From b158336451555e0ca567950634dff3e064d2f21c Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Thu, 26 Mar 2026 09:51:29 +0700
Subject: [PATCH] Filter Received-SPF header by receiver hostname

Ensures parseLegacySPF only trusts Received-SPF headers where the
receiver= field matches the configured receiverHostname, preventing
incorrect SPF results from unrelated receivers.
---
 pkg/analyzer/authentication_spf.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkg/analyzer/authentication_spf.go b/pkg/analyzer/authentication_spf.go
index 479c325..fc41e3c 100644
--- a/pkg/analyzer/authentication_spf.go
+++ b/pkg/analyzer/authentication_spf.go
@@ -63,6 +63,16 @@ func (a *AuthenticationAnalyzer) parseLegacySPF(email *EmailMessage) *api.AuthRe
 		return nil
 	}
 
+	// Verify receiver matches our hostname
+	if a.receiverHostname != "" {
+		receiverRe := regexp.MustCompile(`receiver=([^\s;]+)`)
+		if matches := receiverRe.FindStringSubmatch(receivedSPF); len(matches) > 1 {
+			if matches[1] != a.receiverHostname {
+				return nil
+			}
+		}
+	}
+
 	result := &api.AuthResult{}
 
 	// Extract result (first word)