Perhaps the first one is for the mail-from-domain and the other is for the EHLO host?
Kind regards, Henning > -----Original Message----- > From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Brotman, Alex > Sent: Montag, 14. Dezember 2020 16:35 > To: dmarc@ietf.org > Subject: [dmarc-ietf] Multiple SPF in a single auth_results > > I'm seeing a report where the XML contains two SPF records within a single > auth_results entity. This doesn't seem correct. I found this thread: > https://stack01.cloud.nospamproxy.com/link?id=BAgAAAAfpHeh4JGMq5wA > AABTUQz3QBhcskBhLXvN_sPByIkTUJ_191QbNMs1tjGZXePYW51PlsXJiHzgxa > 2k95gYKyEvascW0xCd7vkfXGIcW-SMik1X4yMySldQ- > qHoCA66NmA7TaPPuwEtF7ZPQYLlZqdD7I5R3KNSFh2RaMp6bqp2L8XhNLlAJK > uMYUKvKSh3RMIePwJj3aMWZVgoSUPgaHbNCkaiscGIUps1 and it says it's a > bug, though, I'm a bit surprised (guess I probably shouldn't be) that this is > still > happening. Is there some part of the RFC that makes this appear like it's a > legitimate report that could be misconstrued? Is this something that should > perhaps be clarified? > > <auth_results> > <dkim> > <domain>email.peacocktv.com</domain> > <result>pass</result> > </dkim> > <spf> > <domain>bounce.email.peacocktv.com</domain> > <result>pass</result> > </spf> > <spf> > <domain>mta-218-134.sparkpostmail.com.</domain> > <result>none</result> > </spf> > </auth_results> > > Thanks > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc