error (permerror).

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:securitySPF/DKIM/DMARC, TLSeffort:SA few hoursprio:P1Highstatus:reviewWaiting for reviewtype:securitySecurity issue or hardening

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions