SPF_Fail score too low?

Rick Chadderdon mailscanner at yeticomputers.com
Fri Apr 6 16:24:17 IST 2007


Kevin Miller wrote:
> Matt Kettler wrote:
>   
>> Kevin Miller wrote:
>>     
>>> Matt Kettler wrote:
>>>
>>>       
>> snip
>> It's gotchas like that which make me suggest starting off at neutral.
>> Even though you can reliably know what machines SHOULD be allowed to
>> send mail from your domain, you might have servers that DO send mail
>> from your domain even though they should not that provide critical
>> business services. 
>>     
>
> I understand the problem, but I'm still unclear on how one test for it.
> If you put up a domain with neutral or softfail, how do you know when a
> hit occurs?  If I spoof your domain and send to a third party, they'll
> either silently drop the email or send 550 back to me.  How do *you*
> know when it's safe to walk a neutral up to softfail and from there to
> hardfail?  When I first installed spf in my dns I searched all over the
> spf web site for clues on how folks are doing that.  Never found
> anything...

There is no way to test what other users are doing with your SPF info.  
You can only look at your user complaints about mail they sent that was:

1. undelivered
2. marked as spam by someone else's spam filter

And you can look at the number of bogus virus and spam bounces you receive.

All of this is unreliable at best.  You're relying entirely on a 
statistical evaluation of your problem reports, trying to determine 
whether they've changed between your different SPF entries.  For most of 
us, we have nowhere near the volume of mail (or problem reports) that 
would be necessary to get a meaningful result from such analysis.

I suppose that you *could* fire off a few huge spam runs spoofing your 
domain from a third party server (or a botnet) and see how many of your 
messages get accepted with each of neutral, softfail and hardfail  set.  
I don't think I'd want to use this test.  :)

Rick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070406/16edbb07/attachment.html


More information about the MailScanner mailing list