https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8323
Bug ID: 8323
Summary: SPF plugin gives higher spam points for softfail
compared to fail
Product: Spamassassin
Version: 4.0.1
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: ha...@hboeck.de
Target Milestone: Undefined
I made an observation about Spamassassin's SPF ruleset that I find unexpected.
It appears the plugin gives more points to a softfail than to a fail. It likely
should be the other way round: a "fail" should be a stronger spam signal than a
"softfail".
A Mail with a Received-SPF header indicating "fail"/"softfail" for
"identity=mailfrom":
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
The difference is even more extreme for "identity=helo", where "fail" gives
zero points:
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
--
You are receiving this mail because:
You are the assignee for the bug.
