I had a customer complain about being unable to receive e-mail from a particular site. Upon examining the logs, I saw errors from our spf policy checker. This is a perl script that looks up a domain and checks the spf records to be sure that the server attempting to deliver e-mail for that domain is a legitimate server for that domain. It was failing even though the records looked legitimate and the server was in the allowed list.
I Googled the error and found a note from the author saying it was caused by a change in systemd resolver but that he had fixed it in the spf script and the new fixed version was available from cpan. I installed the version on span and so far the only spf rejections I’ve seen are legitimate so I believe this problem is fixed.