dmarc: add support for np= non-existent subdomain policy tag

Implements parsing, scoring, CLI output, and UI display for the DMARC np= tag (DMARCbis draft-ietf-dmarc-dmarcbis), which controls policy for NXDOMAIN subdomains independently of sp=. The score deducts 15 points from the base and awards them back when np= is absent (good default) or its strength is equal to or stricter than the effective sp=/p= policy.
2026-05-18 16:03:35 +08:00 · 2026-05-18 16:03:35 +08:00 · 3161e392e8
commit 3161e392e8
parent 1516991057
5 changed files with 159 additions and 31 deletions
--- a/api/schemas.yaml
+++ b/api/schemas.yaml
@ -905,6 +905,11 @@ components:
          enum: [none, quarantine, reject, unknown]
          description: DMARC subdomain policy (sp tag) - policy for subdomains if different from main policy
          example: "quarantine"
+        nonexistent_subdomain_policy:
+          type: string
+          enum: [none, quarantine, reject, unknown]
+          description: DMARC non-existent subdomain policy (np tag) - policy for non-existent subdomains (NXDOMAIN); defaults to sp= or p= if absent
+          example: "reject"
        percentage:
          type: integer
          minimum: 0