This article contains the complete list of known issues with the latest ORF 6.9.2 release. For known issues in previous versions, please see our related KB article.

SPF Test IPv6 verification failure

Published

First published on March 14, 2025.

Description

Emails from IPv6 senders may incorrectly fail the SPF verification check due to a bug in the SPF Test module that affects the handling of IPv6 addresses when ORF's built-in DNS resolver is used. This issue specifically arises during the evaluation of the SPF record under the following conditions:

• The "a" or "a:{domain}" mechanism is resolved, and an (IPv6) AAAA record is returned
• The "mx" or "mx:{domain}" mechanism is resolved, and an (IPv6) AAAA record is returned
• The "ptr" or "ptr:{domain}" mechanism is resolved, and an (IPv6) AAAA record is returned (as a result of the forward lookup on the PTR domain)
• The "%{i}" macro expression is expanded to the IPv6 address of the sender

Note: This issue does not affect IPv6 addresses specified in the "ip6:" mechanism within SPF records, other IPv6-related functionalities in the program, or emails from IPv4 senders, regardless of the DNS resolver used.

Workaround

To avoid possible SPF verification issues, configure ORF to use an external DNS server:

1. Start the ORF Administration Tool and connect to the local or remote instance
2. Open the DNS Settings (System > Network Settings > DNS Settings)
3. Select the Use external DNS servers option
4. Add one or more local DNS servers to the list (do not use public or ISP DNS resolvers)
5. Click Ok
6. Save the ORF configuration (Ctrl + S) to apply the new settings