On 07/11, Josef Karliak wrote: > within a few days we've spams from domains that has "+all" in the > TXT spf record. I was thinking that I'll make a plugin that check > this records and add some point to this email, but I do not know
Your best chance may be to open a spamassassin bug requesting it. I'd guess it wouldn't be too hard to add to the existing SPF plugin. The more information you can provide showing this happens with spam, and does not tend to happen with non-spam, the better. It would get run through the re-scoring process with a testing flag to determine if it's actually useful, and what the optimal score is, before being published via sa-update. Well, you'd also need to update your SPF plugin to be able to use it.... "v=spf1 +all" The domain owner thinks that SPF is useless and/or doesn't care. - http://www.openspf.org/SPF_Record_Syntax That's a *really* unprofessional way to say "Everything in this domain passes SPF." Huh, the spamassassin SPF plugin uses Mail::SPF, and... I'm not sure it's possible to get a copy of the SPF record to check it for containing "+all". Anybody else see how? On 07/11, Martin Gregorie wrote: > All SPF can do is check that the sender has a valid IP for that domain, > i.e. that the sender's domain wasn't forged. SPF cannot and should not > be used to flag mail as spam if the sender is a legitimate member of the Yeah, but there are lots of perfectly valid things that show up in emails that correlate usefully to spam which, in combination, are useful in determining which emails are spam and which are not. If adding 0.2 points to all emails from a domain with +all in a SPF record increases the spam caught without increasing false positives significantly, it could be worth doing. -- "You will need: a big heavy rock, something with a bit of a swing to it... perhaps Mars" - How to destroy the Earth http://www.ChaosReigns.com
