|Summary:||Mail::SPF returns apparently defunct explanation URL for SPF failures|
|Product:||Spamassassin||Reporter:||John Hardin <jhardin>|
|Component:||Plugins||Assignee:||SpamAssassin Developer Mailing List <dev>|
|Version:||SVN Trunk (Latest Devel Version)|
Description John Hardin 2019-08-23 18:12:59 UTC
When SPF fails, the generated SA rule hit header contains a URL for explaining the rejection, for example: SPF_FAIL SPF: sender does not match SPF record (fail) * [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=wondersofalaska%40teesfortogo.com;ip=22.214.171.124;r=ga.impsec.org] The openspf.net (and openspf.org) websites appear to be having long-term reachability issues and may be defunct, so this URL isn't currently very useful. If openspf.net *is* defunct, we should provide an analysis URL that works, or not provide it at all. The URL is currently the default as provided by Mail::SPF (which is fairly old now). It is possible to override it - see https://metacpan.org/pod/Mail::SPF::Server An upstream bug should probably be filed with CPAN to get the default fixed, but that doesn't help current SA installs, so we should probably override anyway.
Comment 1 John Hardin 2019-08-23 18:23:01 UTC
Comment 2 Brian Kendig 2021-08-06 14:36:43 UTC
It looks like openspf.org has been replaced by open-spf.org, which does have a "Why" page in place: http://www.openspf.org/Why If this is a legitimate site, then all that needs to be done is to add a dash to the URL that SpamAssassin displays. Otherwise, the "Please see" URL should be removed from the descriptions of SPF_FAIL and SPF_HELO_FAIL.