SPF_Fail score too low?
mailscanner at yeticomputers.com
Fri Apr 6 19:32:35 IST 2007
Kevin Miller wrote:
> I've been spending the last hour and a half going through my mail logs
> looking at spf hardfails. There's a couple in there that I'll have to
> whitelist. Guess I'll fire off a notice to the postmaster of the domain
> letting them know they need to update their records as a courtesy.
A quick grep of my logs shows 394 hardfails in the last 30 days.
Looking through it, I notice no domains that look like they need to send
us anything. I could be wrong, but my users are quite vocal. I doubt
any of them are missing email - I'd have heard about it by now. :)
In the same period, SA scored 6 spam messages with SPF_HELO_SOFTFAIL,
1209 spam messages with SPF_HELO_PASS and 1779 spams with no SPF_* entry
in the report. No spam messages fired any of the other SPF rules. I'm
not logging the SA report for "not spam" messages, so I have no idea of
how those did on the SPF tests. An SPF_PASS doesn't subtract much from
the score, but it might have made a difference in close calls.
> I had been of the mind that a softfail was more or less useless, but it
> occurred to me this morning that it can be an asset in that it
> increments the spam score.
Yep, although my own stats don't show it as helping very much. Those 6
spam messages that had a SOFTFAIL all would have been marked as spam,
even without the SPF check. The lowest scoring one was 12.029.
More information about the MailScanner