SPF

[William Burns]

<x-flowed>
Joshua:

Hirsh, Joshua wrote:

>>If you're NOT going to assign a negative Spam Assassin value for SPF
>>servers, then why SPF enable Spam Assassin at all?
>>
>>
>
> Not assigning a negative value to valid SPF sites doesn't really concern
>me, of course everyone is free to do as they please.
>
> Assigning a very high positive value to sites that fail SPF tests is the
>key, which is the entire point of adding the support in SpamAssassin. You
>know.. for catching SPAM. ;-)
>
>
D'oh!
Ah yes, "catching" SPAM.... It's a good thing!
But in this case, why bother "catching", or even looking at it at all?
If you want to use SPF, have the MTA reject SPF failures up-front.

At the moment, most domains do not have SPF configured, so you can't
regard that as "failing" SPF.

The only time mail "fails" SPF, it tells you that the sender domain is
dis-owning or dis-avowing this mail. Disregarding the possibility of a
mis-configuration on the part of the sender domain, it is 100% known to
be forged. This isn't like a blacklist where there can be some
difference of opinion. The MTA should reject this mail outright.

If for some reason, your MTA just doesn't support SPF, or you don't have
the mental energy to implement it then, by-all-means, use SA to clobber
it w/ a huge positive value, but that's just a band-aid for not having
the "proper" support in your MTA.
This band-aid may leave MS/SA quarantining piles of mail that should
never have been accepted, but at least you won't deliver it to your users.

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>