OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication
results to provide false information about the domain that originated an
e-mail message. This is caused by incorrect parsing and interpretation of
SPF/DKIM authentication results, as demonstrated by the
"OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field."