Re: [Fwd: Re: No SPF_FAIL flag, why?]

[Russell Jones]

I ran a spamassassin -D on the message and the biggest thing that made it take a hit was the almost 3 points it took off of the score because of the bayes db being only a 1% probability. Supposedly it says its learned spam from about 500 messages, and ham from about 5000. Maybe I should put autolearn=enabled? The domain has since been added to several blacklists and those add up points fairly fast and it would have been marked as spam now. Guess this user just got to be a guinea pig until the domain in the email was added to the lists. Matt wrote: That doesn't make sense. Maybe I am misunderstanding this. From openspf.org: What does SPF actually DO? Suppose a spammer forges a hotmail.com address and tries to spam you. They connect from somewhere other than Hotmail. When his message is sent, you see MAIL FROM: <[EMAIL PROTECTED]>, but you don't have to take his word for it. You can ask Hotmail if the IP address comes from their network. The MTA never really sees whats in the headers. It only adds to the headers. When an SMTP connection first begins the connecting MTA says helo this [EMAIL PROTECTED]. Thats what SPF looks at. The MTA then adds that as the return path to the headers. Return-path: <[EMAIL PROTECTED]> That return path looks flaky. I would think spamassassin would have some way of since its not a valid domain consider it suspect. Not sure though. Matt