CVE-2020-12272 - OpenDMARC through 1.3.2 and 1.4.x allows attacks
that inject authentication results to provide false information 
about the domain that originated an e-mail message.  This is caused
by incorrect parsing and interpretation of SPF/DKIM authentication 
results, as demonstrated by the "example.net(.example.com" substring.

Link: https://nvd.nist.gov/vuln/detail/CVE-2020-12272

Resolution: OpenDMARC has added checking to validate that the domain
element in both SPF and DKIM header fields being inspected contains 
only valid domain name characters.  This has been fixed as of
OpenDMARC 1.4.1 (April 2021).  While not mentioned in the CVE, fixes 
are in a soon-to-be released branch of OpenDKIM as well so that a
signature bearing such a domain will be considered invalid.
