Bug 7746

Summary: Mail::SPF returns apparently defunct explanation URL for SPF failures
Product: Spamassassin Reporter: John Hardin <jhardin>
Component: PluginsAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: normal CC: brian, jhardin
Priority: P2    
Version: SVN Trunk (Latest Devel Version)   
Target Milestone: Undefined   
Hardware: PC   
OS: Linux   
Whiteboard:

Description John Hardin 2019-08-23 18:12:59 UTC
When SPF fails, the generated SA rule hit header contains a URL for explaining the rejection, for example:

SPF_FAIL SPF: sender does not match SPF record (fail)
    *      [SPF failed: Please see
    http://www.openspf.net/Why?s=mfrom;id=wondersofalaska%40teesfortogo.com;ip=216.194.119.194;r=ga.impsec.org]

The openspf.net (and openspf.org) websites appear to be having long-term reachability issues and may be defunct, so this URL isn't currently very useful.

If openspf.net *is* defunct, we should provide an analysis URL that works, or not provide it at all.

The URL is currently the default as provided by Mail::SPF (which is fairly old now). It is possible to override it - see https://metacpan.org/pod/Mail::SPF::Server

An upstream bug should probably be filed with CPAN to get the default fixed, but that doesn't help current SA installs, so we should probably override anyway.
Comment 2 Brian Kendig 2021-08-06 14:36:43 UTC
It looks like openspf.org has been replaced by open-spf.org, which does have a "Why" page in place: http://www.openspf.org/Why

If this is a legitimate site, then all that needs to be done is to add a dash to the URL that SpamAssassin displays.

Otherwise, the "Please see" URL should be removed from the descriptions of SPF_FAIL and SPF_HELO_FAIL.