dmarc: implement RFC 7489 org-domain fallback and RFC 9091 PSD DMARC

DMARC lookup now follows the full RFC 7489 §6.6.3 fallback chain: exact From domain → organizational domain (eTLD+1 via PSL) → public suffix domain (RFC 9091, only when psd=y is present). DNS errors abort immediately without triggering fallback; NXDOMAIN and missing v=DMARC1 records do trigger it. The found domain is exposed in the new DMARCRecord.domain field for reporting purposes. Also promote getOrganizationalDomain to a package-level function so both HeaderAnalyzer and DNSAnalyzer can share it, and fix pre-existing rbl_test.go compilation errors and stale score expectations. Closes: #98
2026-05-18 15:33:27 +08:00 · 2026-05-18 15:33:27 +08:00 · 1516991057
commit 1516991057
parent 0de67af847
7 changed files with 295 additions and 57 deletions
--- a/api/schemas.yaml
+++ b/api/schemas.yaml
@ -891,6 +891,10 @@ components:
          type: string
          description: DMARC record content
          example: "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"
+        domain:
+          type: string
+          description: Domain at which the DMARC record was found (may differ from From domain when organizational domain fallback was used)
+          example: "example.com"
        policy:
          type: string
          enum: [none, quarantine, reject, unknown]