SPF_Fail score too low?
Rick Chadderdon
mailscanner at yeticomputers.com
Fri Apr 6 15:48:48 IST 2007
Matt Kettler wrote:
> In the SpamAssassin 3.1.x mass-checks, SPF_FAIL had 95.5% of its matches being
> spam, and 4.5% being nonspam. Softfail on the other hand was 99.2% spam and 0.8%
> nonspam.
Was this on your own corpus? If so, how large was it? If not, do you
have a reference you can point me at? When I first started doing SPF
checks, I used Postfix's "warn_if_reject" feature to test it for a
couple of months. My hardfails were 100% spam - not a single
exception. I did not examine softfails. (I'm not sure I could have if
I'd wanted, since I don't believe they would have been logged, softfail
not being a reject.) Of course, my mail flow is pretty low, but it
looked pretty safe to me. And, since I'm rejecting it at the MTA, an
offending legit message should at least generate notification at their end.
If softfails are that high... Hm. I'll have to figure out a way to
test that on my own mail flow for a while. Might be worth it to reject
on those, too, although I believe I'll have to modify the check. If I
recall, it was hardcoded to pass on softfail and reject on hardfail.
Been a while since I looked at it.
Rick
More information about the MailScanner
mailing list