SPF_Fail score too low?

[Rick Chadderdon]

Kevin Miller wrote:
> I've been spending the last hour and a half going through my mail logs
> looking at spf hardfails.  There's a couple in there that I'll have to
> whitelist.  Guess I'll fire off a notice to the postmaster of the domain
> letting them know they need to update their records as a courtesy.
>   

A quick grep of my logs shows 394 hardfails in the last 30 days.  
Looking through it, I notice no domains that look like they need to send 
us anything.    I could be wrong, but my users are quite vocal.  I doubt 
any of them are missing email - I'd have heard about it by now.  :) 

In the same period, SA scored 6 spam messages with SPF_HELO_SOFTFAIL, 
1209 spam messages with SPF_HELO_PASS and 1779 spams with no SPF_* entry 
in the report.  No spam messages fired any of the other SPF rules.  I'm 
not logging the SA report for "not spam" messages, so I have no idea of 
how those did on the SPF tests.  An SPF_PASS doesn't subtract much from 
the score, but it might have made a difference in close calls.


> I had been of the mind that a softfail was more or less useless, but it
> occurred to me this morning that it can be an asset in that it
> increments the spam score.

Yep, although my own stats don't show it as helping very much.  Those 6 
spam messages that had a SOFTFAIL all would have been marked as spam, 
even without the SPF check.  The lowest scoring one was 12.029.

Rick