Hi! I found some messages which IMO get wrong DMARC results in SpamAssassin 4.0.2 because subdomain "relaxed" alignment is not honored. Compared to libopendmarc used by Exim which gets it right IMO.
The details (headers intentionally prepended with #): #Envelope-From: [email protected] #From: [email protected] #DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=m.ghost.io; q=dns/txt; s=mailgun; t=1764306658; x=1764313858; h=Message-Id: List-Unsubscribe-Post: List-Unsubscribe: Sender: Sender: To: To: From: From: Subject: Subject: Content-Type: Mime-Version: Date; #Received: from relay9.ghost.io ([143.55.233.111] helo=relay9.ghost.io) SPF for m.ghost.io and 143.55.233.111 is a PASS. DKIM sig for m.ghost.io verifies. DMARC RR says: "v=DMARC1; p=none; rua=mailto.....". nothing else. So alignment defaults "relaxed" apply. Both SPF and DKIM for m.ghost.io should "align" with From: @ghost.io IMO. But SA results in DMARC_NONE only. Not DMARC_PASS. While libopendmarc concludes via Exim: #Authentication-Results: xxx.ac.at; iprev=pass (relay9.ghost.io) policy.iprev=143.55.233.111; spf=pass smtp.mailfrom=m.ghost.io; dkim=pass header.d=m.ghost.io header.s=mailgun header.a=rsa-sha256; dmarc=pass header.from=ghost.io; arc=none Since I'm not sure if this is a Mail::DMARC or a Mail::SpamAssassin topic I'm asking here first if somebody can confirm my findings and tell me where to file it as bug if true. I'm using perl-Mail-DMARC-1.20211209-1.el8.noarch and SpamAssassin 4.0.2 with fix for #8352 applied. I read the Patch notes for Mail::DMARC changes since this release, but couldn't see anything relevant for this issue. Greetings, Wolfgang Breyha
