[Fwd: Re: No SPF_FAIL flag, why?]

[Russell Jones]

Forgot to put this address in CC. In case anyone is interested in following the convo: -------- Original Message -------- Subject: Re: No SPF_FAIL flag, why? Date: Wed, 27 Feb 2008 13:27:52 -0600 From: Russell Jones <[EMAIL PROTECTED]> To: SM <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> That doesn't make sense. Maybe I am misunderstanding this. From openspf.org: What does SPF actually DO? Suppose a spammer forges a hotmail.com address and tries to spam you. They connect from somewhere other than Hotmail. When his message is sent, you see MAIL FROM: <[EMAIL PROTECTED]>, but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network. (In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail. If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it's a forgery. That's how you can tell it's probably a spammer. If what you said is right, why does SPF only look at the return-path address and not the From: address? Nobody pays attention to return-path, they only look at From to see who their mail client says the email address is from. SM wrote: At 11:02 27-02-2008, Russell Jones wrote: This email was received and is very much spam, (February 77% off, Viagra HTML spam), and was sent to this user FROM this user (which they obviously did not spam themselves). What can I do to make the score higher than what it was scored, as well as why didn't the SPF fail? The record for pittershawn.com has an SPF record that clearly states it can only come from 1 IP address. SPF checks are done on the return-path only and not the address in the From: header. The was a BAYES_00 hit.  That is wrong you consider the email as spam.  Retrain Bayes. Regards, -sm