[opendmarc-users] SPF checks passing when they shouldn't?

Karl Pielorz kpielorz_lst at tdx.co.uk
Wed Aug 12 12:40:12 PDT 2015


Hi,

I'm new to OpenDMARC - I've installed opendmarc-1.3.1 - and I've run into 
issues with SPF checking.

I've set OpenDMARC to not trust previously added SPF results, and to do the 
tests itself, i.e. in the config file:

"
SPFIgnoreResults true
SPFSelfValidate true
"

I did find the following issue:

  <http://sourceforge.net/p/opendmarc/tickets/120/>

I've patched for that now (previously I'd noticed a lot of 'spf=pass' when 
it shouldn't) - but I'm still seeing SPF issues, e.g.

"
Received: from 46.130.47.36 (36.47.130.46.in-addr.mts.am [46.130.47.36] 
(may be forged))
	by myserver.com (8.14.9/8.14.9) with SMTP id t4BHt3Sa053715
	for <my-address at somewhere.com>; Tue, 11 Aug 2015 18:52:08 +0100 (BST)
Authentication-Results: myserver.com; dmarc=none header.from=apple.co.uk
Authentication-Results: myserver.com; spf=pass 
smtp.mailfrom=accountsuspended at apple.co.uk
Authentication-Results: myserver.com; dkim=none
	reason="no signature"; dkim-adsp=none (unprotected policy)
From: "Apple security UK" <accountsuspended at apple.co.uk>
"

That shows "spf=pass". Admittedly there is *no* TXT SPF record for 
'apple.co.uk' (that I can see) - but shouldn't it show as something other 
than 'pass'? e.g. 'spf=none' or something?

Cheers,

-Karl


More information about the opendmarc-users mailing list