On 4 Nov 2020, at 9:47, Victor Sudakov wrote: > Dear Colleagues, > > Why does SpamAssassin (Debian 10, SpamAssassin 3.4.2) not count an SPF > check fail as a symptom of spam? That's what I see in the spam report: > > 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) > > No spam points for an SPF fail?
Technically that's 0.001, because it is used in 'meta' rules and so must not be scored at 0. With Bayes disabled it gets more weight: 0.919. Those appear to have been determined based on a "GA" rescore run some time ago. The latest network mass-check (https://ruleqa.spamassassin.org/20201031-r1883012-n/SPF_FAIL/detail) indicates that SPF_FAIL is not a very good performer on its own. > And it's even a hard fail (a "-all") in > this case. > > I can probably bump up the score for SPF_FAIL but would like to know > first why it is a 0.0 by default. This was probably someone's > well-grounded decision? Yes. 1. Incorrect SPF records are not rare. Even '-all' records with some permitted IPs. 2. Traditional (/etc/aliases, ~/.forward, etc.) transparent forwarding breaks SPF. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
signature.asc
Description: OpenPGP digital signature
