Interesting. About what I see in the code, the internal spf check is strictly designed around DMARC. It returns only ** result -- DMARC_POLICY_SPF_OUTCOME_NONE
** or DMARC_POLICY_SPF_OUTCOME_PASS
** or DMARC_POLICY_SPF_OUTCOME_FAIL
** or DMARC_POLICY_SPF_OUTCOME_TMPFAIL
Ticket 167 fixes a NONE result.
But no neutral, softfail is expected... And following DMARC standard it checks the helo only to fake otherwise null sender address.
So this check could be poor if it is intended in a separate reputation level, outside DMARC.
...anyway I agree this is a BUG because all AR headers written by OpenDMARC should report results compliant to SPF standard.
Last edit: Marco Favero 2016-05-19
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd say this is like #169 and related again to #167.
Interesting. About what I see in the code, the internal spf check is strictly designed around DMARC. It returns only
** result -- DMARC_POLICY_SPF_OUTCOME_NONE ** or DMARC_POLICY_SPF_OUTCOME_PASS ** or DMARC_POLICY_SPF_OUTCOME_FAIL ** or DMARC_POLICY_SPF_OUTCOME_TMPFAILTicket 167 fixes a NONE result.
But no neutral, softfail is expected... And following DMARC standard it checks the helo only to fake otherwise null sender address.
So this check could be poor if it is intended in a separate reputation level, outside DMARC.
...anyway I agree this is a BUG because all AR headers written by OpenDMARC should report results compliant to SPF standard.
Last edit: Marco Favero 2016-05-19
Will look into this for 1.4.0.