CVE-2020-12272 (https://nvd.nist.gov/vuln/detail/CVE-2020-12272): OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
* CVE-2019-20790 Description: "OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field." URL: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 URL: https://sourceforge.net/p/opendmarc/tickets/235/ URL: https://github.com/trusteddomainproject/OpenDMARC/pull/48