On Mon, 2013-06-17 at 18:51 +1200, Jason Haar wrote: > On 17/06/13 16:14, Benny Pedersen wrote: > > Jason Haar skrev den 2013-06-17 00:48: > > > >> That's it - I'm removing SPF... > > > > hardfail is for mta, softfails is for spamassassin, if your mta accept > > hardfail spf, then you self ask for it > > > ?? SA scores hardfails as 0.0 due to the high positive rate. Therefore > blocking on SPF hardfails must lead to a high FP rate too? If your > organization is willing to live with valid email being bounced, fine - > but I'm going to listen to our SA overlords on this one... > My understanding is that the score SA assigns to SPF is irrelevant. SPF's purpose is to prevent backscatter. It does that by giving any site that receives an undeliverable message the means to recognise the forgery: if the sending IP is outside the range published in an '-all' SPF record its definitely a forgery and if its in an '~all' SPF record in might be forged. Its pointless to send a rejection message if the undeliverable message has a forged sender, so most sites don't do that. As a result, you don't get backscatter if a spammer is forging your address as the sender of his spam.
SPF isn't, and never was AFAIK, a useful way to recognise spam that is sent directly to you. At least, that is the basis for my use of SPF. I've got almost no backscatter since I set up an SPF record. If it happens to add a small amount to a spam score that's a bonus, but I don't in any way rely on it to flag up spam. Martin > (...or the SA score is incorrect of course. This thread is a bit of a > challange - here we have an example of SA saying one thing, and everyone > else [well, 3 people ;)] saying "block hardfails" on the other. One must > be right and the other wrong...?) >
