I use a separate SPF component (https://crates.io/crates/spf-milter). It conveys SPF results for both HELO and MAIL FROM identity, each in its own Authentication-Results header:
Authentication-Results: mail.gluet.ch; spf=fail smtp.mailfrom=bounces.amazon.co.jp Authentication-Results: mail.gluet.ch; spf=fail smtp.helo=bounces.amazon.co.jp I remember asking here if SpamAssassin is able to use these instead of doing its own SPF queries. Now with debug logging on, I see that SpamAssassin isn’t actually using these results: May 17 20:11:06 mail spf-milter[836]: bounces.amazon.co.jp (helo): fail May 17 20:11:06 mail spf-milter[836]: gexymv...@bounces.amazon.co.jp (mailfrom): fail May 17 20:11:07 mail spf-milter[836]: 8599A400D309: adding Authentication-Results header May 17 20:11:07 mail spf-milter[836]: 8599A400D309: Authentication-Results: mail.gluet.ch; spf=fail smtp.helo=bounces.amazon.co.jp May 17 20:11:07 mail spf-milter[836]: 8599A400D309: adding Authentication-Results header May 17 20:11:07 mail spf-milter[836]: 8599A400D309: Authentication-Results: mail.gluet.ch; spf=fail smtp.mailfrom=bounces.amazon.co.jp May 17 20:11:07 mail spamd[11230]: spf: checking to see if the message has a Received-SPF header that we can use May 17 20:11:07 mail spamd[11230]: spf: checking HELO (helo=bounces.amazon.co.jp, ip=160.251.60.97) ... Is this a bug in the SPF plugin? Do I need to set something in my config? I’m using SpamAssassin 3.4.4-1ubuntu1.1 on Ubuntu Server 20.04.