SPF_Fail score too low?

Rick Chadderdon mailscanner at yeticomputers.com
Fri Apr 6 15:48:48 IST 2007


Matt Kettler wrote:
> In the SpamAssassin 3.1.x mass-checks, SPF_FAIL had 95.5% of its matches being
> spam, and 4.5% being nonspam. Softfail on the other hand was 99.2% spam and 0.8%
> nonspam.

Was this on your own corpus?  If so, how large was it?  If not, do you 
have a reference you can point me at?  When I first started doing SPF 
checks, I used Postfix's "warn_if_reject" feature to test it for a 
couple of months.  My hardfails were 100% spam - not a single 
exception.  I did not examine softfails.  (I'm not sure I could have if 
I'd wanted, since I don't believe they would have been logged, softfail 
not being a reject.)  Of course, my mail flow is pretty low, but it 
looked pretty safe to me.  And, since I'm rejecting it at the MTA, an 
offending legit message should at least generate notification at their end.

If softfails are that high...  Hm.  I'll have to figure out a way to 
test that on my own mail flow for a while.  Might be worth it to reject 
on those, too, although I believe I'll have to modify the check.  If I 
recall, it was hardcoded to pass on softfail and reject on hardfail.  
Been a while since I looked at it.

Rick


More information about the MailScanner mailing list