Loren Wilton wrote: > >SPF_HELO_PASS, > >This might well be a negative scoring rule. Spam usually shouldn't be able >to get an SPF_PASS rating. >
Dude... SPF_HELO_PASS is an informational rule ONLY. It's there to act as a debugging aid to an admin using SPF for the first time. This rule based on trusting the "helo" string. Of course that's forgeable, but we all know that. Thats why the rule is hand-set to -0.001. Of course it's going to match spam, but the score forced to be is insignificant so who cares. Besides, it's also easy for spam to get a "real" SPF_PASS. Just export a record for spammerdomain.com which passes everything. Ye,s people always come back with an argument that you can check for pass-all SPF records, but that's shortsighted. It's pretty easy to obfuscate the fact by splitting the IP ranges up into multiple ranges, inserting holes, etc. There's millions of possible ways to obfuscate an open record so there's no point in even trying to prevent this. SPF isn't designed to prevent this, and it's not intended to. Keep your eye on the reality of what SPF is and what it is not. A passing SPF record only means the sender originated mail from a server that the domain owner has deemed acceptable. This has nothing to do with being nonspam, as the owner could be a member of ROKSO. However, at the moment, very few domains publish SPF records, and they're all spam-conscious people, so for the moment, a true SPF_PASS is a nonspam sign, but don't expect that to last.
