On 2021-11-30 at 13:47:36 UTC-0500 (Tue, 30 Nov 2021 11:47:36 -0700)
Philip Prindeville <philipp_s...@redfish-solutions.com>
is rumored to have said:
Hi,
I'm looking at the 0.001 scoring for SPF_NONE and scratching my head.
This was discussed a bit in early 2015, but maybe it needs revisiting
with new perspective.
Surely no one who cares about maintaining their reputation by
protecting themselves against spoofing would fail to provide SPF
records...
Surely no one who cares about the security of their email would run
their own on-premises Exchange...
Having started my sysadmin career less than 30 years ago, I never have
been exposed to an Internet where the dominant visible feature of my
fellow admins has been operational competence. We're all a bunch of
bozos making stupid mistakes...
So how is this score arrived at?
In theory, it is set in concert with all of the other default rules by
periodic analyses of the scoring of spam and ham corpora submitted by
members of the SA community. As a 'network' rule, it is only included in
analysis weekly.
In practice, it is nailed down at a tiny non-zero value because
otherwise it would not be "good enough" to publish and demand has been
expressed for its publication.
And of Ham, how much of it has a valid SPF?
Recently: 90.1202%
And of Spam, how much of it lacks a valid SPF?
Recently: 65.3614%
Has anyone run some numbers?
Yes. See https://ruleqa.spamassassin.org/. The numbers above are drawn
from the last "network masscheck" accessible there.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
