On 2024-05-09 at 08:37:06 UTC-0400 (Thu, 09 May 2024 14:37:06 +0200)
Benny Pedersen <m...@junc.eu>
is rumored to have said:
Bill Cole skrev den 2024-05-09 14:22:
In fact, I can't think of any whitelist test that should pass if SPF
fails.
If you operate on the theory that a SPF failure is always a sign of
spam, you can make your SpamAssassin always trust SPF failures
absolutely. I would not recommend that. Some people screw up their
SPF records. Other people forward mail transparently, which reliably
breaks SPF. SPF is broken *by design* as a spam control tool AND as a
mail authentication tool. We knew this 20 years ago, but it remains a
useful tool if you work with its limits rather than assuming that
they do not exist.
spf domain owner asked for hardfails, so why not score spf_fail as 100
? :)
I believe that has been covered in extreme detail and redundancy here
and in other email-related fora MANY times over the past 20 years.
Domain owners do not KNOW all the paths their mail follows, even when
they think that they do. Users frequently find ways to break SPF without
doing anything wrong.
on the other hans if spf domain owner asked for softfails it would not
still be 100
but i still suggest to report to dnswl, if not dnswl none listed
Reasonable advice.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
