Hi, There are a number of spammers who are using domains with no SPF record to get their mail through, with forged sender address domains that don't even match the IP addresses they are coming from. There are countless domains with no SPF and when none is present, ASSP doesn't appear to do any checks to see if the claimed domain matches the sender. Doing reverse lookups for PTR (DoPTRCheck) and MX (DoMXACheck) helps in some cases, but many times those records are present and do not add to any penalty scoring. For the most part, these are the only emails that are getting through our ASSP installation.
With this in mind; if the sender address is forged and there is no SPF record to validate the forgery, a penalty score should be imposed, especially when a reverse lookup for PTR is being performed. Since most legitimate domains have an SPF record, I've tried to use the "SPF NONE" (spfnonValencePB) setting in an attempt to catch more of these SPF missing emails by treating them with extreme prejudice, but that doesn't appear to be working correctly. If "Fail SPF None Responses" (SPFnone) is checked, messages claiming to come from domains with a missing SPF are scored by "SPF Failed" (spfValencePB), instead of "SPF NONE" (spfnonValencePB). If "Fail SPF None Responses" (SPFnone) is not checked, no penalty score is imposed for a missing SPF record at all. Phil Quesinberry Q Systems Engineering, Inc. Electronic Controls and Embedded Systems Development (410) 969-8002 http://www.qsystemsengineering.com ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
