Hi! On 01/12/2025 16:16, Matija Nalis wrote: > Full list of SA results (including SPF_*, DKIM_* and DMARC_*) would help... > > Also, does passing the problematic message through "spamassassin -D -t" > reveal any extra information relating to SPF, DKIM and DMARC?
Out of curiosity I updated to Mail::DMARC-20250805 ... and it works correctly now. So it seems not to be a SpamAssassin issue. But looking at the changes since 20211209 I do not understand why. There was no need for lc()'ing the domains in my samples to match them. And the only other relevant change seems to be this one https://github.com/msimerson/mail-dmarc/pull/248 My only examples from ghost.io are not quite debug friendly as well, since they carry a x= field in the DKIM-Signature with a delta of only 7200 seconds. The original results contained: DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,DMARC_NONE,SPF_HELO_NONE,SPF_PASS Now I get a DMARC_PASS even with only SPF_PASS since the expired Sig correctly causes DKIM_INVALID. With 20211209 and expired Sig I see: dbg: DMARC: using Mail::DMARC::PurePerl for DMARC checks dbg: DMARC: result: fail, disposition: none, dkim: fail, spf: fail (spf: pass, spf_helo: fail) With 20250805 ... dbg: DMARC: using Mail::DMARC::PurePerl for DMARC checks dbg: DMARC: Evaluated DMARC record "v=DMARC1; rua=mailto:...; p=none" for domain m.ghost.io dbg: DMARC: result: pass ... interesting ... for domain m.ghost.io ... not ghost.io. Both versions contained a public_suffix_list containing at least "io" to properly handle the domains in questions. It looks like at least SPF aligns correctly now. DKIM is unknown due to the expired sig. Greetings, Wolfgang
