SA Bugzilla – Bug 7911
SPF plugin does not recognise multiple results in a single Authentication-Results header
Last modified: 2021-05-22 13:57:27 UTC
RFC 8601 is the current specification of the Authentication-Results header. According to section 4 of RFC 8601, multiple results may be conveyed either in multiple Authentication-Results header fields or in a single one: > An MTA compliant with this specification adds this header field > (after performing one or more message authentication tests) to > indicate which MTA or ADMD performed the test, which test was > applied, and what the result was. If an MTA applies more than one > such test, it adds this header field either once per test or once > indicating all of the results. An MTA MUST NOT add a result to an > existing header field. For SPF, I interpret this to mean that the following two forms are equivalent: 1) Authentication-Results: mail.example.org; spf=pass smtp.mailfrom=example.com Authentication-Results: mail.example.org; spf=pass smtp.helo=mail.example.com 2) Authentication-Results: mail.example.org; spf=pass smtp.helo=mail.example.com; spf=pass smtp.mailfrom=example.com The SpamAssassin SPF plugin recognises both HELO and MAIL FROM results in the first form shown above, but not in the second form. In the second form it only recognises the last result. The SPF plugin should treat both forms the same and should be able to recognise both results in the second form, too.
I think AuthRes (Bug 6918) can correctly parse such in Bug 6918, so SPF.pm should just make use if it's results I think.