On 4/23/21 9:26 AM, Jaroslaw Rafa wrote: > > All these emails can - and usually do - perfectly pass SPF/DMARC check. So > it is a huge mistake to treat SPF/DMARC as an anti-spam measure and a > positive SPF/DMARC check as an indicator that the message is not spam. It > has nothing to do with the message being spam/non-spam.
My comment to this is that yes, if they setup their system to pass SPF/DMARC, then it will pass that test. But then you can use classic reputation of domain to decide that this is likely some unknown spammer, and maybe even after a bit (since it has SOME cost to setup the domains, they will tend to reuse them) you can be sure those messages are spam. It also says that user side 'block' lists become usable again, as every message won't have a totally new domain. Yes, positive SPF/DMARC check by itself doesn't mean a lot, just that it allows other tests to means something. -- Richard Damon
