I’ve never seen a false positive with USER_IN_DEF_SPF_WL.
> On Mar 20, 2023, at 1:48 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
>
>> Am 20.03.23 um 18:44 schrieb Mark London:
>> It seems like it too high a negative score.
>
> then adjust it in local.cf
>
> the point of a WL is exactly to WL something - and yes, it can happen that
> spam comes from a whitelisted source
>
> for example when some employeer of your bank has malware on his machine -
> would you want regular mails from your bank at the risk of FP and lose money
> just because filtering can't be perfect by definition?
>
>>> On 3/20/2023 1:24 PM, Reindl Harald wrote:
>>>
>>>
>>> Am 20.03.23 um 18:17 schrieb Mark London:
>>>> Can someone tell me why this paypal phishing email, managed to trigger
>>>> USER_IN_DEF_SPF_WL?
>>>> Or put it another way. Why wasn't it detected as a phishing email? Thanks.
>>>
>>> Becasue it was a SPF hit and the envelope sender is in USER_IN_DEF_SPF_WL?
>>> frankly - what else do you expect to hear?
>