SpamAssassin now adds a point whenever the HELO name is forged but the SPF check on that HELO name passes. Looking through our logs, the major offender here seems to be outlook.com. For examples,
helo : NAM11-CO1-obe.outbound.protection.outlook.com ip : 40.107.220.95 dig $helo A : 23.103.198.207 dig $helo TXT: v=spf1 include:spf.protection.outlook.com -all helo : nam11-dm6-obe.outbound.protection.outlook.com ip : 40.107.223.121 dig $helo A : 23.103.135.207 dig $helo TXT: v=spf1 include:spf.protection.outlook.com -all ... All of them have the same generic SPF record, which is fine, and so they all pass the HELO SPF check. But that means that every outbound outlook.com server with a HELO that doesn't resolve to its IP is getting hit with an extra spam point. I know these aren't real servers and these aren't real names and there aren't real humans in charge over there et cetera =) But if the names can be made to match when an SPF record is present, it would eliminate a penalty that's getting added to a lot of outlook.com mail. _______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
