Re: SPF Scores

Sat, 09 Sep 2006 04:21:26 -0700 

Michael Scheidell wrote:

-----Original Message-----
From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, September 08, 2006 10:11 PM 
To: Michel Vaillancourt
Cc: Spamassassin List (E-mail)
Subject: Re: SPF Scores


Why, or to what end, would you want to adjust the scores?


Because if there is a DNS failure, SA triggers SPF_SOFTFAIL, which has a
very high score higher then HARD_FAIL in face!)

So, SPF_SOFTFAIL either needs to be scored LOW, or (even if the RFC's
say a DNS failure is a SOFT_FAIL) I am tired of explaining to users that
get email from AOL and their buggy, overloaded DNS servers.

(yes, I looked up the ip address and pulled a txt record from aol, and
yes, the ips are in the range, and yes, I have gotten SPF_SOFTFAIL from
domains without any spf records)
Bug 5077 includes a one line patch to fix this. It'll be included in 3.1.6 but is trivial to apply by hand now. 

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5077



So, score SPF_HARDFAIL* high enough to be at least half your score, and
drop SPF_SOFTFAIL to only about 20% of your score.

Ie: if you are looking for a 6 to be marked 'spam', set HARD to 3, set
soft to 1.5.

Also, logically, why is spt_helo_fail a 0, and softfail 2+? And FAIL
lower then SOFTFAIL,
I know the tests seem to indicate that spammers are using spf records
:-(  but logically, it doesn't make sense (especially in the light of
the rfc's that say a legitimate email, with a server with valid spf
records with a slow or overloaded dns server on their end or YOUR end
should be marked as a SPF_SOFTFAIL)
From what I've seen, most domains use soft fail so any spam forging those domains will hit soft fail. Many domains that use hard fail end up hard failing their own ham. Thus the scores ended up the way they are.
I wouldn't increase the score for *any* of the SPF tests. Especially if any of your users might (might because you never know what the heck your users are doing) are forwarding mail to the accounts you are processing.
IMO, SPF in the current landscape is really only reliable for whitelisting purposes. There are currently way too many organizations sending mail on behalf of third parties using that third party's address in the envelope. 


Daryl

Reply via email to