Hi,

I received an email from ncua.gov sent through Zix that apparently was an
SPF softfail. It also hit FROM_GOV_SPOOF. I wanted to see if the two were
related, or what the reason was for this email hitting so many spam rules.

meta     FROM_GOV_SPOOF  !__NOT_SPOOFED && __FROM_ADDRLIST_GOV && (!
NO_RELAYS && ! ALL_TRUSTED)
tflags   FROM_GOV_SPOOF  net publish
describe FROM_GOV_SPOOF  From Government domain but matches SPOOFED

Why is there a SPF softfail with Zix? Certainly it's possible there just so
happened to be a DNS problem at that time, but just wanted to be sure
something else wasn't happening - I don't want to wait until an email is
rejected from this sender before doing something about it.

X-Spam-Status: No, score=3.449 tagged_above=-200 required=5
 tests=[BAYES_05=-0.5, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, DMARC_NONE=0.1,
 FORGED_SPF_HELO=1, FROM_GOV_SPOOF=1, HTML_FONT_LOW_CONTRAST=0.001,
 HTML_MESSAGE=0.001, KAM_DMARC_NONE=0.25, KAM_DMARC_STATUS=0.01,
 KAM_EVIL_NUMBERS4=1, KAM_LOTSOFHASH=0.25, LOC_CDIS_INLINE=0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RELAYCOUNTRY_LOW=0.1, RELAYCOUNTRY_US=0.01,
 SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665, TXREP=-0.177,
 T_KAM_HTML_FONT_INVALID=0.01] autolearn=disabled

https://pastebin.com/8sSqYh9u

Reply via email to